MyCity » Ambulanta -> Arhiva Ambulante » hijack provera??

hijack provera??

Napisano na dan: 4.4.2009

hijack provera??

Sledeća strana

Pagination

Odgovori

mirjanagb Poslao: 04 Apr 2009 22:08 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:07:06 PM, on 4/4/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\rundll32.exe C:\Documents and Settings\miki\Application Data\nidle\nidle.exe C:\Documents and Settings\miki\Application Data\Twain\Twain.exe C:\Documents and Settings\miki\Application Data\digifast\digifast.exe C:\Documents and Settings\miki\Application Data\Microsoft\Windows\jxphyo.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Opera\opera.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: CPV - {15421B84-3488-49A7-AD18-CBF84A3EFAF6} - C:\Program Files\WWShow\WWShow.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: HelloWorldBHO - {D88E1558-7C2D-407A-953A-C044F5607CEA} - C:\Program Files\Jcore\Jcore2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKCU\..\Run: [nidle] "C:\Documents and Settings\miki\Application Data\nidle\nidle.exe" 61A847B5BBF72813359231466188719AB689201522886B092CBD44BD8689220221DD3257 O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\miki\Application Data\Twain\Twain.exe O4 - HKCU\..\Run: [DigiFast] C:\Documents and Settings\miki\Application Data\digifast\digifast.exe O4 - HKCU\..\Run: [SfKg6wIPuSpdc] C:\Documents and Settings\miki\Application Data\Microsoft\Windows\jxphyo.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]* O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 4745 bytes

Profil

bobby Poslao: 04 Apr 2009 22:25 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] [Link mogu videti samo ulogovani korisnici] Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

