Molim za proveru

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of HijackThis v1.99.1
Scan saved at 22:05:19, on 3.12.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Igor\Desktop\rogi.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - D:\FlashGet\getflash.dll
O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Download All with FlashGet - D:\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download with FlashGet - D:\FlashGet\jc_link.htm
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Java\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\ICQ6\ICQ.exe
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: ljjhhgg - C:\WINDOWS\
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - D:\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDAgent - Raxco Software, Inc. - D:\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - D:\PerfectDisk\PDEngine.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Spyware Doctor\swdsvc.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 07-12-02.6 - Igor 2007-12-03 22:16:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1626 [GMT 1:00]
Running from: C:\Documents and Settings\Igor\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2007-11-03 to 2007-12-03 )))))))))))))))))))))))))))))))
.

2007-12-03 03:06 . 2007-12-03 03:12 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\ICQ
2007-12-03 03:05 . 2007-12-03 03:05 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\InstallShield
2007-12-02 14:38 . 2007-12-02 14:38 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\PC Tools
2007-12-02 14:38 . 2007-10-18 00:16 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-02 14:38 . 2007-10-18 00:15 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-02 14:38 . 2007-10-18 00:14 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-02 14:38 . 2007-10-18 00:16 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2007-12-02 14:37 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2007-11-28 20:37 . 2007-11-28 20:37 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\gtk-2.0
2007-11-28 20:32 . 2007-12-03 03:05 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\.purple
2007-11-28 00:14 . 2007-11-28 00:14 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\ACD Systems
2007-11-28 00:13 . 2007-11-28 00:13 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2007-11-28 00:13 . 2007-11-28 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2007-11-24 12:18 . 2007-11-24 12:18 0 --a------ C:\WINDOWS\nsreg.dat
2007-11-19 14:41 . 2007-11-19 14:41 <DIR> d-------- C:\Program Files\Real
2007-11-19 14:41 . 2007-11-19 14:41 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-11-19 14:40 . 2007-11-19 14:40 <DIR> d-------- C:\Program Files\RichFX
2007-11-16 01:29 . 2007-11-16 01:29 <DIR> d-------- C:\Documents and Settings\Igor\Contacts
2007-11-16 00:45 . 2007-11-16 00:45 <DIR> d-------- C:\Program Files\MSXML 6.0
2007-11-14 14:43 . 2007-12-02 22:36 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Orbit
2007-11-14 14:39 . 2007-11-14 14:40 <DIR> d-------- C:\Program Files\uTorrent
2007-11-14 14:39 . 2007-12-02 21:35 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\uTorrent
2007-11-14 14:24 . 2007-11-14 14:24 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Media Player Classic
2007-11-14 11:58 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-11-14 11:58 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2007-11-14 11:58 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2007-11-14 11:41 . 2007-11-14 11:41 <DIR> dr-h----- C:\Documents and Settings\Igor\Application Data\SecuROM
2007-11-14 11:41 . 2007-11-14 11:41 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-11-14 11:39 . 2007-11-15 13:09 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2007-11-14 11:38 . 2007-11-14 11:38 <DIR> d-------- C:\Program Files\Windows Live
2007-11-14 11:38 . 2007-11-14 11:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-14 01:46 . 2007-11-14 01:46 <DIR> d-------- C:\WINDOWS\Sun
2007-11-14 01:44 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2007-11-14 01:40 . 2007-11-14 01:40 <DIR> d-------- C:\Program Files\Common Files\Java
2007-11-14 01:34 . 2007-11-14 01:37 657 --a------ C:\WINDOWS\mozver.dat
2007-11-14 00:08 . 2007-11-14 00:08 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Lavasoft
2007-11-13 23:49 . 2007-11-14 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-13 23:45 . 2007-11-13 23:45 <DIR> d-------- C:\Program Files\Microsoft Works
2007-11-13 23:44 . 2007-11-13 23:44 <DIR> d-------- C:\Program Files\Microsoft.NET
2007-11-13 23:44 . 2007-11-13 23:44 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\URSoft
2007-11-13 23:42 . 2007-11-13 23:42 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-13 23:42 . 2007-11-13 23:42 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2007-11-13 23:42 . 2007-11-23 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-11-13 23:36 . 2007-11-13 23:36 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Apple Computer
2007-11-13 23:36 . 2007-11-13 23:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-11-13 23:30 . 2007-12-01 14:05 797 --a------ C:\WINDOWS\wincmd.ini
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\UC.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\RAR.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKZIP.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\PKUNZIP.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\NOCLOSE.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\LHA.PIF
2007-11-13 23:30 . 2007-06-06 07:00 545 --a------ C:\WINDOWS\ARJ.PIF
2007-11-13 23:22 . 2007-12-03 22:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-11-13 23:22 . 2007-12-03 22:17 6,352,672 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-11-13 23:22 . 2007-12-03 22:17 306,208 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-11-13 23:22 . 2007-12-03 22:02 92,912 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-11-13 23:22 . 2007-11-14 00:08 82,061 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-11-13 23:22 . 2007-11-14 00:08 81,549 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-11-13 23:22 . 2007-12-03 22:02 33,764 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-11-13 23:21 . 2007-11-13 23:21 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\UnH Solutions
