MyCity » Ambulanta -> Arhiva Ambulante » Pokretanje Internet Explorera u procesima

Pokretanje Internet Explorera u procesima

Napisano na dan: 1.8.2008

Strana:
1
2

Pokretanje Internet Explorera u procesima

Sledeća strana

Pagination

Odgovori

Strana:
1
2

nihad001 Poslao: 01 Avg 2008 18:43 Idi na vrh
offline nihad001 Zaslužni građanin Pridružio: 23 Feb 2008 Poruke: 610	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Internet Explorer mi se sam otvara u procesima i ne mogu ga iskljuciti, ovo ne bi bio problem da mi instalacija jedne aplikacije ne zahtjeva zatvoren IE... Logfile of HijackThis v1.99.1 Scan saved at 18:38:31, on 1.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\Winamp\winampa.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe D:\xampp\apache\bin\apache.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe D:\xampp\mysql\bin\mysqld-nt.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe D:\Program files\DAEMON Tools\daemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator Nihad\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhgrad.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?912e84b722cf40c9ab73042d3a35f0c4 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?912e84b722cf40c9ab73042d3a35f0c4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB6D1FD-7BEC-45CF-BC06-4B08E73AF256}: NameServer = 91.191.38.7 91.191.38.8 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

dr_Bora Poslao: 01 Avg 2008 18:58 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poz... Pokreni HijackThis, skeniraj i čekiraj sledeće linije: O2 - BHO: BHO.ext2 - {FBE58CC0-D14B-45FE-A717-57BB8247F652} - (no file) O4 - HKLM\..\Run: [poke mp3 cdrom meta] C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe Klikni Fix checked. Preuzmi Deljob. Dvoklikom pokreni deljob.exe Logfile logit.txt će se otvoriti u Notepad-u (file će se nalaziti u folderu u kojem je i deljob.exe) Iskopiraj sadržaj tog loga u temu na forumu Restartuj kompjuter i postavi svež HijackThis log.

