Logfile> provera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 10:13:54 PM, on 4/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jasmina\Desktop\New Folder\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = ?
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E83BC1B2-F7C6-4418-BB2E-3A0B65A9542E}: NameServer = 194.106.162.10 194.106.162.2
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


Posto sam neupucena u ovu problematiku, a KIS mi izbacuje svakih pola sata da neki proces pokusava da se ubaci u system 32, odradila sam HiJackThis scan. Ukoliko nesto nije u redu, nadam se da mozete da mi kazete sta je problem.

KIS inace izbacuje kao invider ovaj proces "

C:/WINDOWS/system32/wuauclt.exe (PID:0 )

Hvala unapred.

P.S. U rutinskoj proveri graficke kartice, doslo je do fatal error -a, comp je resetovao. Zasto? Provera radjena programom : DirectX diagnostic tool.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...


Postavljeni log je čist... Hajde da proverimo još nešto.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

:S

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix, naravno, nije maliciozan.

Dozvoli download i isključi antivirus u toku korišćenja ComboFix-a (desni klik na KAV ikonicu u system tray-u (kod sata), Pause Protection, By User Request).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-04-12.1 - Jasmina 2008-04-12 23:28:57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.701 [GMT 2:00]
Running from: C:\Documents and Settings\Jasmina\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-03-12 to 2008-04-12 )))))))))))))))))))))))))))))))
.