2007-11-13 23:21 . 2007-11-13 23:21 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Talkback
2007-11-13 23:19 . 2007-12-03 22:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RFA_Backups
2007-11-13 23:17 . 2007-12-03 22:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-11-13 23:14 . 2007-11-13 23:14 <DIR> d-------- C:\Program Files\Common Files\Raxco
2007-11-13 23:14 . 2007-11-13 23:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Raxco
2007-11-13 23:10 . 2007-11-14 11:51 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\Winamp
2007-11-13 23:09 . 2007-09-28 18:07 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-11-13 23:07 . 2007-11-13 23:07 737,280 --a------ C:\WINDOWS\iun6002.exe
2007-11-13 23:04 . 2007-11-19 14:48 <DIR> d-------- C:\Documents and Settings\Igor\Application Data\CyberLink
2007-11-13 23:04 . 2007-11-19 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-11-13 23:03 . 2007-11-13 23:03 <DIR> d-------- C:\Program Files\Cyberlink
2007-11-13 23:02 . 2007-11-13 23:02 1,066,544 --a------ C:\WINDOWS\system32\mfc71.dll
2007-11-13 23:02 . 2007-11-13 23:02 509,488 --a------ C:\WINDOWS\system32\msvcp71.dll
2007-11-13 23:02 . 2007-11-13 23:02 353,840 --a------ C:\WINDOWS\system32\msvcr71.dll
2007-11-13 23:00 . 2007-11-19 14:41 <DIR> d-------- C:\Program Files\Common Files\Real
2007-11-13 23:00 . 2007-11-13 23:00 24 --a------ C:\WINDOWS\cdplayer.ini
2007-11-13 22:59 . 2007-11-13 22:59 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-13 22:54 . 2007-11-13 22:54 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-11-13 16:58 . 2007-11-13 16:58 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2007-11-13 16:58 . 2007-12-03 03:08 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2007-11-13 16:58 . 2007-11-13 16:58 22 --a------ C:\WINDOWS\FileName
2007-11-13 16:57 . 2006-08-29 16:29 446,464 --a------ C:\WINDOWS\system32\CapabilityTable.exe
2007-11-13 16:57 . 2006-08-14 07:51 363,008 -ra------ C:\WINDOWS\system32\idecoiins.dll
2007-11-13 16:57 . 2006-08-14 07:51 363,008 -ra------ C:\WINDOWS\system32\idecoi.dll
2007-11-13 16:57 . 2006-08-07 07:07 208,896 --a------ C:\WINDOWS\system32\nvuide.exe
2007-11-13 16:57 . 2006-08-14 07:51 105,344 -ra------ C:\WINDOWS\system32\drivers\nvata.sys
2007-11-13 16:57 . 2006-08-07 07:08 35,840 -ra------ C:\WINDOWS\system32\NVCOI.DLL
2007-11-13 16:57 . 2006-06-01 08:32 1,570 --a------ C:\WINDOWS\system32\nvide.nvu
2007-11-13 16:56 . 2007-11-13 16:57 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2007-11-13 16:55 . 2006-10-11 04:33 10,288 --a------ C:\WINDOWS\system32\drivers\ASUSHWIO.SYS
2007-11-13 16:53 . 2006-10-04 05:10 912,654 -ra------ C:\WINDOWS\system32\SATA.bmp
2007-11-13 16:53 . 2006-10-04 05:10 912,654 -ra------ C:\WINDOWS\system32\Alert.bmp
2007-11-13 16:53 . 2006-02-21 12:38 486,400 -ra------ C:\WINDOWS\system32\AsusSetup.exe
2007-11-13 16:53 . 2006-08-29 16:27 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2007-11-13 16:53 . 2006-03-23 19:08 804 -ra------ C:\WINDOWS\system32\AsusSetup.ini
2007-11-13 16:53 . 2006-10-04 08:10 276 -ra------ C:\WINDOWS\system32\raidmgmt.ini
2007-11-13 16:51 . 2007-11-13 16:51 <DIR> d-------- C:\WINDOWS\Downloaded Program Files
2007-11-13 16:51 . 2007-11-13 16:51 8,192 --a------ C:\WINDOWS\REGLOCS.OLD
2007-11-13 16:49 . 2007-11-13 16:49 <DIR> d-------- C:\WINDOWS\system32\xircom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 20:37 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-12-03 02:05 --------- d-----w C:\Documents and Settings\Igor\Application Data\.purple
2007-11-13 22:44 --------- d-----w C:\Program Files\MSBuild
2007-11-13 16:46 --------- d-----w C:\Program Files\MSXML 4.0
2007-11-13 16:44 --------- d-----w C:\Program Files\MSECache
2007-11-13 16:44 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-11-13 16:41 --------- d-----w C:\Program Files\MSN Messenger
2007-11-13 16:39 --------- d-----w C:\Program Files\Windows Media Connect 2
2007-11-13 16:30 --------- d-----w C:\Program Files\Reference Assemblies
2007-11-13 16:23 --------- d-----w C:\Program Files\HighMAT CD Writing Wizard
2007-11-13 16:05 --------- d-----w C:\Program Files\DIFX
2007-11-13 16:02 --------- d-----w C:\Program Files\Analog Devices
2007-10-29 05:48 227,592 ----a-w C:\WINDOWS\system32\PDBoot.exe
2007-10-22 05:33 68,624 ----a-w C:\WINDOWS\system32\drivers\DefragFs.sys
2007-10-22 02:39 267,272 ----a-w C:\WINDOWS\system32\xactengine2_10.dll
2007-10-22 02:37 17,928 ----a-w C:\WINDOWS\system32\X3DAudio1_2.dll
2007-10-12 14:14 3,734,536 ----a-w C:\WINDOWS\system32\d3dx9_36.dll
2007-10-12 14:14 1,374,232 ----a-w C:\WINDOWS\system32\D3DCompiler_36.dll
2007-10-02 08:56 444,776 ----a-w C:\WINDOWS\system32\d3dx10_36.dll
2007-09-28 17:05 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-09-28 17:05 739,840 ----a-w C:\WINDOWS\system32\divx.dll
2007-09-04 17:56 164,352 ----a-w C:\WINDOWS\system32\unrar.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="D:\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide3"="cmd.exe" [2004-08-03 22:56 C:\WINDOWS\system32\cmd.exe]
"nltide2"="cmd.exe" [2004-08-03 22:56 C:\WINDOWS\system32\cmd.exe]
"nltide_3"="advpack.dll" [2004-08-03 22:56 C:\WINDOWS\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)
"NoSharedDocuments"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoInternetIcon"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)
"NoRecentDocsMenu"= 1 (0x1)
"NoRecentDocsHistory"= 1 (0x1)
"NoSMMyDocs"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoUserNameInStartMenu"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjhhgg]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=D:\KASPER~1.0\adialhk.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders schannel.dll, digest.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R2 {95808DC4-FA4A-4C74-92FE-5B863F82066B};{95808DC4-FA4A-4C74-92FE-5B863F82066B};\??\D:\CyberLink\PowerDVD\000.fcl
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
S4 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService REG_MULTI_SZ LmHosts upnphost SSDPSRV