Profil

nihad001 Poslao: 01 Avg 2008 19:09 Idi na vrh
offline nihad001 Zaslužni građanin Pridružio: 23 Feb 2008 Poruke: 610	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo sadrzaj logit.txt: -------------------------------------------------------- Backups created in C:\deljob B8B56ECB906B18AB.job -------------------------------------------------------- Files in Windows Tasks folder 1-Click Maintenance.job Check Updates for Windows Live Toolbar.job -------------------------------------------------------- Export App Data folders -------------------------------------------------------- Volume in drive C has no label. Volume Serial Number is C41D-BDB4 Directory of C:\Documents and Settings\Administrator Nihad\Application Data 01.08.2008 13:28 <DIR> . 01.08.2008 13:28 <DIR> .. 07.07.2008 17:14 <DIR> Adobe 14.07.2008 19:23 <DIR> Ahead 14.07.2008 14:24 <DIR> Axialis 20.07.2008 00:01 <DIR> BSPLAY~1 BSplayer Pro 24.07.2008 16:14 <DIR> CoSoSys 02.07.2008 22:15 <DIR> ESET 11.07.2008 20:39 <DIR> FlashFXP 01.08.2008 13:32 <DIR> FUJIFILM 18.07.2008 14:36 <DIR> Garmin 18.07.2008 18:53 <DIR> Google 01.08.2008 16:21 <DIR> Hamachi 03.07.2008 21:33 <DIR> Help 02.07.2008 21:43 <DIR> IDENTI~1 Identities 20.07.2008 19:40 <DIR> LimeWire 02.07.2008 22:39 <DIR> MACROM~1 Macromedia 24.07.2008 00:13 <DIR> MICROS~1 Microsoft 02.07.2008 22:29 <DIR> Mozilla 07.07.2008 17:11 <DIR> NOTEPA~1 Notepad++ 23.07.2008 22:04 <DIR> OPTION~1 Option Bags 15.07.2008 21:37 <DIR> Real 03.07.2008 22:13 <DIR> SmartFTP 04.07.2008 14:25 <DIR> Sun 25.07.2008 01:11 <DIR> TEAMSP~1 teamspeak2 03.07.2008 14:22 <DIR> TEAMVI~1 TeamViewer 02.07.2008 22:50 <DIR> TUNEUP~1 TuneUp Software 12.07.2008 11:52 <DIR> WEBPAG~1 Web Page Maker 02.07.2008 22:22 <DIR> WinRAR 0 File(s) 0 bytes 29 Dir(s) 8.059.990.016 bytes free Volume in drive C has no label. Volume Serial Number is C41D-BDB4 Directory of C:\Documents and Settings\All Users\Application Data 21.07.2008 18:35 <DIR> . 21.07.2008 18:35 <DIR> .. 15.07.2008 22:31 <DIR> Adobe 03.07.2008 12:03 <DIR> ADOBES~1 Adobe Systems 02.07.2008 22:13 <DIR> ESET 25.07.2008 23:35 <DIR> GOOGLE~1 Google Updater 23.07.2008 22:03 <DIR> JUMPPO~1 Jump Poll Poke Mp3 02.07.2008 23:44 <DIR> MESSEN~1 Messenger Plus! 01.08.2008 13:33 <DIR> MICROS~1 Microsoft 17.07.2008 23:57 <DIR> MICROS~2 Microsoft Help 21.07.2008 01:24 <DIR> SPYBOT~1 Spybot - Search & Destroy 02.07.2008 22:49 <DIR> TUNEUP~1 TuneUp Software 02.07.2008 22:54 <DIR> WINDOW~1 Windows Genuine Advantage 03.07.2008 00:59 <DIR> WINDOW~2 Windows Live Toolbar 03.07.2008 00:31 <DIR> WLINST~1 WLInstaller 0 File(s) 0 bytes 15 Dir(s) 8.059.990.016 bytes free -------------------------------------------------------- All User Accounts -------------------------------------------------------- Administrator Nihad All Users -------------------------------------------------------- Dopuna: 01 Avg 2008 19:09 Nakon restarta evo svjezeg HijackThis loga: Logfile of HijackThis v1.99.1 Scan saved at 19:06:52, on 1.8.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe D:\Program Files\Winamp\winampa.exe C:\WINDOWS\vsnpstd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe D:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\FinePixViewerS\QuickDCF2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Internet Explorer\iexplore.exe D:\xampp\apache\bin\apache.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe D:\xampp\mysql\bin\mysqld-nt.exe D:\xampp\apache\bin\apache.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Administrator Nihad\Desktop\New Folder\TR3.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bhgrad.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Window Team] C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Exif Launcher S.lnk = C:\Program Files\FinePixViewerS\QuickDCF2.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?912e84b722cf40c9ab73042d3a35f0c4 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?912e84b722cf40c9ab73042d3a35f0c4 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8DB6D1FD-7BEC-45CF-BC06-4B08E73AF256}: NameServer = 91.191.38.7 91.191.38.8 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Apache2.2 - Unknown owner - D:\xampp\apache\bin\apache.exe" -k runservice (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Profil

dr_Bora Poslao: 01 Avg 2008 19:12 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

