MyCity » Ambulanta -> Arhiva Ambulante » User32.dll

User32.dll

Napisano na dan: 21.1.2009

Strana:
1
2

User32.dll

Sledeća strana

Pagination

Odgovori

Strana:
1
2

Milenkopfc Poslao: 21 Jan 2009 01:30 Idi na vrh
offline Milenkopfc Novi MyCity građanin Pridružio: 21 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Znaci ubija me ovo...ovaj stupid user32.dll Ne mogu mu nista ni avast,ni nod,ni gomila programa (ccleaner,puno malware programa,jednostavno je neunistiv ) Evo screen-a,znaci to mi non-stop izlazi poludeo sam.... A evo i loga iz hijack Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:29:01, on 1/21/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Google\Google Talk\googletalk.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Skype\Phone\Skype.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\pes\TR3.exe.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - C:\Program Files\Mario Forever Toolbar\v2.0.0.3\Mario_Forever_Toolbar.dll O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Pinnacle WebUpdater] "C:\Program Files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe" -s -f=UpdateVersion.xml -url=http://cdn.pinnaclesys.com/SupportFiles O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- End of file - 6307 bytes

Profil

dr_Bora Poslao: 21 Jan 2009 17:40 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin : Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje). * Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora; * Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection. * Na sledece pitanje klikni Yes. Takođe, isključi i MBAM Protection modul. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

Milenkopfc Poslao: 21 Jan 2009 21:24 Idi na vrh
offline Milenkopfc Novi MyCity građanin Pridružio: 21 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-21.01 - Administrator 2009-01-21 21:17:13.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.119 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))) . 2009-01-21 00:30 . 2009-01-21 00:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-21 00:30 . 2009-01-21 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-21 00:30 . 2009-01-21 00:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-21 00:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-21 00:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-20 23:57 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-20 23:55 . 2009-01-20 23:55 <DIR> d-------- c:\program files\ESET 2009-01-20 19:32 . 2009-01-20 19:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI 2009-01-20 15:41 . 2001-09-24 17:43 232 --------- c:\windows\XIIIHooligans.ini 2009-01-19 18:08 . 2009-01-19 18:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc 2009-01-19 15:27 . 2009-01-20 15:41 <DIR> d-------- c:\program files\Hooligans 2009-01-19 01:10 . 2009-01-21 05:17 <DIR> d-------- C:\CD 2009-01-18 23:05 . 2009-01-18 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr 2009-01-17 15:15 . 2009-01-17 15:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2009-01-17 15:15 . 2009-01-17 15:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI 2009-01-17 15:05 . 2009-01-17 15:05 <DIR> d-------- c:\program files\Common Files\ATI Technologies 2009-01-17 14:58 . 2007-04-18 13:19 2,096 -ra------ c:\windows\system32\drivers\ativdkxx.vp 2009-01-17 14:57 . 2009-01-17 15:12 <DIR> d-------- c:\program files\ATI Technologies 2009-01-17 14:50 . 2009-01-17 14:50 0 --a------ c:\windows\ativpsrm.bin 2009-01-17 14:48 . 2007-08-21 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe 2009-01-17 14:47 . 2009-01-17 14:47 <DIR> d-------- C:\ATI 2009-01-17 13:44 . 2009-01-17 13:44 108,144 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-17 13:37 . 2009-01-17 13:37 <DIR> d-------- c:\program files\JoWooD 2009-01-16 03:54 . 2009-01-16 03:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\VitySoft 2009-01-15 21:25 . 2009-01-17 02:20 160 --a------ c:\windows\mafosav.INI 2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\program files\Mario Forever Toolbar 2009-01-14 23:23 . 2009-01-14 23:23 325,346 --a------ c:\windows\Mario_Forever_Toolbar_Uninstaller_3343.exe 2009-01-14 23:22 . 2009-01-14 23:22 <DIR> d-------- c:\program files\Mario Forever 2009-01-10 18:33 . 2009-01-10 18:33 <DIR> d-------- c:\program files\Play+Smile 2009-01-10 18:33 . 2005-04-14 16:33 3,638 --ah----- c:\windows\ps.ico 2009-01-07 22:57 . 2009-01-15 02:14 <DIR> d-------- c:\program files\Counter-Strike 1.6 2009-01-06 19:53 . 2009-01-06 19:54 <DIR> d-------- c:\program files\CCleaner 2009-01-06 03:47 . 2009-01-06 03:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\iTurnOff 2009-01-05 16:16 . 2009-01-05 16:16 19,456 --ahs---- C:\Thumbs.db 2009-01-05 16:16 . 2009-01-05 16:16 7,680 --ahs---- c:\windows\Thumbs.db 2009-01-05 16:03 . 2009-01-05 16:03 <DIR> d-------- c:\program files\Image Grabber II 2009-01-05 01:15 . 2009-01-05 01:16 <DIR> d-------- c:\program files\YouTube Downloader 2009-01-03 00:18 . 2009-01-11 02:51 <DIR> d-------- c:\program files\URUSoft 2009-01-02 21:35 . 2009-01-02 21:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\smc 2009-01-02 21:31 . 2009-01-05 02:50 <DIR> d-------- c:\program files\Secret Maryo Chronicles 2009-01-01 14:56 . 2009-01-01 14:56 <DIR> d--h----- c:\windows\PIF 2008-12-31 15:19 . 2008-12-31 15:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue 2008-12-29 20:30 . 2008-12-29 20:30 <DIR> d-------- c:\program files\Alwil Software 2008-12-27 17:27 . 2008-12-27 17:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\www.pro-evo.xooit.fr 2008-12-27 11:23 . 2008-12-27 11:24 <DIR> d-------- c:\program files\The KMPlayer 2008-12-24 12:57 . 2009-01-03 02:48 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-24 12:57 . 2008-12-24 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-24 12:57 . 2008-12-24 12:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-12-24 12:56 . 2008-12-24 12:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-21 03:04 . 2008-12-21 03:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Delayed Shutdown . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 20:18 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-01-21 15:09 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-20 19:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-01-20 18:03 --------- d-----w c:\program files\7-Zip 2009-01-20 14:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-17 14:05 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-17 01:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-14 13:40 94,208 ----a-w c:\windows\DUMP830a.tmp 2009-01-14 13:40 94,208 ----a-w c:\windows\DUMP66d8.tmp 2009-01-09 20:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-06 13:36 --------- d-----w c:\program files\Messenger Plus! Live 2008-12-30 21:48 --------- d-----w c:\program files\Windows Live 2008-12-28 15:35 --------- d-----w c:\documents and settings\Administrator\Application Data\Hoyle 2008-12-18 19:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector 2008-12-18 19:21 --------- d-----w c:\program files\Microsoft 2008-12-18 19:17 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-18 18:39 --------- d-----w c:\program files\Common Files\Windows Live 2008-12-15 00:43 --------- d-----w c:\documents and settings\Administrator\Application Data\Hoyle FaceCreator 2008-12-14 23:22 --------- d-----w c:\program files\Encore 2008-12-14 23:06 --------- d-----w c:\program files\Alcohol Soft 2008-12-14 15:57 603,904 ----a-w c:\windows\system32\TUProgSt.exe 2008-12-14 01:05 --------- d-----w c:\program files\eMule 2008-12-14 01:01 --------- d-----w c:\program files\Sony 2008-12-10 21:45 --------- d-----w c:\program files\Real Alternative 2008-12-09 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\InterAction studios 2008-12-09 01:14 --------- d-----w c:\program files\Chicken Invaders 3 2008-12-09 01:13 --------- d-----w c:\program files\ReflexiveArcade 2008-12-08 21:17 --------- d-----w c:\program files\MessengerDiscovery 2008-12-08 12:51 577,024 ------r c:\windows\system32\user32.DLL 2008-12-07 22:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-07 21:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-07 21:44 --------- d-----w c:\program files\Sony Setup 2008-12-03 12:41 --------- d-----w c:\program files\QuickTime Alternative 2008-12-03 12:41 --------- d-----w c:\program files\Common Files\Apple 2008-12-03 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-03 12:40 --------- d-----w c:\program files\Apple Software Update 2008-12-03 12:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-03 11:41 --------- d-----w c:\program files\JLC's Software 2008-12-03 11:40 --------- d-----w c:\program files\Webteh 2008-12-01 20:40 143,360 ------w c:\windows\system32\ati2evxx.dll 2008-12-01 19:57 48,640 ----a-w c:\windows\system32\amdpcom32.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalrt.dll 2008-12-01 19:53 45,056 ----a-w c:\windows\system32\amdcalcl.dll 2008-12-01 19:52 86,016 ----a-w c:\windows\system32\atiadlxx.dll 2008-12-01 19:50 3,252,224 ----a-w c:\windows\system32\Amdcaldd.dll 2008-11-30 11:51 --------- d-----w c:\program files\DivX 2008-11-29 19:31 --------- d-----w c:\program files\MSXML 4.0 2008-11-29 19:27 --------- d-----w c:\program files\Pinnacle 2008-11-29 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle 2008-11-23 20:22 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-23 00:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire 2008-11-22 01:03 410,976 ----a-w c:\windows\system32\deploytk.dll 2008-11-22 01:03 --------- d-----w c:\program files\Java 2008-11-22 00:30 --------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software 2008-11-22 00:29 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-11-22 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-10-21 18:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe . c:\windows\system32\user32.dll ... is infected !! 577,024 2008-12-08 12:51:26 c:\windows\system32\user32.DLL 577,024 2008-12-08 12:51:26 c:\windows\system32\dllcache\user32.dll ------- Sigcheck ------- 2008-12-08 13:51 577024 39a955067760d4f9bae8b715f09a524b c:\windows\system32\user32.DLL 2008-12-08 13:51 577024 1800f293bccc8ede8a70e12b88d80036 c:\windows\system32\dllcache\user32.dll 2002-12-31 13:00 360448 0601f83f6784c220ee302f03f702316e c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-16 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-24 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Igre\\PES 2009\\pes2009.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Igre\\JSL\\JSL_PATCH_2009.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024] R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2008-11-29 827008] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-21 15504] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-21 170640] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-11-29 6400] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] . Contents of the 'Scheduled Tasks' folder 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKLM-Run-Pinnacle WebUpdater - c:\program files\Pinnacle\Shared Files\Programs\WebUpdater\WebUpdater.exe -s -f=UpdateVersion.xml . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/intl/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\suqtakhz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-21 21:18:55 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f0,c8,03,2e,28, 01,ff,86,e2,63,26,f1,3f,c8,ff,68,bd,e8,ef,47,9d,c1,9b,ab,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dd,d6,b1,98,ab, 64,b6,a4,6a,9c,d6,61,af,45,84,18,32,85,ea,ef,50,8f,41,48,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cb,77,09,eb,45, 5f,0c,08,ff,7c,85,e0,43,d4,0e,fe,dd,df,b4,02,01,cc,9c,c1,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,95,2b,96,a8,f9, e6,c6,d6,86,8c,21,01,be,91,eb,e7,7b,10,9a,b6,74,c4,34,23,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,ab,79,0d,25,0f, b5,1a,04,f5,1d,4d,73,a8,13,5c,05,78,55,b7,b9,74,93,ae,d1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4e,21,25,bf,dd, bd,7e,be,df,20,58,62,78,6b,cf,c8,82,51,9b,9b,90,77,86,40,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3c,d4,68,79,dd, d5,23,f8,fb,a7,78,e6,12,2f,9a,ea,ee,e7,a7,df,38,ee,e2,10,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,dc,ab,3d,4c,39, 45,15,fa,01,3a,48,fc,e8,04,4a,f1,47,5f,df,f4,31,bc,e4,9d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9a,59,cb,8c,69, b4,0b,ec,f6,0f,4e,58,98,5b,89,c9,fa,17,c0,ff,d1,88,a2,9d,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c5,82,21,6e,2f, 9c,48,b9,3d,ce,ea,26,2d,45,aa,78,f4,c3,e8,32,99,01,0c,a0,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,3b,73,17,22,9e, ec,c3,b2,2a,b7,cc,b5,b9,7f,41,e7,d8,88,69,ab,a7,a5,a0,01,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5a,cc,8b,56,e0, 05,8b,38,6c,43,2d,1e,aa,22,2f,9c,0a,fa,ac,74,7d,b3,25,c9,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-01-21 21:20:45 ComboFix-quarantined-files.txt 2009-01-21 20:20:33 Pre-Run: 746,283,008 bytes free Post-Run: 1,241,231,360 bytes free 288

Profil

dr_Bora Poslao: 21 Jan 2009 21:42 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zamolio bih te da ponovo pokreneš ComboFix ali ovaj put prihvati instalaciju Recovery Console kada ti program to ponudi. Postavi log koji dobiješ na kraju postupka.

Profil

Milenkopfc Poslao: 21 Jan 2009 21:58 Idi na vrh
offline Milenkopfc Novi MyCity građanin Pridružio: 21 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-21.01 - Administrator 2009-01-21 21:47:53.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.512.123 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning disabled (Updated) . ((((((((((((((((((((((((( Files Created from 2008-12-21 to 2009-01-21 ))))))))))))))))))))))))))))))) . 2009-01-21 00:30 . 2009-01-21 00:32 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-21 00:30 . 2009-01-21 00:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-21 00:30 . 2009-01-21 00:30 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes 2009-01-21 00:30 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-21 00:30 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-20 23:57 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-20 23:55 . 2009-01-20 23:55 <DIR> d-------- c:\program files\ESET 2009-01-20 19:32 . 2009-01-20 19:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI 2009-01-20 15:41 . 2001-09-24 17:43 232 --------- c:\windows\XIIIHooligans.ini 2009-01-19 18:08 . 2009-01-19 18:12 <DIR> d-------- c:\documents and settings\Administrator\Application Data\vlc 2009-01-19 15:27 . 2009-01-20 15:41 <DIR> d-------- c:\program files\Hooligans 2009-01-19 01:10 . 2009-01-21 05:17 <DIR> d-------- C:\CD 2009-01-18 23:05 . 2009-01-18 23:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\eboostr 2009-01-17 15:15 . 2009-01-17 15:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI 2009-01-17 15:15 . 2009-01-17 15:15 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ATI 2009-01-17 15:05 . 2009-01-17 15:05 <DIR> d-------- c:\program files\Common Files\ATI Technologies 2009-01-17 14:58 . 2007-04-18 13:19 2,096 -ra------ c:\windows\system32\drivers\ativdkxx.vp 2009-01-17 14:57 . 2009-01-17 15:12 <DIR> d-------- c:\program files\ATI Technologies 2009-01-17 14:50 . 2009-01-17 14:50 0 --a------ c:\windows\ativpsrm.bin 2009-01-17 14:48 . 2007-08-21 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe 2009-01-17 14:47 . 2009-01-17 14:47 <DIR> d-------- C:\ATI 2009-01-17 13:44 . 2009-01-17 13:44 108,144 --a------ c:\windows\system32\CmdLineExt.dll 2009-01-17 13:37 . 2009-01-17 13:37 <DIR> d-------- c:\program files\JoWooD 2009-01-16 03:54 . 2009-01-16 03:54 <DIR> d-------- c:\documents and settings\Administrator\Application Data\VitySoft 2009-01-15 21:25 . 2009-01-17 02:20 160 --a------ c:\windows\mafosav.INI 2009-01-14 23:23 . 2009-01-14 23:23 <DIR> d-------- c:\program files\Mario Forever Toolbar 2009-01-14 23:23 . 2009-01-14 23:23 325,346 --a------ c:\windows\Mario_Forever_Toolbar_Uninstaller_3343.exe 2009-01-14 23:22 . 2009-01-14 23:22 <DIR> d-------- c:\program files\Mario Forever 2009-01-10 18:33 . 2009-01-10 18:33 <DIR> d-------- c:\program files\Play+Smile 2009-01-10 18:33 . 2005-04-14 16:33 3,638 --ah----- c:\windows\ps.ico 2009-01-07 22:57 . 2009-01-15 02:14 <DIR> d-------- c:\program files\Counter-Strike 1.6 2009-01-06 19:53 . 2009-01-06 19:54 <DIR> d-------- c:\program files\CCleaner 2009-01-06 03:47 . 2009-01-06 03:48 <DIR> d-------- c:\documents and settings\Administrator\Application Data\iTurnOff 2009-01-05 16:16 . 2009-01-05 16:16 19,456 --ahs---- C:\Thumbs.db 2009-01-05 16:16 . 2009-01-05 16:16 7,680 --ahs---- c:\windows\Thumbs.db 2009-01-05 16:03 . 2009-01-05 16:03 <DIR> d-------- c:\program files\Image Grabber II 2009-01-05 01:15 . 2009-01-05 01:16 <DIR> d-------- c:\program files\YouTube Downloader 2009-01-03 00:18 . 2009-01-11 02:51 <DIR> d-------- c:\program files\URUSoft 2009-01-02 21:35 . 2009-01-02 21:37 <DIR> d-------- c:\documents and settings\Administrator\Application Data\smc 2009-01-02 21:31 . 2009-01-05 02:50 <DIR> d-------- c:\program files\Secret Maryo Chronicles 2009-01-01 14:56 . 2009-01-01 14:56 <DIR> d--h----- c:\windows\PIF 2008-12-31 15:19 . 2008-12-31 15:19 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue 2008-12-29 20:30 . 2008-12-29 20:30 <DIR> d-------- c:\program files\Alwil Software 2008-12-27 17:27 . 2008-12-27 17:27 <DIR> d-------- c:\documents and settings\Administrator\Application Data\www.pro-evo.xooit.fr 2008-12-27 11:23 . 2008-12-27 11:24 <DIR> d-------- c:\program files\The KMPlayer 2008-12-24 12:57 . 2009-01-03 02:48 <DIR> d-------- c:\program files\SUPERAntiSpyware 2008-12-24 12:57 . 2008-12-24 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2008-12-24 12:57 . 2008-12-24 12:57 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com 2008-12-24 12:56 . 2008-12-24 12:56 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2008-12-21 03:04 . 2008-12-21 03:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Delayed Shutdown . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-21 20:51 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent 2009-01-21 20:51 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM 2009-01-20 19:57 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype 2009-01-20 18:03 --------- d-----w c:\program files\7-Zip 2009-01-20 14:39 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-17 14:05 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-17 01:50 --------- d-----w c:\program files\Common Files\Adobe 2009-01-14 13:40 94,208 ----a-w c:\windows\DUMP830a.tmp 2009-01-14 13:40 94,208 ----a-w c:\windows\DUMP66d8.tmp 2009-01-09 20:21 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-01-06 13:36 --------- d-----w c:\program files\Messenger Plus! Live 2008-12-30 21:48 --------- d-----w c:\program files\Windows Live 2008-12-28 15:35 --------- d-----w c:\documents and settings\Administrator\Application Data\Hoyle 2008-12-18 19:21 --------- d-----w c:\program files\Microsoft Office Outlook Connector 2008-12-18 19:21 --------- d-----w c:\program files\Microsoft 2008-12-18 19:17 --------- d-----w c:\program files\Windows Live SkyDrive 2008-12-18 18:39 --------- d-----w c:\program files\Common Files\Windows Live 2008-12-15 00:43 --------- d-----w c:\documents and settings\Administrator\Application Data\Hoyle FaceCreator 2008-12-14 23:22 --------- d-----w c:\program files\Encore 2008-12-14 23:06 --------- d-----w c:\program files\Alcohol Soft 2008-12-14 01:05 --------- d-----w c:\program files\eMule 2008-12-14 01:01 --------- d-----w c:\program files\Sony 2008-12-10 21:45 --------- d-----w c:\program files\Real Alternative 2008-12-09 01:24 --------- d-----w c:\documents and settings\All Users\Application Data\InterAction studios 2008-12-09 01:14 --------- d-----w c:\program files\Chicken Invaders 3 2008-12-09 01:13 --------- d-----w c:\program files\ReflexiveArcade 2008-12-08 21:17 --------- d-----w c:\program files\MessengerDiscovery 2008-12-07 22:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Publish Providers 2008-12-07 21:49 --------- d-----w c:\documents and settings\Administrator\Application Data\Sony 2008-12-07 21:44 --------- d-----w c:\program files\Sony Setup 2008-12-03 12:41 --------- d-----w c:\program files\QuickTime Alternative 2008-12-03 12:41 --------- d-----w c:\program files\Common Files\Apple 2008-12-03 12:41 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2008-12-03 12:40 --------- d-----w c:\program files\Apple Software Update 2008-12-03 12:40 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2008-12-03 11:41 --------- d-----w c:\program files\JLC's Software 2008-12-03 11:40 --------- d-----w c:\program files\Webteh 2008-11-30 11:51 --------- d-----w c:\program files\DivX 2008-11-29 19:31 --------- d-----w c:\program files\MSXML 4.0 2008-11-29 19:27 --------- d-----w c:\program files\Pinnacle 2008-11-29 18:01 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle 2008-11-23 20:22 --------- d-----w c:\program files\Microsoft Silverlight 2008-11-23 00:03 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire 2008-11-22 01:03 --------- d-----w c:\program files\Java 2008-11-22 00:30 --------- d-----w c:\documents and settings\Administrator\Application Data\TuneUp Software 2008-11-22 00:29 --------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357} 2008-11-22 00:29 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software . file copied: c:\windows\system32\user32.dll -> c:\qoobox\Quarantine\C\WINDOWS\system32\user32.dll.vir ( 577024 bytes ) Infected c:\windows\system32\user32.dll hex repaired ------- Sigcheck ------- 2002-12-31 13:00 360448 0601f83f6784c220ee302f03f702316e c:\windows\system32\drivers\tcpip.sys . ((((((((((((((((((((((((((((( snapshot@2009-01-21_21.19.40.78 ))))))))))))))))))))))))))))))))))))))))) . + 2009-01-21 20:50:33 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_70c.dat + 2009-01-21 20:51:06 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_d38.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}] 2008-09-02 15:05 398776 --a------ c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360] "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2008-11-16 270128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2003-11-10 406016] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-14 399504] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-12-24 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "d:\\Igre\\PES 2009\\pes2009.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Counter-Strike 1.6\\hl.exe"= "c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "d:\\Igre\\JSL\\JSL_PATCH_2009.exe"= R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2007-02-27 55024] R3 3xHybrid;Pinnacle PCTV 110i service;c:\windows\system32\drivers\3xHybrid.sys [2008-11-29 827008] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-01-21 15504] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] R4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-01-21 170640] S3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-11-29 6400] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2006-02-16 4096] . Contents of the 'Scheduled Tasks' folder 2009-01-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.bearshare.com/intl/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\suqtakhz.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-21 21:50:58 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,f0,c8,03,2e,28, 01,ff,86,e2,63,26,f1,3f,c8,ff,68,bd,e8,ef,47,9d,c1,9b,ab,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,dd,d6,b1,98,ab, 64,b6,a4,6a,9c,d6,61,af,45,84,18,32,85,ea,ef,50,8f,41,48,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,cb,77,09,eb,45, 5f,0c,08,ff,7c,85,e0,43,d4,0e,fe,dd,df,b4,02,01,cc,9c,c1,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:6b,65,49,6a,7e,99,74,f7,95,2b,96,a8,f9, e6,c6,d6,86,8c,21,01,be,91,eb,e7,7b,10,9a,b6,74,c4,34,23,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,ab,79,0d,25,0f, b5,1a,04,f5,1d,4d,73,a8,13,5c,05,78,55,b7,b9,74,93,ae,d1,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,4e,21,25,bf,dd, bd,7e,be,df,20,58,62,78,6b,cf,c8,82,51,9b,9b,90,77,86,40,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,3c,d4,68,79,dd, d5,23,f8,fb,a7,78,e6,12,2f,9a,ea,ee,e7,a7,df,38,ee,e2,10,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,dc,ab,3d,4c,39, 45,15,fa,01,3a,48,fc,e8,04,4a,f1,47,5f,df,f4,31,bc,e4,9d,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,9a,59,cb,8c,69, b4,0b,ec,f6,0f,4e,58,98,5b,89,c9,fa,17,c0,ff,d1,88,a2,9d,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,c5,82,21,6e,2f, 9c,48,b9,3d,ce,ea,26,2d,45,aa,78,f4,c3,e8,32,99,01,0c,a0,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,3b,73,17,22,9e, ec,c3,b2,2a,b7,cc,b5,b9,7f,41,e7,d8,88,69,ab,a7,a5,a0,01,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,5a,cc,8b,56,e0, 05,8b,38,6c,43,2d,1e,aa,22,2f,9c,0a,fa,ac,74,7d,b3,25,c9,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(764) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Windows Live\Messenger\usnsvc.exe . ************************************************************************** . Completion time: 2009-01-21 21:55:48 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-21 20:55:45 ComboFix2.txt 2009-01-21 20:20:46 Pre-Run: 1,250,951,168 bytes free Post-Run: 1,238,773,760 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /noexecute=alwaysoff 296

Profil

dr_Bora Poslao: 21 Jan 2009 22:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da li sada NOD detektuje nešto?

Profil

Milenkopfc Poslao: 21 Jan 2009 22:14 Idi na vrh
offline Milenkopfc Novi MyCity građanin Pridružio: 21 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! dr_Bora ::Da li sada NOD detektuje nešto? Ne...ne iskace nista vise... stavicu jos samo full sistem scan sutra,pa cu taman videti da li javlja nesto

Profil

dr_Bora Poslao: 21 Jan 2009 22:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Javi sutra rezultate skeniranja pa ćeš dobiti još jedno uputstvo za kraj.

Profil

Milenkopfc Poslao: 22 Jan 2009 10:06 Idi na vrh
offline Milenkopfc Novi MyCity građanin Pridružio: 21 Jan 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skenirao ga,i opet mi bio naso user32.dll,medjutim sad samo samo isao na delete i obrisao se ,restartovao sam racunar,odradio custom scan na taj folder gde je on i sve je cisto Sta sad ?

Profil

dr_Bora Poslao: 22 Jan 2009 16:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore I to je to.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » User32.dll

Ko je trenutno na forumu

Ukupno su 881 korisnika na forumu :: 51 registrovanih, 6 sakrivenih i 824 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, Bane san, Belac91, cavatina, ccoogg123, cenejac111, Dannyboy, dekan.m, Dimitrise93, Djokkinen, doklevise, DonRumataEstorski, Duh sa sekirom, dushan, FOX, Georgius, gmlale, GORDI, havoc995, HrcAk47, JOntra, kalens021, Kubovac, kunktator, laganini123, laurusri, mercedesamg, Mercury, milos.cbr, mnn2, nebkv, nikoladim, ozzy, panzerwaffe, pein, Petarvu, Polemarchoi, Raso75, Sale.S, samsung, Shinobi, Sirius, Sićko, Srki94, Srle993, USSVoyager, vasa.93, zastavnik, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by