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 22:18:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-03 22:18:35
.
--- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da mi spakuješ sledeće fajlove u jedan ZIP:

C:\WINDOWS\system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\kcom.sys
C:\WINDOWS\system32\msvcr80.dll

Uploaduj mi te fajlove preko sledeće forme:
http://www.mycity.rs/ambulanta-upload.php

Ja cu ovo moci da pogledam tek sutra.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Okačio sam fajlove koje si tražio.
Zadnji, msvcr80.dll , ne postoji. Uključeno mi je prikazivanje skrivenih fajlova. Nije ga našao ni Total Commnder.
Ime rar arhive je desktop.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fajlovi pripadaju programu PCTools. Izvini na cimanju.
Problem je sto vidim reg. kljuc Vundoa, ali ga nema fajl.
Javljam se sutra. Smislicu vec neku metodu.

Ti do tada probaj da fiksnes (stikliras, pa Fix Checked) sledecu liniju u HijackThisu:
O20 - Winlogon Notify: ljjhhgg - C:\WINDOWS\

Nakon restarta (ili kada sutra upalis komp) postavi novi HijackThis log, da vidimo da li se linija obnavlja ili ne.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Je l' ima to veze sa tim što sam sam pravio Windows, tj. izbacio sam dosta komponenti?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

rogi23 ::Je l' ima to veze sa tim što sam sam pravio Windows, tj. izbacio sam dosta komponenti?
Nema.
Za onaj C:\WINDOWS\system32\msvcr80.dll verujem da postoji, samo je pitanje smisliti kako da ga nalovimo.
Otom-potom, ja sada stvarno moram da begam.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nismo se razumeli, mislio sam za onu liniju što si mi rekao da ispravim.
Onda do sutra...

Dopuna: 03 Dec 2007 22:59

Našao sam msvcr80.dll , nije bio u folderu drivers već u system32.
okačio sam ga .

Dopuna: 04 Dec 2007 10:42

Bilo sam radoznao, pa sam našao informacije o fajlu msvcr80.dll.
http://www.liutilities.com/products/wintaskspro/processlibrary/msvcr80/

Dopuna: 04 Dec 2007 15:00

Predpostavljam ad nije opasan, ili jeste, pošto vidim da je Microsoft C Runtime Library?
Ili jeste?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Postavi mi svez HijackThis log.
Ne vidim nista sporno posto smo utvrdili da je taj fajl potpisan od strane MS-a.