nihad001 Poslao: 01 Avg 2008 19:23 Idi na vrh
offline nihad001 Zaslužni građanin Pridružio: 23 Feb 2008 Poruke: 610	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-07-31.06 - Administrator Nihad 2008-08-01 19:16:11.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.96 [GMT 2:00] Running from: C:\Documents and Settings\Administrator Nihad\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\msssc.dll . ((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))) . 2008-08-01 19:00 . 2008-08-01 19:00 <DIR> d-------- C:\deljob 2008-08-01 16:21 . 2008-08-01 16:21 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-08-01 16:19 . 2008-08-01 16:19 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-01 16:19 . 2008-08-01 16:19 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0813.sys 2008-08-01 13:33 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-01 13:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-01 13:28 . 2008-08-01 13:29 <DIR> d-------- C:\Program Files\FinePixViewerS 2008-08-01 13:28 . 2008-08-01 13:32 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FUJIFILM 2008-07-25 01:11 . 2008-07-25 01:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\teamspeak2 2008-07-25 01:11 . 2008-07-25 01:11 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-07-25 01:10 . 2008-07-25 14:34 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-07-24 17:17 . 2008-08-01 19:19 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Hamachi 2008-07-24 17:16 . 2008-07-24 17:17 <DIR> d-------- C:\Program Files\Hamachi 2008-07-24 17:16 . 2008-07-24 17:16 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-07-24 16:14 . 2008-07-24 16:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\CoSoSys 2008-07-24 15:22 . 2008-07-24 15:22 94 --a------ C:\WINDOWS\JFNetworkWt.INI 2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Stardock 2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-07-23 22:03 . 2008-07-23 22:03 <DIR> d-------- C:\Program Files\Option Bags 2008-07-23 21:50 . 2008-07-24 14:30 <DIR> d-------- C:\Program Files\SHOUTcast 2008-07-21 18:35 . 2008-07-21 18:36 <DIR> d-------- C:\Program Files\Google 2008-07-21 18:35 . 2008-08-01 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-20 23:37 . 2008-07-21 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-20 19:49 . 2008-07-20 19:49 25,586 --a------ C:\aem8.dat 2008-07-18 14:35 . 2008-07-18 14:35 <DIR> d-------- C:\Garmin 2008-07-18 14:35 . 2008-07-18 14:36 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Garmin 2008-07-17 23:46 . 2008-07-17 23:46 <DIR> d-------- C:\Program Files\Nokia 2008-07-17 00:12 . 2008-07-18 15:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-07-16 01:03 . 2008-07-25 18:01 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Real 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\Real 2008-07-15 21:34 . 2008-07-15 21:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-14 17:49 . 2008-07-14 19:23 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Ahead 2008-07-14 17:46 . 2008-07-14 17:46 <DIR> d-------- C:\Program Files\Nero 2008-07-14 17:46 . 2008-07-14 17:48 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Axialis 2008-07-14 13:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\MSBuild 2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-14 13:45 . 2008-07-14 13:45 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-07-14 13:42 . 2008-07-14 13:46 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-14 13:41 . 2008-07-14 13:41 <DIR> dr-h----- C:\MSOCache 2008-07-14 13:41 . 2008-07-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-11 20:39 . 2008-07-11 20:39 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FlashFXP 2008-07-11 14:22 . 2008-07-11 15:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\amsn 2008-07-09 17:54 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Web Page Maker 2008-07-09 14:34 . 2008-07-09 14:34 106,272 --a------ C:\WINDOWS\system32\snmpoids.dll 2008-07-08 23:23 . 2008-07-09 23:03 <DIR> d-------- C:\Poker 2008-07-08 00:35 . 2008-07-08 00:35 24 --a------ C:\WINDOWS\AM_D8.PRF 2008-07-08 00:06 . 2008-07-25 00:08 921,624 --a------ C:\img1-001.raw 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\WINDOWS\Album 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\VideoCAM Eye 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\Common Files\VCAMEye 2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys 2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-07 19:22 . 2008-07-07 19:22 23 --a------ C:\WINDOWS\ANS2000.INI 2008-07-07 19:22 . 2008-07-07 19:22 20 --ah----- C:\WINDOWS\akebook.ini 2008-07-07 19:22 . 2008-07-07 19:22 4 --ah----- C:\WINDOWS\a3kebook.ini 2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Notepad++ 2008-07-04 14:25 . 2008-07-04 14:25 <DIR> d-------- C:\WINDOWS\Sun 2008-07-03 22:04 . 2008-07-03 22:04 <DIR> d-------- C:\Program Files\SmartFTP 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\UC.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\RAR.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\LHA.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\ARJ.PIF 2008-07-03 20:57 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\SmartFTP 2008-07-03 20:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-03 20:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-07-03 20:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-03 12:03 . 