2008-04-11 18:37 . 2008-04-11 18:37 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\BitTorrent
2008-04-11 18:36 . 2008-04-11 18:37 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\DNA
2008-04-11 10:44 . 2008-04-11 10:44 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Uniblue
2008-04-08 09:39 . 2008-04-08 19:30 <DIR> d-------- C:\Program Files\Metin2.us
2008-04-08 09:26 . 2008-04-08 19:30 <DIR> d-------- C:\Program Files\Cheat Engine
2008-04-08 09:26 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-04-08 09:26 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-04-06 15:42 . 2008-04-06 15:42 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-06 15:42 . 2008-04-06 15:42 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-06 06:57 . 2008-04-06 06:57 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Creative
2008-04-06 06:52 . 2008-04-06 06:52 <DIR> d-------- C:\Program Files\Creative
2008-04-06 06:52 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-06 06:52 . 1999-04-01 19:20 135,680 --a------ C:\WINDOWS\Webdelc.exe
2008-04-06 06:52 . 1999-10-11 03:01 41,984 --a------ C:\WINDOWS\CTREGRUN.EXE
2008-04-06 06:51 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-04-06 06:51 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-04-04 22:12 . 2008-04-04 22:12 <DIR> d-------- C:\SIERRA
2008-04-04 21:57 . 2008-04-05 10:56 <DIR> d-------- C:\Program Files\Valve
2008-04-03 20:19 . 2008-04-05 17:37 <DIR> d-------- C:\Fraps
2008-04-03 20:19 . 2008-04-04 20:37 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-03 00:41 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-03 00:41 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-03 00:41 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-02 20:43 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-02 08:03 . 2008-04-02 08:03 <DIR> d-------- C:\Program Files\WinASO
2008-04-02 07:24 . 2008-04-02 07:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-04-02 06:57 . 2008-04-02 06:57 <DIR> d-------- C:\Program Files\ACD
2008-04-02 06:40 . 2008-04-02 06:43 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Windows Live Writer
2008-04-02 06:33 . 2008-04-02 07:51 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-04-02 06:33 . 2008-04-02 07:20 <DIR> d-------- C:\Documents and Settings\Jasmina\Contacts
2008-04-02 06:22 . 2008-04-02 07:51 <DIR> d-------- C:\Program Files\Windows Live
2008-04-02 06:22 . 2008-04-02 06:32 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-02 06:22 . 2008-04-02 06:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 06:16 . 2008-04-02 06:16 <DIR> d-------- C:\Documents and Settings\Jasmina\Application Data\Ahead
2008-04-02 06:16 . 2003-03-29 16:45 89,184 --a------ C:\WINDOWS\system32\drivers\imagedrv.sys
2008-04-02 06:16 . 2003-07-29 17:09 57,344 --a------ C:\WINDOWS\system32\ImageDrive.cpl
2008-04-02 06:15 . 2008-04-02 06:15 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-04-02 06:15 . 2008-04-02 06:15 <DIR> d-------- C:\Program Files\Ahead
2008-04-02 06:15 . 2001-07-06 14:41 569,344 --a------ C:\WINDOWS\system32\imagr5.dll
2008-04-02 06:15 . 2001-07-06 12:44 544,768 --a------ C:\WINDOWS\system32\imagx5.dll
2008-04-02 06:15 . 2001-07-06 18:24 283,920 --a------ C:\WINDOWS\system32\ImagXpr5.dll
2008-04-02 06:15 . 2001-07-09 11:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-04-02 06:15 . 2001-06-26 08:15 38,912 --a------ C:\WINDOWS\system32\picn20.dll
2008-04-02 06:11 . 2008-04-02 06:13 <DIR> d-------- C:\Program Files\QuickTime
2008-04-02 06:11 . 2008-04-02 06:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-04-02 06:11 . 2008-04-06 06:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-04-02 06:11 . 2008-04-02 06:13 1,409 --a------ C:\WINDOWS\QTFont.for
2008-04-02 06:03 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-02 05:57 . 2008-04-02 05:57 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-04-02 05:57 . 2006-10-04 16:06 1,197,294 -----c--- C:\WINDOWS\system32\dllcache\sysmain.sdb
2008-04-02 05:57 . 2006-10-04 16:06 764,868 -----c--- C:\WINDOWS\system32\dllcache\apph_sp.sdb
2008-04-02 05:57 . 2006-10-04 16:06 217,118 -----c--- C:\WINDOWS\system32\dllcache\apphelp.sdb
2008-04-02 05:55 . 2008-04-02 05:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-04-02 05:45 . 2008-04-02 05:45 1,158 --a------ C:\WINDOWS\mozver.dat
2008-04-02 05:31 . 2008-04-10 03:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-01 23:53 . 2008-04-01 23:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-04-01 23:52 . 2008-04-02 05:55 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-04-01 23:45 . 2008-04-01 23:45 169 --a------ C:\WINDOWS\adidsl.ini
2008-04-01 23:45 . 2008-04-01 23:45 21 --a------ C:\WINDOWS\Fast800.ini
2008-04-01 23:44 . 2008-04-01 23:44 <DIR> d-------- C:\Program Files\SAGEM
2008-04-01 23:42 . 2008-04-01 23:42 <DIR> d-------- C:\WINDOWS\system32\Lang
2008-04-01 23:42 . 2008-04-01 23:42 940,794 --a------ C:\WINDOWS\system32\LoopyMusic.wav
2008-04-01 23:42 . 2008-04-01 23:42 146,650 --a------ C:\WINDOWS\system32\BuzzingBee.wav
2008-04-01 23:40 . 2008-04-01 23:40 <DIR> d-------- C:\Program Files\Realtek
2008-04-01 23:40 . 2005-04-16 16:20 487,424 -r------- C:\WINDOWS\RtlExUpd.dll
2008-04-01 23:40 . 2005-10-31 12:17 135,168 -r------- C:\WINDOWS\system32\RtlCPAPI.dll
2008-04-01 23:40 . 2005-07-15 10:48 40,960 -r------- C:\WINDOWS\system32\ChCfg.exe
2008-04-01 23:39 . 2008-04-01 23:39 <DIR> d-------- C:\WINDOWS\NV39163912.TMP
2008-04-01 23:36 . 2006-04-04 11:44 16,120,832 -r------- C:\WINDOWS\RTHDCPL.exe
2008-04-01 23:36 . 2006-03-14 09:49 9,711,104 -r------- C:\WINDOWS\RTLCPL.exe
2008-04-01 23:36 . 2006-04-06 08:20 4,258,816 -r------- C:\WINDOWS\system32\drivers\RtkHDAud.Sys
2008-04-01 23:36 . 2006-03-14 09:45 2,809,344 -r------- C:\WINDOWS\alcwzrd.exe
2008-04-01 23:36 . 2006-03-10 13:32 2,158,592 -r------- C:\WINDOWS\MicCal.exe
2008-04-01 23:36 . 2006-03-09 11:45 364,544 -r------- C:\WINDOWS\RtlUpd.exe
2008-04-01 23:36 . 2005-09-21 04:25 299,008 -r------- C:\WINDOWS\system32\ALSndMgr.Cpl
2008-04-01 23:36 . 2006-01-10 07:58 266,240 -r------- C:\WINDOWS\system32\RTSndMgr.Cpl
2008-04-01 23:36 . 2006-02-20 11:00 86,016 -r------- C:\WINDOWS\SoundMan.exe
2008-04-01 23:36 . 2005-05-03 12:43 69,632 -r------- C:\WINDOWS\Alcmtr.exe
2008-04-01 23:34 . 2008-04-02 07:57 <DIR> d-------- C:\Program Files\ASUS
2008-04-01 23:33 . 2008-04-01 23:33 <DIR> d-------- C:\Program Files\ASUSTeK
2008-04-01 23:32 . 2008-04-01 23:41 <DIR> d-------- C:\WINDOWS\nview
2008-04-01 23:32 . 2008-04-04 21:57 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-04-01 23:32 . 2006-03-23 19:51 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-04-01 23:32 . 2005-02-24 01:32 14,435 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-04-01 23:30 . 2004-12-14 17:55 9,472 -ra------ C:\WINDOWS\system32\drivers\EIO.sys
2008-04-01 23:28 . 2008-04-02 05:56 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-01 23:27 . 2008-04-01 23:27 <DIR> d---s---- C:\WINDOWS\system32\Microsoft
2008-04-01 23:22 . 2008-04-01 23:22 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-01 23:21 . 2004-08-04 00:56 2,897,920 --------- C:\WINDOWS\system32\xpsp2res.dll
2008-04-01 23:20 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-01 23:20 . 2004-07-17 11:40 19,528 --a------ C:\WINDOWS\002241_.tmp
2008-04-01 23:18 . 2008-04-01 23:18 <DIR> d-------- C:\WINDOWS\EHome