mirjanagb Poslao: 04 Apr 2009 22:40 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-04.01 - miki 2009-04-04 22:34:07.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1406 [GMT 2:00] Running from: c:\documents and settings\miki\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . 2009-04-04 21:04 . 2009-04-04 21:04 <DIR> d--h----- c:\windows\PIF 2009-04-04 21:02 . 2009-04-04 21:02 <DIR> d-------- c:\program files\Trend Micro 2009-04-04 20:56 . 2009-04-04 20:56 <DIR> dr-h----- C:\MSOCache 2009-04-04 18:28 . 2009-04-04 18:28 <DIR> d-------- c:\program files\WWShow 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\MSECACHE 2009-04-04 18:12 . 2009-04-04 18:12 <DIR> d-------- c:\program files\Jcore 2009-04-03 23:38 . 2009-04-03 23:38 <DIR> d-------- c:\program files\CCleaner 2009-04-03 18:05 . 2009-04-03 18:08 <DIR> d-------- c:\program files\UltraISO 2009-04-03 18:05 . 2009-04-03 18:05 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a------ c:\windows\system32\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a------ c:\windows\system32\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a------ c:\windows\system32\wshirda.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-31 21:21 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\miki\Application Data\Apple Computer 2009-03-31 21:21 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-03-31 21:21 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\program files\iTunes 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\iPod 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Bonjour 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-31 21:19 . 2009-03-31 21:21 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-31 21:19 . 2009-03-31 21:20 <DIR> d-------- c:\program files\QuickTime 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\program files\Apple Software Update 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-31 21:19 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll 2009-03-31 21:19 . 2009-03-05 23:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys 2009-03-31 21:18 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Common Files\Apple 2009-03-31 21:18 . 2009-03-31 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-31 20:56 . 2009-04-04 11:39 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-03-31 20:47 . 2009-03-31 20:47 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-31 20:47 . 2009-03-31 20:48 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-25 23:11 . 2009-03-25 23:11 <DIR> d-------- c:\program files\uTorrent 2009-03-25 23:11 . 2009-04-04 17:59 <DIR> d-------- c:\documents and settings\miki\Application Data\uTorrent 2009-03-24 20:16 . 2009-03-24 20:16 <DIR> d-------- c:\windows\system32\Lang 2009-03-24 20:16 . 2009-03-24 20:16 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-24 20:16 . 2009-03-24 20:16 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-23 22:10 . 2009-03-23 22:10 <DIR> d-------- c:\windows\Motorola 2009-03-23 22:08 . 2006-05-18 15:27 16,207,872 --a------ c:\windows\RTHDCPL.exe 2009-03-23 22:08 . 2006-05-04 17:35 9,709,568 --a------ c:\windows\RTLCPL.exe 2009-03-23 22:08 . 2006-05-16 18:32 4,275,712 --a------ c:\windows\system32\drivers\RtkHDAud.Sys 2009-03-23 22:08 . 2006-05-04 17:26 2,808,832 --a------ c:\windows\alcwzrd.exe 2009-03-23 22:08 . 2006-03-10 20:32 2,158,592 --a------ c:\windows\MicCal.exe 2009-03-23 22:08 . 2005-04-16 23:20 487,424 --a------ c:\windows\RtlExUpd.dll 2009-03-23 22:08 . 2006-03-09 18:45 364,544 --a------ c:\windows\RtlUpd.exe 2009-03-23 22:08 . 2005-09-21 11:25 299,008 --a------ c:\windows\system32\ALSndMgr.Cpl 2009-03-23 22:08 . 2006-01-10 14:58 266,240 --a------ c:\windows\system32\RTSndMgr.Cpl 2009-03-23 22:08 . 2006-05-04 17:22 86,016 --a------ c:\windows\SoundMan.exe 2009-03-23 22:08 . 2005-05-03 19:43 69,632 --a------ c:\windows\Alcmtr.exe 2009-03-23 21:28 . 2009-03-23 21:28 <DIR> d-------- c:\documents and settings\miki\Application Data\ATI 2009-03-23 21:26 . 2009-03-23 21:26 <DIR> d-------- c:\program files\Common Files\ATI Technologies 2009-03-23 21:16 . 2008-04-13 20:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-03-23 20:34 . 2009-03-23 20:34 <DIR> d-------- c:\program files\Opera 2009-03-23 01:40 . 2008-10-16 03:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll 2009-03-23 01:40 . 2008-10-16 03:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll 2009-03-23 01:40 . 2008-10-16 03:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll 2009-03-23 01:32 . 2008-12-12 19:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-23 01:31 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-23 01:30 . 2008-08-14 12:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-23 01:30 . 2008-08-14 12:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-23 01:30 . 2008-04-11 21:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-23 01:30 . 2008-12-11 12:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-03-23 01:30 . 2008-05-01 16:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-23 01:29 . 2008-06-13 13:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-23 01:28 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-03-23 01:26 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-03-23 01:26 . 2008-10-15 18:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\scripting 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\en 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\bits 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\l2schemas 2009-03-23 01:18 . 2009-03-23 01:18 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-23 01:13 . 2009-03-23 01:13 <DIR> d-------- c:\windows\EHome 2009-03-23 01:12 . 2009-03-23 01:12 <DIR> d-------- c:\program files\GRETECH 2009-03-23 01:12 . 2009-03-23 01:12 <DIR> d-------- c:\documents and settings\miki\Application Data\GRETECH 2009-03-23 01:09 . 2006-03-09 00:33 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 09:24 90,112 ----a-w c:\windows\DUMP3fe7.tmp 2009-03-23 20:08 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-23 20:08 --------- d-----w c:\program files\Realtek 2009-03-23 19:24 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-23 19:24 --------- d-----w c:\program files\ATI Technologies 2009-03-22 22:28 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF 2009-03-22 22:28 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF 2009-03-22 22:28 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF 2009-03-22 22:28 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF 2009-03-22 22:28 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-03-22 22:28 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF 2009-03-22 22:28 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF 2009-03-22 22:28 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF 2009-03-22 22:09 --------- d-----w c:\program files\Launch Manager 2009-03-22 22:02 --------- d-----w c:\program files\Synaptics 2009-03-22 21:50 --------- d-----w c:\program files\microsoft frontpage 2009-03-22 21:49 --------- d-----w c:\program files\Java 2009-03-22 21:48 --------- d-----w c:\program files\Common Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 c:\windows\sm56hlpr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2009-03-23 9867] S1 mailKmd;mailKmd; [x] S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-04 22:36:52 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@?u??????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?st>???6@??>????????? scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\windows\system32\rundll32.exe c:\windows\system32\wbem\wmiapsrv.exe . ************************************************************************ . Completion time: 2009-04-04 22:38:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-04 20:38:44 Pre-Run: 43,093,708,800 bytes free Post-Run: 43,042,185,216 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 205 --- E O F --- 2009-04-03 08:20:53

Profil

bobby Poslao: 04 Apr 2009 23:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Bas ne zelis da ispratis upustva. Prvo, upustvo za postavljanje loga HijackThis programa nije ispraceno, pa sada pokreces i ComboFix direktno iz Opere, a lepo sam napisao da ga skines na Desktop. Necu da pisem nista dalje sve dok ne uradis kako je napisano u upustvima koja su ti data. Ne zelim da se osecam krivim ako se nesto zezne zato sto ne radis onako kako ti je sasvim jasno i precizno napisano.

Profil

mirjanagb Poslao: 06 Apr 2009 22:12 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! aaa.. pa snimila sam na desktop ... pa cini mi se da sam startovala iz desktopa ... sorry .... Dopuna: 04 Apr 2009 23:20 ComboFix 09-04-04.01 - miki 2009-04-04 23:14:51.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1363 [GMT 2:00] Running from: c:\documents and settings\miki\Desktop\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2009-03-04 to 2009-04-04 ))))))))))))))))))))))))))))))) . 2009-04-04 22:32 . 2009-04-04 22:32 <DIR> d-------- C:\32788R22FWJFW.0.tmp 2009-04-04 21:04 . 2009-04-04 21:04 <DIR> d--h----- c:\windows\PIF 2009-04-04 21:02 . 2009-04-04 21:02 <DIR> d-------- c:\program files\Trend Micro 2009-04-04 20:56 . 2009-04-04 20:56 <DIR> dr-h----- C:\MSOCache 2009-04-04 18:28 . 2009-04-04 18:28 <DIR> d-------- c:\program files\WWShow 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\MSECACHE 2009-04-04 18:12 . 2009-04-04 18:12 <DIR> d-------- c:\program files\Jcore 2009-04-03 23:38 . 2009-04-03 23:38 <DIR> d-------- c:\program files\CCleaner 2009-04-03 18:05 . 2009-04-03 18:08 <DIR> d-------- c:\program files\UltraISO 2009-04-03 18:05 . 2009-04-03 18:05 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a------ c:\windows\system32\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a------ c:\windows\system32\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a------ c:\windows\system32\wshirda.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-31 21:21 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\miki\Application Data\Apple Computer 2009-03-31 21:21 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-03-31 21:21 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\program files\iTunes 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\iPod 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Bonjour 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-31 21:19 . 2009-03-31 21:21 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-31 21:19 . 2009-03-31 21:20 <DIR> d-------- c:\program files\QuickTime 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\program files\Apple Software Update 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-31 21:19 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll 2009-03-31 21:19 . 2009-03-05 23:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys 2009-03-31 21:18 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Common Files\Apple 2009-03-31 21:18 . 2009-03-31 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-31 20:56 . 2009-04-04 11:39 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-03-31 20:47 . 2009-03-31 20:47 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-31 20:47 . 2009-03-31 20:48 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-25 23:11 . 2009-03-25 23:11 <DIR> d-------- c:\program files\uTorrent 2009-03-25 23:11 . 2009-04-04 17:59 <DIR> d-------- c:\documents and settings\miki\Application Data\uTorrent 2009-03-24 20:16 . 2009-03-24 20:16 <DIR> d-------- c:\windows\system32\Lang 2009-03-24 20:16 . 2009-03-24 20:16 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-24 20:16 . 2009-03-24 20:16 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-23 22:10 . 2009-03-23 22:10 <DIR> d-------- c:\windows\Motorola 2009-03-23 22:08 . 2006-05-18 15:27 16,207,872 --a------ c:\windows\RTHDCPL.exe 2009-03-23 22:08 . 2006-05-04 17:35 9,709,568 --a------ c:\windows\RTLCPL.exe 2009-03-23 22:08 . 2006-05-16 18:32 4,275,712 --a------ c:\windows\system32\drivers\RtkHDAud.Sys 2009-03-23 22:08 . 2006-05-04 17:26 2,808,832 --a------ c:\windows\alcwzrd.exe 2009-03-23 22:08 . 2006-03-10 20:32 2,158,592 --a------ c:\windows\MicCal.exe 2009-03-23 22:08 . 2005-04-16 23:20 487,424 --a------ c:\windows\RtlExUpd.dll 2009-03-23 22:08 . 2006-03-09 18:45 364,544 --a------ c:\windows\RtlUpd.exe 2009-03-23 22:08 . 2005-09-21 11:25 299,008 --a------ c:\windows\system32\ALSndMgr.Cpl 2009-03-23 22:08 . 2006-01-10 14:58 266,240 --a------ c:\windows\system32\RTSndMgr.Cpl 2009-03-23 22:08 . 2006-05-04 17:22 86,016 --a------ c:\windows\SoundMan.exe 2009-03-23 22:08 . 2005-05-03 19:43 69,632 --a------ c:\windows\Alcmtr.exe 2009-03-23 21:28 . 2009-03-23 21:28 <DIR> d-------- c:\documents and settings\miki\Application Data\ATI 2009-03-23 21:26 . 2009-03-23 21:26 <DIR> d-------- c:\program files\Common Files\ATI Technologies 2009-03-23 21:16 . 2008-04-13 20:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-03-23 20:34 . 2009-03-23 20:34 <DIR> d-------- c:\program files\Opera 2009-03-23 01:40 . 2008-10-16 03:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll 2009-03-23 01:40 . 2008-10-16 03:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll 2009-03-23 01:40 . 2008-10-16 03:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll 2009-03-23 01:32 . 2008-12-12 19:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-23 01:31 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-23 01:30 . 2008-08-14 12:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-23 01:30 . 2008-08-14 12:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-23 01:30 . 2008-04-11 21:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-23 01:30 . 2008-12-11 12:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-03-23 01:30 . 2008-05-01 16:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll 2009-03-23 01:29 . 2008-06-13 13:05 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys 2009-03-23 01:28 . 2008-05-08 16:02 203,136 -----c--- c:\windows\system32\dllcache\rmcast.sys 2009-03-23 01:26 . 2008-09-04 19:15 1,106,944 -----c--- c:\windows\system32\dllcache\msxml3.dll 2009-03-23 01:26 . 2008-10-15 18:34 337,408 -----c--- c:\windows\system32\dllcache\netapi32.dll 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\scripting 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\en 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\system32\bits 2009-03-23 01:19 . 2009-03-23 01:19 <DIR> d-------- c:\windows\l2schemas 2009-03-23 01:18 . 2009-03-23 01:18 <DIR> d-------- c:\windows\ServicePackFiles 2009-03-23 01:13 . 2009-03-23 01:13 <DIR> d-------- c:\windows\EHome 2009-03-23 01:12 . 2009-03-23 01:12 <DIR> d-------- c:\program files\GRETECH 2009-03-23 01:12 . 2009-03-23 01:12 <DIR> d-------- c:\documents and settings\miki\Application Data\GRETECH 2009-03-23 01:09 . 2006-03-09 00:33 2,636,672 --a--c--- c:\windows\system32\dllcache\ati3duag.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-02 09:24 90,112 ----a-w c:\windows\DUMP3fe7.tmp 2009-03-23 20:08 --------- d--h--w c:\program files\InstallShield Installation Information 2009-03-23 20:08 --------- d-----w c:\program files\Realtek 2009-03-23 19:24 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-23 19:24 --------- d-----w c:\program files\ATI Technologies 2009-03-22 22:28 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF 2009-03-22 22:28 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF 2009-03-22 22:28 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF 2009-03-22 22:28 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF 2009-03-22 22:28 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-03-22 22:28 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF 2009-03-22 22:28 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF 2009-03-22 22:28 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF 2009-03-22 22:09 --------- d-----w c:\program files\Launch Manager 2009-03-22 22:02 --------- d-----w c:\program files\Synaptics 2009-03-22 21:50 --------- d-----w c:\program files\microsoft frontpage 2009-03-22 21:49 --------- d-----w c:\program files\Java 2009-03-22 21:48 --------- d-----w c:\program files\Common Files\Java 2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys 2009-01-16 13:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "RTHDCPL"="RTHDCPL.EXE" [2006-05-18 c:\windows\RTHDCPL.exe] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 c:\windows\sm56hlpr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2009-03-23 9867] S1 mailKmd;mailKmd; [x] S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?] . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-04 23:15:55 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@?u??????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?st>???6@??>????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(560) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-04-04 23:16:51 ComboFix-quarantined-files.txt 2009-04-04 21:16:48 ComboFix2.txt 2009-04-04 20:38:47 Pre-Run: 43,053,477,888 bytes free Post-Run: 43,040,493,568 bytes free 182 --- E O F --- 2009-04-03 08:20:53 Dopuna: 06 Apr 2009 22:12 evo sve iz pocetka ... nadam se da je sad dobro, jer mislim da jos uvek imam virus .. ComboFix 09-04-04.01 - miki 2009-04-06 21:58:38.3 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1790.1300 [GMT 2:00] Running from: c:\documents and settings\miki\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ISODRIVE -------\Service_ISODrive ((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 ))))))))))))))))))))))))))))))) . 2009-04-06 21:55 . 2009-04-06 21:58 <DIR> d-------- C:\32788R22FWJFW 2009-04-06 21:55 . 2006-03-03 00:42 73,728 --a------ C:\pv.exe 2009-04-05 23:01 . 2009-04-05 23:01 <DIR> d-------- c:\documents and settings\miki\Application Data\DivX 2009-04-05 19:53 . 2009-04-05 19:53 <DIR> d-------- c:\program files\Microsoft Visual Studio 8 2009-04-05 19:41 . 2008-04-14 01:12 363,520 --a------ c:\windows\system32\PsisDecd.dll 2009-04-05 18:59 . 2009-04-05 18:59 <DIR> d-------- c:\program files\DivX 2009-04-05 18:58 . 2009-04-05 18:58 <DIR> d-------- c:\program files\Common Files\Adobe 2009-04-05 18:56 . 2009-04-05 18:56 <DIR> d-------- c:\program files\MSXML 4.0 2009-04-05 18:56 . 2007-06-14 14:41 466,048 --a------ c:\windows\system32\drivers\Ltn_stk7070P.sys 2009-04-05 18:56 . 2007-06-13 19:30 13,440 --a------ c:\windows\system32\drivers\Ltn_stkrc.sys 2009-04-05 18:55 . 1998-11-02 20:57 196,096 --------- c:\windows\system32\MACD32.DLL 2009-04-05 18:55 . 1998-11-02 20:57 138,752 --------- c:\windows\system32\MASE32.DLL 2009-04-05 18:55 . 1998-11-02 20:57 136,192 --------- c:\windows\system32\MAMC32.DLL 2009-04-05 18:55 . 1998-11-02 20:57 57,856 --------- c:\windows\system32\MASD32.DLL 2009-04-05 18:55 . 1998-11-02 20:57 27,648 --------- c:\windows\system32\MA32.DLL 2009-04-05 18:54 . 2003-03-19 06:28 2,179,072 --------- c:\windows\system32\mfc71d.dll 2009-04-05 18:54 . 2003-03-19 05:04 765,952 --------- c:\windows\system32\msvcp71d.dll 2009-04-05 18:54 . 2002-01-05 21:16 737,280 --------- c:\windows\system32\msvcp70d.dll 2009-04-05 18:54 . 2003-03-19 05:03 544,768 --------- c:\windows\system32\msvcr71d.dll 2009-04-05 18:54 . 2002-01-05 21:16 536,576 --------- c:\windows\system32\msvcr70d.dll 2009-04-05 18:54 . 2004-07-23 09:00 446,464 --------- c:\windows\system32\HHActiveX.dll 2009-04-05 18:54 . 2004-06-03 12:47 385,100 --------- c:\windows\system32\MSVCRTD.DLL 2009-04-05 18:53 . 2009-04-05 18:53 <DIR> d-------- c:\program files\Pinnacle 2009-04-05 18:53 . 2003-03-19 07:20 1,060,864 --------- c:\windows\system32\MFC71.dll 2009-04-05 18:53 . 2003-03-19 08:12 1,047,552 --------- c:\windows\system32\MFC71u.dll 2009-04-05 18:53 . 2006-12-01 23:54 626,688 --------- c:\windows\system32\msvcr80.dll 2009-04-05 18:53 . 2006-12-01 23:54 548,864 --------- c:\windows\system32\msvcp80.dll 2009-04-05 18:53 . 2003-09-10 16:36 499,712 --------- c:\windows\system32\msvcp71.dll 2009-04-05 18:53 . 2002-01-05 13:40 487,424 --------- c:\windows\system32\MSVCP70.DLL 2009-04-05 18:53 . 2003-09-10 16:36 348,160 --------- c:\windows\system32\Msvcr71.dll 2009-04-05 18:53 . 2002-01-05 13:37 344,064 --------- c:\windows\system32\MSVCR70.DLL 2009-04-05 18:53 . 2003-03-19 06:05 89,088 --------- c:\windows\system32\atl71.dll 2009-04-05 18:52 . 2009-04-05 19:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle 2009-04-05 18:07 . 2009-04-05 18:46 <DIR> d-------- c:\program files\Foxit Software 2009-04-05 18:07 . 2009-04-05 18:07 <DIR> d-------- c:\documents and settings\miki\Application Data\Foxit 2009-04-05 13:42 . 2009-04-05 13:42 <DIR> d-------- c:\windows\SHELLNEW 2009-04-05 02:27 . 2009-04-05 02:27 156,544 ---h----- C:\treeinfo.wc 2009-04-05 02:22 . 2009-04-05 02:22 <DIR> d-------- c:\program files\Intelore 2009-04-05 02:15 . 2009-04-05 02:15 <DIR> d-------- C:\mo 2009-04-05 01:57 . 2009-04-05 01:57 <DIR> d-------- c:\program files\Dodatki 2009-04-05 01:33 . 2009-04-06 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-04-05 01:28 . 2009-04-05 18:28 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-04-05 00:41 . 2009-04-06 19:25 <DIR> d-------- c:\windows\system32\drivers\Avg 2009-04-05 00:41 . 2009-04-05 01:29 <DIR> d-------- c:\documents and settings\miki\Application Data\AVGTOOLBAR 2009-04-05 00:41 . 2009-04-05 00:41 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys 2009-04-05 00:41 . 2009-04-05 00:41 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys 2009-04-05 00:41 . 2009-04-05 00:41 10,520 --a------ c:\windows\system32\avgrsstx.dll 2009-04-05 00:40 . 2009-04-05 00:40 <DIR> d-------- c:\program files\AVG 2009-04-05 00:40 . 2009-04-05 00:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2009-04-05 00:13 . 2008-08-05 20:10 1,684,736 --a------ c:\windows\system32\drivers\Ambfilt.sys 2009-04-05 00:13 . 2006-01-04 15:41 1,389,056 --a------ c:\windows\system32\drivers\Monfilt.sys 2009-04-05 00:13 . 2008-10-23 17:42 290,816 --a------ c:\windows\vncutil.exe 2009-04-05 00:13 . 2009-03-17 14:07 122,880 --a------ c:\windows\RtkAudioService.exe 2009-04-05 00:13 . 2009-03-17 12:44 36,352 --a------ c:\windows\system32\RtkCoInstXP.dll 2009-04-04 22:32 . 2009-04-04 22:32 <DIR> d-------- C:\32788R22FWJFW.0.tmp 2009-04-04 21:04 . 2009-04-04 21:04 <DIR> d--h----- c:\windows\PIF 2009-04-04 21:02 . 2009-04-04 21:02 <DIR> d-------- c:\program files\Trend Micro 2009-04-04 18:28 . 2009-04-05 01:28 <DIR> d-------- c:\program files\WWShow 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-04-04 18:27 . 2009-04-04 18:27 <DIR> d-------- c:\program files\MSECACHE 2009-04-04 18:12 . 2009-04-05 01:28 <DIR> d-------- c:\program files\Jcore 2009-04-03 23:38 . 2009-04-03 23:38 <DIR> d-------- c:\program files\CCleaner 2009-04-03 18:05 . 2009-04-03 18:08 <DIR> d-------- c:\program files\UltraISO 2009-04-03 18:05 . 2009-04-03 18:05 <DIR> d-------- c:\program files\Common Files\EZB Systems 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a------ c:\windows\system32\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:12 151,552 --a--c--- c:\windows\system32\dllcache\irftp.exe 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a------ c:\windows\system32\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:11 28,160 --a--c--- c:\windows\system32\dllcache\irmon.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a------ c:\windows\system32\wshirda.dll 2009-03-31 21:32 . 2008-04-14 01:12 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-31 21:21 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\miki\Application Data\Apple Computer 2009-03-31 21:21 . 2008-04-17 12:12 107,368 --a------ c:\windows\system32\GEARAspi.dll 2009-03-31 21:21 . 2009-01-15 12:19 23,848 --a------ c:\windows\system32\drivers\GEARAspiWDM.sys 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\program files\iTunes 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\iPod 2009-03-31 21:20 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Bonjour 2009-03-31 21:20 . 2009-03-31 21:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3} 2009-03-31 21:19 . 2009-03-31 21:21 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-03-31 21:19 . 2009-03-31 21:20 <DIR> d-------- c:\program files\QuickTime 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\program files\Apple Software Update 2009-03-31 21:19 . 2009-03-31 21:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer 2009-03-31 21:19 . 2009-03-05 23:59 1,900,544 --a------ c:\windows\system32\usbaaplrc.dll 2009-03-31 21:19 . 2009-03-05 23:59 36,864 --a------ c:\windows\system32\drivers\usbaapl.sys 2009-03-31 21:18 . 2009-03-31 21:20 <DIR> d-------- c:\program files\Common Files\Apple 2009-03-31 21:18 . 2009-03-31 21:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2009-03-31 20:56 . 2009-04-04 11:39 <DIR> d-------- c:\program files\Windows Media Connect 2 2009-03-31 20:47 . 2009-03-31 20:47 <DIR> d-------- c:\windows\system32\LogFiles 2009-03-31 20:47 . 2009-03-31 20:48 <DIR> d-------- c:\windows\system32\drivers\UMDF 2009-03-25 23:11 . 2009-03-25 23:11 <DIR> d-------- c:\program files\uTorrent 2009-03-25 23:11 . 2009-04-06 22:00 <DIR> d-------- c:\documents and settings\miki\Application Data\uTorrent 2009-03-24 20:16 . 2009-03-24 20:16 <DIR> d-------- c:\windows\system32\Lang 2009-03-24 20:16 . 2009-03-24 20:16 940,794 --a------ c:\windows\system32\LoopyMusic.wav 2009-03-24 20:16 . 2009-03-24 20:16 146,650 --a------ c:\windows\system32\BuzzingBee.wav 2009-03-23 22:10 . 2009-03-23 22:10 <DIR> d-------- c:\windows\Motorola 2009-03-23 22:08 . 2009-03-27 11:22 17,567,736 --a------ c:\windows\RTHDCPL.EXE 2009-03-23 22:08 . 2008-06-19 16:27 9,715,200 --a------ c:\windows\RTLCPL.EXE 2009-03-23 22:08 . 2009-03-30 17:13 5,063,168 --a------ c:\windows\system32\drivers\RtkHDAud.sys 2009-03-23 22:08 . 2008-06-19 16:42 2,808,832 --a------ c:\windows\ALCWZRD.EXE 2009-03-23 22:08 . 2009-03-10 14:32 2,168,320 --a------ c:\windows\MicCal.exe 2009-03-23 22:08 . 2009-01-21 15:54 1,206,816 --a------ c:\windows\RtlUpd.exe 2009-03-23 22:08 . 2009-03-20 16:31 880,640 --a------ c:\windows\system32\RTSndMgr.CPL 2009-03-23 22:08 . 2009-03-17 13:58 540,672 --a------ c:\windows\RtlExUpd.dll 2009-03-23 22:08 . 2008-06-19 16:24 278,528 --a------ c:\windows\system32\ALSNDMGR.CPL 2009-03-23 22:08 . 2008-08-19 13:26 77,824 --a------ c:\windows\SOUNDMAN.EXE 2009-03-23 22:08 . 2009-03-02 11:14 57,344 --a------ c:\windows\ALCMTR.EXE 2009-03-23 21:28 . 2009-03-23 21:28 <DIR> d-------- c:\documents and settings\miki\Application Data\ATI 2009-03-23 21:26 . 2009-03-23 21:26 <DIR> d-------- c:\program files\Common Files\ATI Technologies 2009-03-23 21:16 . 2008-04-13 20:45 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys 2009-03-23 20:51 . 2001-08-17 14:48 12,160 --a--c--- c:\windows\system32\dllcache\mouhid.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys 2009-03-23 20:51 . 2008-04-13 20:45 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys 2009-03-23 20:34 . 2009-03-23 20:34 <DIR> d-------- c:\program files\Opera 2009-03-23 01:40 . 2008-10-16 03:00 1,499,136 -----c--- c:\windows\system32\dllcache\shdocvw.dll 2009-03-23 01:40 . 2008-10-16 03:00 666,112 -----c--- c:\windows\system32\dllcache\wininet.dll 2009-03-23 01:40 . 2008-10-16 03:00 619,520 -----c--- c:\windows\system32\dllcache\urlmon.dll 2009-03-23 01:32 . 2008-12-12 19:01 3,067,904 -----c--- c:\windows\system32\dllcache\mshtml.dll 2009-03-23 01:31 . 2008-10-24 13:21 455,296 -----c--- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-23 01:30 . 2008-08-14 12:11 2,189,184 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-23 01:30 . 2008-08-14 12:09 2,145,280 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,066,048 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-23 01:30 . 2008-08-14 11:33 2,023,936 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe 2009-03-23 01:30 . 2008-04-11 21:04 691,712 -----c--- c:\windows\system32\dllcache\inetcomm.dll 2009-03-23 01:30 . 2008-12-11 12:57 333,952 -----c--- c:\windows\system32\dllcache\srv.sys 2009-03-23 01:30 . 2008-05-01 16:33 331,776 -----c--- c:\windows\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-05 16:53 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-04 22:13 --------- d-----w c:\program files\Realtek 2009-04-02 09:24 90,112 ----a-w c:\windows\DUMP3fe7.tmp 2009-03-23 19:24 --------- d-----w c:\program files\Common Files\InstallShield 2009-03-23 19:24 --------- d-----w c:\program files\ATI Technologies 2009-03-22 22:28 9,388 ----a-w c:\windows\system32\drivers\iaStor.PNF 2009-03-22 22:28 7,280 ----a-w c:\windows\system32\drivers\viamraid.PNF 2009-03-22 22:28 63,240 ----a-w c:\windows\system32\drivers\Si3112r.PNF 2009-03-22 22:28 6,984 ----a-w c:\windows\system32\drivers\SiSRaid.PNF 2009-03-22 22:28 20,152 ----a-w c:\windows\system32\drivers\INFCACHE.1 2009-03-22 22:28 12,432 ----a-w c:\windows\system32\drivers\adpu320.PNF 2009-03-22 22:28 12,204 ----a-w c:\windows\system32\drivers\nvraid.PNF 2009-03-22 22:28 10,828 ----a-w c:\windows\system32\drivers\iaAHCI.PNF 2009-03-22 22:09 --------- d-----w c:\program files\Launch Manager 2009-03-22 22:02 --------- d-----w c:\program files\Synaptics 2009-03-22 21:50 --------- d-----w c:\program files\microsoft frontpage 2009-03-22 21:49 --------- d-----w c:\program files\Java 2009-03-22 21:48 --------- d-----w c:\program files\Common Files\Java . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Total CMA Pack"="c:\program files\Dodatki\Total CMA Pack\Total CMA Pack.exe" [2008-09-18 42393] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-01-20 761946] "LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2005-07-25 32768] "HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2005-07-28 57344] "LMgrVolOSD"="c:\program files\Launch Manager\OSD.exe" [2005-03-16 204800] "LMgrOSD"="c:\program files\Launch Manager\OSDCtrl.exe" [2005-07-25 241664] "Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2005-07-25 81920] "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-05 1932568] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048] "BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 c:\windows\system32\bthprops.cpl] "RTHDCPL"="RTHDCPL.EXE" [2009-03-27 c:\windows\RTHDCPL.EXE] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-04-05 00:41 10520 c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] --a------ 2009-03-12 20:56 342312 c:\program files\iTunes\iTunesHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL] --a------ 2005-11-10 04:44 557056 c:\windows\sm56hlpr.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-04-05 325640] R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-04-05 108552] R1 Hotkey;Hotkey;c:\windows\system32\drivers\HOTKEY.sys [2009-03-23 9867] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-04-05 908056] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-05 298264] S1 mailKmd;mailKmd; [x] S1 Wbutton;Wbutton;c:\windows\system32\drivers\Wbutton.sys --> c:\windows\system32\drivers\Wbutton.sys [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-04-05 1684736] S3 Ltn_stk7070P;PCTV based TV tuner device;c:\windows\system32\drivers\Ltn_stk7070P.sys [2009-04-05 466048] S3 Ltn_stkrc;PCTV Infrared Receiver;c:\windows\system32\drivers\Ltn_stkrc.sys [2009-04-05 13440] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] \Shell\AutoRun\command - F:\SETUP.EXE /AUTORUN \Shell\configure\command - F:\SETUP.EXE \Shell\install\command - F:\SETUP.EXE . Contents of the 'Scheduled Tasks' folder 2009-04-02 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-PMCRemote - (no file) . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-04-06 22:03:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = c:\program files\Launch Manager\CtrlVol.exe?8???\??????\|x??\|????q??\|?j?wQj?w????????,??? ???????????????d??????\|????????p?????@?u??????????????s???????s???sx??s@??????????????\|h??st??????????s?????????????????C?sc"?sx??s???????w??@?N'?st>???6@??>????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,79,72,e2,15,9e, 01,1b,74,e2,63,26,f1,3f,c8,ff,68,d3,8e,5e,40,8b,2b,fd,9b,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:6a,9c,d6,61,af,45,84,18,fd,89,95,14,b9, 1f,15,34,6a,9c,d6,61,af,45,84,18,f1,2c,c0,86,4c,b7,80,fd,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:7a,45,05,fd,91,e8,6f,31,49,30,ab,d3,0b, 43,82,cc,ff,7c,85,e0,43,d4,0e,fe,7c,83,75,08,a8,b2,bb,43,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,9a,4e,d0,b0,c0, 56,a5,dc,86,8c,21,01,be,91,eb,e7,c8,38,e5,31,12,6e,51,8b,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:f5,1d,4d,73,a8,13,5c,05,b0,8d,85,5f,13, 46,b7,a5,f5,1d,4d,73,a8,13,5c,05,86,55,db,61,f1,4d,b3,89,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,11,56,bd,92,fa, a5,1b,b8,df,20,58,62,78,6b,cf,c8,69,8b,94,62,42,03,da,c8,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,a0,88,c9,1e,23, 1a,05,a0,fb,a7,78,e6,12,2f,9a,ea,0c,b3,70,e1,31,d6,26,71,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,ed,95,c9,a7,28, a1,5d,c9,01,3a,48,fc,e8,04,4a,f1,88,8e,9a,fe,2e,cd,43,63,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,d0,9c,79,de,19, 71,f8,17,f6,0f,4e,58,98,5b,89,c9,7e,bf,bb,cb,2d,2c,9b,ce,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,b0,f2,cf,14,bd, 26,3c,7a,3d,ce,ea,26,2d,45,aa,78,43,be,e3,dc,ed,49,a1,71,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,fa,0f,74,30,88, 04,63,41,2a,b7,cc,b5,b9,7f,41,e7,b8,4c,47,ed,7c,f9,62,20,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,37,8f,94,89,8e, 97,6e,03,6c,43,2d,1e,aa,22,2f,9c,b6,c3,97,43,fe,44,c9,76,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(568-) c:\windows\system32\Ati2evxx.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\AVG\AVG8\avgcsrvx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\rundll32.exe . ************************************************************************ . Completion time: 2009-04-06 22:06:13 - machine was rebooted ComboFix-quarantined-files.txt 2009-04-06 20:06:09 Pre-Run: 35,033,292,800 bytes free Post-Run: 34,991,943,680 bytes free 324 --- E O F --- 2009-04-03 08:20:53 hj: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:10:46 PM, on 4/6/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\OSDCtrl.exe C:\Program Files\Launch Manager\Wbutton.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Opera\opera.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\mk\mko\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici] R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]** R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe O4 - HKLM\..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe O4 - HKLM\..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe O4 - HKLM\..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSDCtrl.exe O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKLM\..\Run: [ATICCC] "c:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Total CMA Pack] C:\Program Files\Dodatki\Total CMA Pack\Total CMA Pack.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]* O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe -- End of file - 5674 bytes

Profil

bobby Poslao: 07 Apr 2009 12:45 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U logovima nema niceg spornog. Ostaje jos samo da deinstaliras ComboFix prema sledecem upustvu: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi.

Profil

mirjanagb Poslao: 07 Apr 2009 20:49 Idi na vrh
offline mirjanagb Građanin Pridružio: 24 Okt 2007 Poruke: 122	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! a sta bi znacilo ovo: u folderu temp ne mogu da obrisem: Perflib_Perfdata_6c .dat Perflib_Perfdata_858 Perflib_Perfdata_b7c a ne mogu ni da otvorim.

Profil

bobby Poslao: 07 Apr 2009 22:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne mozes ih obrisati ili otvoriti zato sto su ti fajlovi trenutno u upotrebi i to je sasvim normalno.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » hijack provera??

Ko je trenutno na forumu

Ukupno su 1697 korisnika na forumu :: 83 registrovanih, 7 sakrivenih i 1607 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 15694 - dana 01 Feb 2026 12:23

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andy, Automaticar, Bane san, BB, Belisarius, bigfoot, Boris BM, BORUTUS, branko87, Burovnyak, BWG, cemix, Coabelgrade, Crazzer, Dejan_vw, Denaya, Despot1, Djokislav, draganl, Electron, Fabius, Fliper, g_g, Goldman, Hans Gajger, istina, Ivan Campo, ivica976, jaka013, jalos, joca83, Jomini, K a s p e r, king011, king111, Konda, krkalon, kybonacci, leopard83, Levi, littlebunny, LjubisaR, M74AB3, m94j, MarijaC84, mercedesamg, Miletić Zoran, milimoj, Milos1389, Milovan Dinic, Milun24, Mldo, mustangkg, naval brigadier, nemkea71, nixos, nuke92, OldKresoje, Profesor_018, renvoi, ruso, sales, Sarmat, savuni, sekretar, Semberija, Sharpshooter, Shinobi, simicnenadbg, Simonsen23, Srki98, tm, tvlada, Tvrtko I, VanZan, vaso1, Vatreni Zmaj, Viktor Vuk, Volkcho, vuksa72, wolverined4

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by