2008-07-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-07-03 11:54 . 2008-07-03 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-03 11:43 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-03 11:27 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-03 11:27 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-07-03 00:58 . 2008-07-03 11:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-03 00:58 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-07-03 00:50 . 2008-08-01 19:05 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Tracing 2008-07-03 00:23 . 2008-07-03 00:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-03 00:23 . 2008-07-03 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-03 00:19 . 2008-07-09 13:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-03 00:17 . 2008-07-23 22:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3 2008-07-03 00:16 . 2008-07-23 22:04 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags 2008-07-03 00:15 . 2008-07-03 00:15 <DIR> d-------- C:\Program Files\Circle Developement 2008-07-03 00:11 . 2008-07-03 00:11 <DIR> d-------- C:\Program Files\Sun 2008-07-03 00:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-02 22:59 . 2008-07-15 21:31 <DIR> d-------- C:\Program Files\Java 2008-07-02 22:59 . 2008-07-02 22:59 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-02 22:58 . 2008-07-03 14:22 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TeamViewer 2008-07-02 22:57 . 2008-07-02 22:58 <DIR> d-------- C:\Program Files\Hrvatsko - Engleski Rječnik 2008-07-02 22:56 . 2008-07-02 22:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-07-02 22:54 . 2008-07-02 22:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-02 22:54 . 2008-07-02 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-02 22:54 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-02 22:50 . 2008-07-02 22:50 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TuneUp Software 2008-07-02 22:50 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-07-02 22:47 . 2008-08-01 16:24 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-02 22:37 . 2008-07-20 19:30 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\dwhelper 2008-07-02 22:29 . 2008-07-02 22:29 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-02 22:19 . 2008-07-02 21:56 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe 2008-07-02 22:19 . 2008-07-02 22:19 172 --a------ C:\UnInstall.dat 2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\ESET 2008-07-02 22:13 . 2008-07-02 22:15 <DIR> d-------- C:\Program Files\ESET 2008-07-02 22:13 . 2008-07-02 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-02 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-02 22:02 . 2008-07-02 22:02 <DIR> d-------- C:\Program Files\directx 2008-07-02 22:00 . 2008-07-02 22:00 <DIR> d-------- C:\Program Files\My Company Name . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-01 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-24 13:08 --------- d-----w C:\Program Files\Winamp 2008-07-20 17:40 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\LimeWire 2008-07-19 22:01 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\BSplayer Pro 2008-07-15 19:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-07-07 22:20 --------- d-----w C:\Program Files\Windows Live 2008-07-07 22:20 --------- d-----w C:\Program Files\MSN Messenger 2008-07-02 22:15 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-07-02 22:04 --------- d-----w C:\Program Files\MessengerDiscovery 2008-07-02 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-07-02 21:23 --------- d-----w C:\Program Files\Adverts 2008-07-02 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-02 19:59 --------- d-----w C:\Program Files\ATI Technologies 2008-07-02 19:54 --------- d-----w C:\Program Files\ASUS 2008-07-02 19:52 --------- d-----w C:\Program Files\Intel 2008-07-02 19:52 --------- d-----w C:\Program Files\Analog Devices 2008-07-02 19:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264] "Window Team"="C:\DOCUME~1\ADMINI~1\APPLIC~1\OPTION~1\safe bleh.exe" [2008-07-23 22:03 727040] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\Administrator Nihad\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-24 17:16:37 624416] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-24 00:06:04 3450608] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-08-01 13:28:57 303104] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\Administrator Nihad\\Desktop\\KDX_Client\\KDXClient.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= R2 Apache2.2;Apache2.2;D:\xampp\apache\bin\apache.exe [2008-01-18 01:37] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S3 EnumChip;EnumChip;F:\Gart\EnumChip.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp Newly Created Service - CATCHME Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder 2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51] 2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrator Nihad\Application Data\Mozilla\Firefox\Profiles\s94g6958.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ba FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1273.1045\npCIDetect12.dll ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-01 19:18:47 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-01 19:19:58 ComboFix-quarantined-files.txt 2008-08-01 17:19:55 Pre-Run: 7,986,364,416 bytes free Post-Run: 8,023,093,248 bytes free 233 --- E O F --- 2008-07-17 21:57:45

Profil

dr_Bora Poslao: 01 Avg 2008 20:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj sledeće file-ove: C:\WINDOWS\system32\snmpoids.dll C:\WINDOWS\system32\grwinsthlp.exe Upload link: http://www.mycity.rs/ambulanta-upload.php ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: C:\Program Files\Option Bags C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3 C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags C:\Program Files\Circle Developement C:\Program Files\MessengerDiscovery C:\Program Files\Adverts Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Window Team"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

nihad001 Poslao: 01 Avg 2008 23:18 Idi na vrh
offline nihad001 Zaslužni građanin Pridružio: 23 Feb 2008 Poruke: 610	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Fileove sam uploadovao a evo loga: ComboFix 08-07-31.06 - Administrator Nihad 2008-08-01 23:10:25.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.101 [GMT 2:00] Running from: C:\Documents and Settings\Administrator Nihad\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrator Nihad\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\0 C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\Else Bash Wave Ooze.exe C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\loud error live.exe C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\nqkjeuub.exe C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\safe bleh.exe C:\Documents and Settings\Administrator Nihad\Application Data\Option Bags\vadlmocc.exe C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3 C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\draw media.exe C:\Documents and Settings\All Users\Application Data\Jump Poll Poke Mp3\view help.exe C:\Program Files\Adverts C:\Program Files\Circle Developement C:\Program Files\Circle Developement\Uninstall.exe C:\Program Files\MessengerDiscovery C:\Program Files\MessengerDiscovery\AlwaysAllow.mdl C:\Program Files\MessengerDiscovery\AlwaysBlock.mdl C:\Program Files\MessengerDiscovery\AutoReply.mdl C:\Program Files\MessengerDiscovery\ContactBlocks.mdl C:\Program Files\MessengerDiscovery\Languages\Albanian.ini C:\Program Files\MessengerDiscovery\Languages\Deutsch.ini C:\Program Files\MessengerDiscovery\Languages\Dutch.ini C:\Program Files\MessengerDiscovery\Languages\Eesti.ini C:\Program Files\MessengerDiscovery\Languages\English.ini C:\Program Files\MessengerDiscovery\Languages\Espańol (Latino).ini C:\Program Files\MessengerDiscovery\Languages\Francais.ini C:\Program Files\MessengerDiscovery\Languages\Italiano.ini C:\Program Files\MessengerDiscovery\Languages\Norsk.ini C:\Program Files\MessengerDiscovery\Languages\Portugues (Brasil).ini C:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini C:\Program Files\MessengerDiscovery\Languages\Turkish.ini C:\Program Files\MessengerDiscovery\Loader.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest C:\Program Files\MessengerDiscovery\MessengerDiscovery.dll C:\Program Files\MessengerDiscovery\MessengerDiscoveryToday.exe C:\Program Files\MessengerDiscovery\nihad.0104@live.com.nkh C:\Program Files\MessengerDiscovery\nihad.0104@live.com.psh C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AlwaysAllow.mdl C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AlwaysBlock.mdl C:\Program Files\MessengerDiscovery\nihad.0104@live.com\AutoReply.mdl C:\Program Files\MessengerDiscovery\nihad.0104@live.com\ContactBlocks.mdl C:\Program Files\MessengerDiscovery\nihad.0104@live.com\ContactManager.mdl C:\Program Files\MessengerDiscovery\nihad.0104@live.com\NoAlert.mdl C:\Program Files\MessengerDiscovery\NoAlert.mdl C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_0.png C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_1.png C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_2.png C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_3.png C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_4.png C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_5.png C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_0.png C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_1.png C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_2.png C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Left.ico C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Right.ico C:\Program Files\MessengerDiscovery\Sounds\Alert.wav C:\Program Files\MessengerDiscovery\Sounds\Sounds Copyright.txt C:\Program Files\MessengerDiscovery\SpellCHK.exe C:\Program Files\MessengerDiscovery\unins000.dat C:\Program Files\MessengerDiscovery\unins000.exe C:\Program Files\Option Bags . ((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 ))))))))))))))))))))))))))))))) . 2008-08-01 19:58 . 2008-08-01 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-08-01 19:50 . 2008-08-01 19:50 <DIR> d-------- C:\Program Files\QuickTime 2008-08-01 19:49 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll 2008-08-01 19:49 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe 2008-08-01 19:48 . 2008-08-01 19:48 <DIR> d-------- C:\Program Files\Bonjour 2008-08-01 19:38 . 2008-08-01 19:38 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared 2008-08-01 19:00 . 2008-08-01 19:00 <DIR> d-------- C:\deljob 2008-08-01 16:21 . 2008-08-01 16:21 223,128 --a------ C:\WINDOWS\system32\drivers\dtscsi.sys 2008-08-01 16:19 . 2008-08-01 16:19 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2008-08-01 16:19 . 2008-08-01 16:19 96,256 --a------ C:\WINDOWS\system32\drivers\sptd0813.sys 2008-08-01 13:33 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll 2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys 2008-08-01 13:33 . 2004-08-03 22:58 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys 2008-08-01 13:33 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll 2008-08-01 13:28 . 2008-08-01 13:29 <DIR> d-------- C:\Program Files\FinePixViewerS 2008-08-01 13:28 . 2008-08-01 13:32 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FUJIFILM 2008-07-25 01:11 . 2008-07-25 01:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\teamspeak2 2008-07-25 01:11 . 2008-07-25 01:11 34,064 --a------ C:\WINDOWS\system32\lhacm.acm 2008-07-25 01:10 . 2008-07-25 14:34 <DIR> d-------- C:\Program Files\Teamspeak2_RC2 2008-07-24 17:17 . 2008-08-01 23:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Hamachi 2008-07-24 17:16 . 2008-07-24 17:17 <DIR> d-------- C:\Program Files\Hamachi 2008-07-24 17:16 . 2008-07-24 17:16 25,280 --a------ C:\WINDOWS\system32\drivers\hamachi.sys 2008-07-24 16:14 . 2008-07-24 16:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\CoSoSys 2008-07-24 15:22 . 2008-07-24 15:22 94 --a------ C:\WINDOWS\JFNetworkWt.INI 2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Stardock 2008-07-24 00:06 . 2008-07-24 00:06 <DIR> d-------- C:\Program Files\Common Files\Stardock 2008-07-23 21:50 . 2008-07-24 14:30 <DIR> d-------- C:\Program Files\SHOUTcast 2008-07-21 18:35 . 2008-07-21 18:36 <DIR> d-------- C:\Program Files\Google 2008-07-21 18:35 . 2008-08-01 13:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater 2008-07-20 23:37 . 2008-07-21 01:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-07-20 19:49 . 2008-07-20 19:49 25,586 --a------ C:\aem8.dat 2008-07-18 14:35 . 2008-07-18 14:35 <DIR> d-------- C:\Garmin 2008-07-18 14:35 . 2008-07-18 14:36 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Garmin 2008-07-17 23:46 . 2008-07-17 23:46 <DIR> d-------- C:\Program Files\Nokia 2008-07-17 00:12 . 2008-07-18 15:39 151 --a------ C:\WINDOWS\PhotoSnapViewer.INI 2008-07-16 01:03 . 2008-08-01 19:23 69 --a------ C:\WINDOWS\NeroDigital.ini 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Real 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-07-15 21:34 . 2008-07-15 21:34 <DIR> d-------- C:\Program Files\Common Files\Real 2008-07-15 21:34 . 2008-07-15 21:34 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll 2008-07-14 17:49 . 2008-07-14 19:23 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Ahead 2008-07-14 17:46 . 2008-07-14 17:46 <DIR> d-------- C:\Program Files\Nero 2008-07-14 17:46 . 2008-07-14 17:48 <DIR> d-------- C:\Program Files\Common Files\Ahead 2008-07-14 14:24 . 2008-07-14 14:24 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Axialis 2008-07-14 13:49 . 2006-10-26 19:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll 2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\MSBuild 2008-07-14 13:47 . 2008-07-14 13:47 <DIR> d-------- C:\Program Files\Microsoft Works 2008-07-14 13:45 . 2008-07-14 13:45 <DIR> d-------- C:\Program Files\Microsoft.NET 2008-07-14 13:43 . 2008-07-14 13:43 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-07-14 13:42 . 2008-07-14 13:46 <DIR> d-------- C:\WINDOWS\SHELLNEW 2008-07-14 13:41 . 2008-07-14 13:41 <DIR> dr-h----- C:\MSOCache 2008-07-14 13:41 . 2008-07-17 23:57 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-07-11 20:39 . 2008-07-11 20:39 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\FlashFXP 2008-07-11 14:22 . 2008-07-11 15:14 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\amsn 2008-07-09 17:54 . 2008-07-12 11:52 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Web Page Maker 2008-07-09 14:34 . 2008-07-09 14:34 106,272 --a------ C:\WINDOWS\system32\snmpoids.dll 2008-07-08 23:23 . 2008-07-09 23:03 <DIR> d-------- C:\Poker 2008-07-08 00:35 . 2008-07-08 00:35 24 --a------ C:\WINDOWS\AM_D8.PRF 2008-07-08 00:06 . 2008-07-25 00:08 921,624 --a------ C:\img1-001.raw 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\WINDOWS\Album 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\VideoCAM Eye 2008-07-07 23:54 . 2008-07-07 23:54 <DIR> d-------- C:\Program Files\Common Files\VCAMEye 2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a------ C:\WINDOWS\system32\drivers\usbuhci.sys 2008-07-07 23:49 . 2004-08-03 23:08 20,480 --a--c--- C:\WINDOWS\system32\dllcache\usbuhci.sys 2008-07-07 23:26 . 2008-07-07 23:26 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-07-07 19:22 . 2008-07-07 19:22 23 --a------ C:\WINDOWS\ANS2000.INI 2008-07-07 19:22 . 2008-07-07 19:22 20 --ah----- C:\WINDOWS\akebook.ini 2008-07-07 19:22 . 2008-07-07 19:22 4 --ah----- C:\WINDOWS\a3kebook.ini 2008-07-07 17:11 . 2008-07-07 17:11 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\Notepad++ 2008-07-04 14:25 . 2008-07-04 14:25 <DIR> d-------- C:\WINDOWS\Sun 2008-07-03 22:04 . 2008-07-03 22:04 <DIR> d-------- C:\Program Files\SmartFTP 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\UC.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\RAR.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKZIP.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\PKUNZIP.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\NOCLOSE.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\LHA.PIF 2008-07-03 21:33 . 2005-05-31 06:53 545 --a------ C:\WINDOWS\ARJ.PIF 2008-07-03 20:57 . 2008-07-03 22:13 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\SmartFTP 2008-07-03 20:52 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-07-03 20:52 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-07-03 20:52 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-07-03 12:03 . 2008-07-03 12:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-07-03 11:54 . 2008-07-03 11:54 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-07-03 11:43 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll 2008-07-03 11:27 . 2008-06-13 15:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys 2008-07-03 11:27 . 2008-06-13 15:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys 2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Favorites 2008-07-03 00:59 . 2008-07-03 00:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar 2008-07-03 00:58 . 2008-07-03 11:11 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-07-03 00:58 . 2008-07-03 00:59 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2008-07-03 00:50 . 2008-08-01 23:02 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Tracing 2008-07-03 00:23 . 2008-07-03 00:28 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-07-03 00:23 . 2008-07-03 00:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-07-03 00:19 . 2008-07-09 13:16 <DIR> d--h----- C:\WINDOWS\$hf_mig$ 2008-07-03 00:11 . 2008-07-03 00:11 <DIR> d-------- C:\Program Files\Sun 2008-07-03 00:10 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl 2008-07-02 22:59 . 2008-07-15 21:31 <DIR> d-------- C:\Program Files\Java 2008-07-02 22:59 . 2008-07-02 22:59 <DIR> d-------- C:\Program Files\Common Files\Java 2008-07-02 22:58 . 2008-07-03 14:22 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TeamViewer 2008-07-02 22:57 . 2008-07-02 22:58 <DIR> d-------- C:\Program Files\Hrvatsko - Engleski Rječnik 2008-07-02 22:56 . 2008-07-02 22:56 <DIR> d-------- C:\Program Files\Windows Media Connect 2 2008-07-02 22:54 . 2008-07-02 22:54 <DIR> d-------- C:\WINDOWS\system32\LogFiles 2008-07-02 22:54 . 2008-07-02 22:55 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF 2008-07-02 22:54 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe 2008-07-02 22:50 . 2008-07-02 22:50 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\TuneUp Software 2008-07-02 22:50 . 2007-03-28 19:42 29,704 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-07-02 22:49 . 2008-07-02 22:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2008-07-02 22:47 . 2008-08-01 19:48 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-07-02 22:37 . 2008-07-20 19:30 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\dwhelper 2008-07-02 22:29 . 2008-07-02 22:29 0 --a------ C:\WINDOWS\nsreg.dat 2008-07-02 22:19 . 2008-07-02 21:56 16,896 --a------ C:\WINDOWS\system32\grwinsthlp.exe 2008-07-02 22:19 . 2008-07-02 22:19 172 --a------ C:\UnInstall.dat 2008-07-02 22:15 . 2008-07-02 22:15 <DIR> d-------- C:\Documents and Settings\Administrator Nihad\Application Data\ESET 2008-07-02 22:13 . 2008-07-02 22:15 <DIR> d-------- C:\Program Files\ESET 2008-07-02 22:13 . 2008-07-02 22:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET 2008-07-02 22:09 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys 2008-07-02 22:02 . 2008-07-02 22:02 <DIR> d-------- C:\Program Files\directx 2008-07-02 22:00 . 2008-07-02 22:00 <DIR> d-------- C:\Program Files\My Company Name . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-01 11:28 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-07-24 13:08 --------- d-----w C:\Program Files\Winamp 2008-07-20 17:40 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\LimeWire 2008-07-19 22:01 --------- d-----w C:\Documents and Settings\Administrator Nihad\Application Data\BSplayer Pro 2008-07-15 19:34 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2008-07-07 22:20 --------- d-----w C:\Program Files\Windows Live 2008-07-07 22:20 --------- d-----w C:\Program Files\MSN Messenger 2008-07-02 22:15 --------- d-----w C:\Program Files\Messenger Plus! Live 2008-07-02 21:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus! 2008-07-02 20:00 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-07-02 19:59 --------- d-----w C:\Program Files\ATI Technologies 2008-07-02 19:54 --------- d-----w C:\Program Files\ASUS 2008-07-02 19:52 --------- d-----w C:\Program Files\Intel 2008-07-02 19:52 --------- d-----w C:\Program Files\Analog Devices 2008-07-02 19:38 --------- d-----w C:\Program Files\microsoft frontpage 2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys 2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys 2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys 2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-01_19.19.37.92 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-01 17:49:29 65,536 ----a-r C:\WINDOWS\Installer\{88D422DB-E9C7-4E16-9D80-2999F4FD6AD9}\ARPPRODUCTICON.exe + 2008-08-01 17:49:14 65,536 ----a-r C:\WINDOWS\Installer\{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}\ARPPRODUCTICON.exe + 2006-02-28 10:41:34 61,440 ----a-w C:\WINDOWS\system32\dns-sd.exe + 2006-02-28 10:41:22 53,248 ----a-w C:\WINDOWS\system32\dnssd.dll + 2007-02-20 13:34:06 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe - 2008-03-25 03:21:18 2,889,088 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll + 2007-02-20 14:04:02 2,463,976 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll - 2008-03-25 03:21:20 218,496 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2007-02-20 14:04:04 190,696 ----a-w C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-11-07 15:34 3739672] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="C:\Program Files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 08:57 143360] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-24 21:05 344064] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 08:21 1443072] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784] "WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2006-09-26 16:49 35328] "snpstd"="C:\WINDOWS\vsnpstd.exe" [2004-06-10 13:48 286720] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016] "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 16:57 133016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360] C:\Documents and Settings\Administrator Nihad\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] hamachi.lnk - C:\Program Files\Hamachi\hamachi.exe [2008-07-24 17:16:37 624416] Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2008-07-24 00:06:04 3450608] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Exif Launcher S.lnk - C:\Program Files\FinePixViewerS\QuickDCF2.exe [2008-08-01 13:28:57 303104] [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\Administrator Nihad\\Desktop\\KDX_Client\\KDXClient.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= R2 Apache2.2;Apache2.2;D:\xampp\apache\bin\apache.exe [2008-01-18 01:37] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56] S3 EnumChip;EnumChip;F:\Gart\EnumChip.sys [] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 15:34] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-08-01 C:\WINDOWS\Tasks\1-Click Maintenance.job - D:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-26 21:51] 2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-01 23:13:04 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-08-01 23:14:17 ComboFix-quarantined-files.txt 2008-08-01 21:14:11 ComboFix2.txt 2008-08-01 17:19:59 Pre-Run: 6,863,110,144 bytes free Post-Run: 6,856,241,152 bytes free 299 --- E O F --- 2008-07-17 21:57:45

Profil

dr_Bora Poslao: 02 Avg 2008 13:43 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zipuj / raruj kompletan folder: C:\deljob i uploaduj ga: http://www.mycity.rs/ambulanta-upload.php Postavi i svež HijackThis logfile napravljen neposredno nakon restartovanja kompjutera.

Profil

nihad001 Poslao: 02 Avg 2008 14:36 Idi na vrh
offline nihad001 Zaslužni građanin Pridružio: 23 Feb 2008 Poruke: 610	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema potrebe da postavljam jer je sada u redu... Hvala puno doktore ! !

Profil

dr_Bora Poslao: 02 Avg 2008 15:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Pokretanje Internet Explorera u procesima

Ko je trenutno na forumu

Ukupno su 865 korisnika na forumu :: 33 registrovanih, 2 sakrivenih i 830 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., babaroga, Djokislav, Doktor12347, Džordžino, FileFinder, Georgius, ILGromovnikM2, kolle.the.kid, Magnum_956, Mali Rambo, Metanoja, Miki01, Milos1389, MiroslavD, nesa1962, rodoljub, sabac015555m, Sirius, stagezin, stegonosa, styg, suton, TalicniTom, tubular, vasa.93, vathra, Vatreni Zmaj, x9, zbazin, Žrnov, 79693

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by