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-12 21:30 2,999,840 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-12 21:30 186,400 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-04-12 09:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-12 09:26 44,204 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-12 09:26 19,232 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-04-01 22:10 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-04-01 22:10 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-04-01 22:10 --------- d-----w C:\Program Files\Kaspersky Lab
2008-04-01 22:01 --------- d-----w C:\Documents and Settings\Jasmina\Application Data\Talkback
2008-04-01 21:45 31 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-04-01 21:44 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-04-01 20:35 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-08 16:37 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2008-01-14 12:52 81,920 ----a-w C:\WINDOWS\system32\frapsvid.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-02-24 01:32 5537792]
"nwiz"="nwiz.exe" [2005-02-24 01:32 1495040 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-02-24 01:32 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 11:44 16120832 C:\WINDOWS\RTHDCPL.exe]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 00:56 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 00:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-04-01 23:44:57 839680]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-04-02 06:12 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\metin 2 najnoviji\\metin2.bin"=
"D:\\Fraps\\kav\\kis7.0\\english\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2006-05-04 18:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 P1001VID;Creative WebCam (WDM);C:\WINDOWS\system32\DRIVERS\P1001Vid.sys [2002-01-30 04:25]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2006-03-02 19:25]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 Video3D;ASUS Video3D Service;C:\WINDOWS\system32\Drivers\Video3D.sys []

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1351 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-12 23:31:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-12 23:31:46
ComboFix-quarantined-files.txt 2008-04-12 21:31:41
Pre-Run: 31,932,747,776 bytes free
Post-Run: 31,920,177,152 bytes free
.
2008-04-10 02:54:07 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala