MyCity » Ambulanta -> Arhiva Ambulante » Ponovo problem sa virusima

Ponovo problem sa virusima

Napisano na dan: 28.5.2008

Ponovo problem sa virusima

Sledeća strana

Pagination

Odgovori

margo.grcic Poslao: 28 Maj 2008 21:05 Idi na vrh
offline margo.grcic Novi MyCity građanin Pridružio: 25 Apr 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ponovo imam isti problem sa nekim virusima pa sam mislio ako moze opet pomoc u vezi toga Logfile of HijackThis v1.99.1 Scan saved at 9:02:14 PM, on 5/28/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RocketDock\RocketDock.exe D:\Temp\Intalacija\Leva zeza\YzDock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\WINDOWS\system32\perfs.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe D:\Temp\Intalacija\Sredjivanje kompa preko neta\New Folder\tr3.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O1 - Hosts: 64.34.46.60 skypeclubs.com O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061208 serial=DR12WTX-9999998-YSP lang=EN O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O4 - Startup: Shortcut to YzDock.lnk = D:\Temp\Intalacija\Leva zeza\YzDock.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.bancaintesabeograd.com/RetailDLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7845765656 O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - AppInit_DLLs: ????????P,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: perfmons Service (perfmons) - Unknown owner - C:\WINDOWS\system32\perfs.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe Unapred hvala

Profil

DEMIAN Poslao: 28 Maj 2008 22:53 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Pokreni HijackThis i izaberi opciju "Do a system scan only". Označi (u kvadratiću pored) sledeću liniju i klikni "Fix Checked" da bi je obrisao. O1 - Hosts: 64.34.46.60 skypeclubs.com Zatim uključi prikaz skrivenih fajlova na sistemu pa zatim potraži fajl sa ove putanje; C:\WINDOWS\system32\perfs.exe Upakuj ga u zip/rar i pošalji nam ga na analizu preko ove forme http://www.mycity.rs/ambulanta-upload.php Obavesti u temi kada sve bude gotovo.

Profil

margo.grcic Poslao: 29 Maj 2008 01:11 Idi na vrh
offline margo.grcic Novi MyCity građanin Pridružio: 25 Apr 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! prosto ne mogu da verujem da postoje ljudi kao sto ste vi.Hvala vam mnogo sto ste mi pomogli.Moj fajl je uspesno poslat.Nadam se da cu dobiti neki rezultat analize. Hvala!

Profil

DEMIAN Poslao: 29 Maj 2008 01:32 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

margo.grcic Poslao: 29 Maj 2008 10:00 Idi na vrh
offline margo.grcic Novi MyCity građanin Pridružio: 25 Apr 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-28.4 - Margo 2008-05-29 9:51:58.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1473 [GMT 2:00] Running from: C:\Documents and Settings\Margo\Desktop\ComboFix.exe * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\comsa32.sys C:\WINDOWS\system32\drmgs.sys C:\WINDOWS\system32\tmp0_109817435381.bk C:\WINDOWS\system32\tmp0_174835734110.bk C:\WINDOWS\system32\tmp0_295245126845.bk C:\WINDOWS\system32\tmp0_391304694111.bk C:\WINDOWS\system32\tmp0_513278123898.bk C:\WINDOWS\system32\tmp0_819695680982.bk C:\WINDOWS\system32\tmp1_278621197902.bk C:\WINDOWS\system32\tmp1_758360675370.bk C:\WINDOWS\system32\tmp3_202291306996.bk C:\WINDOWS\system32\tmp3_549052314434.bk C:\WINDOWS\system32\tmp3_600333614284.bk C:\WINDOWS\system32\tmp3_754050454200.bk C:\WINDOWS\system32\tmp3_818652764878.bk C:\WINDOWS\system32\tmp4_611618716250.bk C:\WINDOWS\system32\tmp4_788613267140.bk C:\WINDOWS\system32\tmp5_83570713351.bk C:\WINDOWS\system32\tmp5_840650642206.bk . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_AFINDING -------\Legacy_PERFMONS -------\Legacy_ROUTING -------\Legacy_WSERVING -------\Service_perfmons ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-28 00:10 . 2008-05-29 01:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-28 00:10 . 2008-05-29 09:55 8,128,544 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-28 00:10 . 2008-05-29 09:54 113,024 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-28 00:10 . 2008-05-28 18:42 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-28 00:10 . 2008-05-28 18:42 88,262 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-28 00:10 . 2008-05-29 09:55 19,488 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-28 00:10 . 2008-05-29 09:54 3,896 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-28 00:04 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis 2008-05-27 21:41 . 2008-05-28 22:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-05-27 21:40 . 2008-05-28 22:32 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-05-27 18:51 . 2008-04-30 04:29 <DIR> d-------- C:\WINDOWS\system32\DirectX_10__XP__2008 2008-05-27 17:17 . 2008-05-27 17:17 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Ubisoft 2008-05-27 16:42 . 2008-05-27 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-05-27 16:30 . 2008-05-27 16:30 <DIR> d-------- C:\Program Files\Ubisoft 2008-05-26 23:36 . 2008-05-26 23:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2008-05-26 23:36 . 2008-05-26 23:36 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Leadertech 2008-05-26 22:58 . 2008-05-26 23:05 <DIR> d-------- C:\Program Files\defragment 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Thinstall 2008-05-23 18:44 . 2008-05-23 18:44 268 --ah----- C:\sqmdata00.sqm 2008-05-23 18:44 . 2008-05-23 18:44 244 --ah----- C:\sqmnoopt00.sqm 2008-05-21 16:14 . 2008-05-21 16:14 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Symantec 2008-05-21 12:06 . 2008-05-21 12:06 <DIR> d-------- C:\Program Files\Symantec 2008-05-21 12:05 . 2007-12-20 17:13 136,416 --a------ C:\WINDOWS\system32\drivers\symsnap.sys 2008-05-21 12:05 . 2008-01-19 20:12 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys 2008-05-21 12:05 . 2008-01-19 19:31 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-05-21 12:05 . 2008-01-19 19:45 38,112 --a------ C:\WINDOWS\system32\drivers\v2imount.sys 2008-05-21 12:05 . 2008-01-19 19:31 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-05-21 12:05 . 2008-01-19 19:40 15,088 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys 2008-05-21 12:04 . 2008-05-21 12:04 <DIR> d-------- C:\Program Files\Norton Ghost 2008-05-21 12:04 . 2008-05-21 12:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-21 12:04 . 2008-05-21 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-11 23:12 . 2008-05-11 23:12 <DIR> d-------- C:\Program Files\Halflife Logo Creator 2008-05-11 21:16 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-05-11 21:16 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-05-11 21:16 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-05-11 21:16 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2008-05-11 21:12 . 2008-05-11 21:12 <DIR> d-------- C:\Program Files\Sega 2008-05-09 21:37 . 2008-05-09 21:36 774,144 --a------ C:\Program Files\RngInterstitial.dll 2008-05-09 21:34 . 2008-05-09 21:34 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\AdobeUM 2008-05-09 21:27 . 2008-05-26 23:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-09 21:16 . 2008-05-09 21:30 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-09 14:01 . 2008-05-09 14:01 31 --a------ C:\WINDOWS\bluevoda.ini 2008-05-09 13:53 . 2008-05-09 13:54 <DIR> d-------- C:\Program Files\BlueVoda Website Builder 2008-05-09 13:53 . 2008-05-09 13:53 737,280 --a------ C:\WINDOWS\iun6002.exe 2008-05-08 09:45 . 2008-05-15 15:14 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Hamachi 2008-05-08 09:45 . 2008-05-08 09:45 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-28 20:56 --------- d-----w C:\Program Files\Valve 2008-05-28 20:56 --------- d-----w C:\Program Files\sXe Injected 2008-05-28 16:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-27 23:01 --------- d-----w C:\Program Files\Planplus 2008-05-27 22:07 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-27 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-27 14:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-26 12:30 --------- d-----w C:\Program Files\Google 2008-05-26 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-05-21 09:35 --------- d-----w C:\Documents and Settings\Margo\Application Data\Spyware Terminator 2008-05-21 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-05-12 00:10 --------- d-----w C:\Program Files\Torrent Harvester 2008-05-11 21:22 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-05-09 19:36 --------- d-----w C:\Program Files\Real 2008-05-09 19:36 --------- d-----w C:\Program Files\Common Files\Real 2008-05-09 08:00 --------- d-----w C:\Program Files\Spyware Terminator 2008-04-25 19:15 --------- d-----w C:\Program Files\Steam 2008-04-25 14:37 --------- d-----w C:\Documents and Settings\Margo\Application Data\Blueberry 2008-04-24 22:56 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll 2008-04-24 22:56 4,096 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys 2008-04-24 22:56 30,720 ----a-w C:\WINDOWS\system32\bbcap.dll 2008-04-24 22:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{294396B0-C9B8-4E26-A8D2-ED9103C92D00} 2008-04-24 22:56 --------- d-----w C:\Program Files\Common Files\Blueberry Software 2008-04-24 22:56 --------- d-----w C:\Program Files\Blueberry Software 2008-04-24 22:56 --------- d-----w C:\Documents and Settings\Margo\Application Data\LogSys 2008-04-24 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogSys 2008-04-24 20:41 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-04-24 20:40 --------- d-----w C:\Program Files\freebird 2008-04-21 23:06 --------- d-----w C:\Program Files\Cheating-Death 2008-04-20 19:38 --------- d-----w C:\Documents and Settings\Margo\Application Data\Media Player Classic 2008-04-20 19:26 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-04-16 17:53 --------- d-----w C:\Program Files\C-Media 6501 Sound 2008-04-16 17:48 --------- d-----w C:\Documents and Settings\Margo\Application Data\Creative 2008-04-16 17:26 --------- d-----w C:\Program Files\Creative 2008-04-16 14:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-16 14:41 --------- d-----w C:\Program Files\iolo 2008-04-16 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-16 14:06 --------- d-----w C:\Program Files\Yahoo! 2008-04-16 14:02 --------- d-----w C:\Program Files\ASUS 2008-04-16 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-16 13:19 --------- d-----w C:\Program Files\RegSupreme Pro 2008-04-15 22:28 --------- d-----w C:\Program Files\ClocX 2008-04-12 23:24 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-12 20:30 --------- d-----w C:\Program Files\ReflexiveArcade 2008-04-12 16:31 --------- d-----w C:\Documents and Settings\Margo\Application Data\Ahead 2008-04-12 16:29 108,144 ------w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-12 16:29 --------- d--h--r C:\Documents and Settings\Margo\Application Data\SecuROM 2008-04-12 16:29 --------- d-----w C:\Documents and Settings\Margo\Application Data\Zanichelli 2008-04-12 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-04-12 13:08 1,890 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-12 13:08 --------- d-----w C:\Program Files\Common Files\Corel 2008-04-12 13:07 --------- d-----w C:\Program Files\Corel 2008-04-12 12:48 --------- d-----w C:\Documents and Settings\Margo\Application Data\Corel 2008-04-11 23:24 --------- d-----w C:\Program Files\CyberLink 2008-04-11 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2008-04-11 19:54 --------- d-----w C:\Program Files\ATI Technologies 2008-04-11 19:25 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-10 22:01 --------- d-----w C:\Program Files\MSBuild 2008-04-10 22:01 --------- d-----w C:\Program Files\Microsoft Works 2008-04-10 22:00 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-10 21:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-10 21:55 --------- d-----w C:\Program Files\MagicISO 2008-04-10 21:42 --------- d-----w C:\Program Files\Lavasoft 2008-04-10 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-10 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-10 20:55 --------- d-----w C:\Program Files\Windows Live 2008-04-10 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-10 16:42 --------- d-----w C:\Documents and Settings\Margo\Application Data\Yahoo! 2008-04-10 16:33 --------- d-----w C:\Documents and Settings\Margo\Application Data\CyberLink 2008-04-10 16:31 639,224 ------w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-10 15:58 --------- d-----w C:\Program Files\RocketDock 2008-04-10 15:56 --------- d-----w C:\Program Files\Webteh 2008-04-10 13:38 --------- d-----w C:\Program Files\IVT Corporation 2008-04-10 13:37 --------- d-----w C:\Program Files\VID_1345&PID_0003 2008-04-10 13:36 --------- d-----w C:\Documents and Settings\Margo\Application Data\Ulead Systems 2008-04-10 13:35 --------- d-----w C:\Program Files\Picasa2 2008-04-10 13:32 --------- d-----w C:\Program Files\Ulead Systems 2008-04-10 13:32 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-04-10 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-10 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-04-10 13:31 --------- d-----w C:\Documents and Settings\Margo\Application Data\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Program Files\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-04-10 13:23 --------- d-----w C:\Program Files\eMule 2008-04-10 13:20 --------- d-----w C:\Program Files\Common Files\xing shared 2008-04-10 13:16 --------- d-----w C:\Documents and Settings\Margo\Application Data\Apple Computer 2008-04-10 13:14 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-10 13:14 --------- d-----w C:\Program Files\QuickTime 2008-04-10 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-10 13:08 --------- d-----w C:\Program Files\Nero 2008-04-10 13:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-10 13:07 --------- d-----w C:\Documents and Settings\Margo\Application Data\eMule 2008-04-10 13:03 --------- d-----w C:\Program Files\Opera 2008-04-10 13:02 --------- d-----w C:\Program Files\Windows Media Components 2008-04-10 13:02 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-04-10 13:02 --------- d-----w C:\Documents and Settings\Margo\Application Data\InstallShield 2008-04-10 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo 2008-04-10 12:47 --------- d-----w C:\Program Files\A4Tech . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 13:48 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2002-09-04 17:52 73728] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-27 11:10 729088] "C6501Sound"="c6501.cpl" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 15:20 185896] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 18:36 227856] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] C:\Documents and Settings\Margo\Start Menu\Programs\Startup\ RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-04-10 17:58:00 630784] Shortcut to YzDock.lnk - D:\Temp\Intalacija\Leva zeza\YzDock.exe [2008-01-30 00:25:08 386560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX] --a------ 2004-09-04 10:28 270336 C:\Program Files\ClocX\ClocX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --------- 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --------- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2006-05-18 11:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] --a------ 2008-01-19 20:01 2245984 C:\Program Files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --------- 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 22:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --------- 2008-04-10 15:20 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --------- 2007-07-23 13:55 341232 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "D:\\Temp\\Igrice\\Chessmaster9000\\Chessmaster.exe"= R3 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-04-25 00:56] R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 11:04] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 SymSnapService;SymSnapService;"C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2007-12-20 17:13] S2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 01:56] S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2008-05-27 08:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc3ad64-0742-11dd-8353-001bfced5ce4}] \Shell\AutoRun\command - F:\autorun.exe . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 09:55:34 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\ati2evxx.exe C:\WINDOWS\system32\ati2evxx.exe C:\Program Files\A4Tech\Keyboard\Ikeymain.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTSVCCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe . ************************************************************************ . Completion time: 2008-05-29 9:57:19 - machine was rebooted ComboFix-quarantined-files.txt 2008-05-29 07:57:16 Pre-Run: 33,838,956,544 bytes free Post-Run: 33,862,643,712 bytes free 329 --- E O F --- 2008-04-16 11:47:59

Profil

DEMIAN Poslao: 29 Maj 2008 14:58 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\perfs.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6fc3ad64-0742-11dd-8353-001bfced5ce4}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci ComboFix log koji bude bio napravljen na kraju ciscenja/skeniranja ali i novi HijackThis log.

Profil

margo.grcic Poslao: 29 Maj 2008 19:58 Idi na vrh
offline margo.grcic Novi MyCity građanin Pridružio: 25 Apr 2008 Poruke: 27	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-05-29.1 - Margo 2008-05-29 19:48:36.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1462 [GMT 2:00] Running from: C:\Documents and Settings\Margo\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Margo\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\perfs.exe . ((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-29 ))))))))))))))))))))))))))))))) . 2008-05-29 18:54 . 2008-05-29 18:54 5,976 --a------ C:\WINDOWS\desctemp.dat 2008-05-28 00:10 . 2008-05-29 19:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2008-05-28 00:10 . 2008-05-29 19:50 8,218,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat 2008-05-28 00:10 . 2008-05-29 19:36 113,888 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx 2008-05-28 00:10 . 2008-05-28 18:42 96,966 --a------ C:\WINDOWS\system32\drivers\klin.dat 2008-05-28 00:10 . 2008-05-28 18:42 88,262 --a------ C:\WINDOWS\system32\drivers\klick.dat 2008-05-28 00:10 . 2008-05-29 19:50 25,376 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat 2008-05-28 00:10 . 2008-05-29 19:36 4,184 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx 2008-05-28 00:04 . 2008-02-07 17:10 <DIR> d--h----- C:\ckis 2008-05-27 21:41 . 2008-05-28 22:25 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat 2008-05-27 21:40 . 2008-05-28 22:32 <DIR> d-------- C:\WINDOWS\Internet Logs 2008-05-27 18:51 . 2008-04-30 04:29 <DIR> d-------- C:\WINDOWS\system32\DirectX_10__XP__2008 2008-05-27 17:17 . 2008-05-27 17:17 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Ubisoft 2008-05-27 16:42 . 2008-05-27 16:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ubisoft 2008-05-27 16:30 . 2008-05-27 16:30 <DIR> d-------- C:\Program Files\Ubisoft 2008-05-26 23:36 . 2008-05-26 23:36 <DIR> d-------- C:\Program Files\Diskeeper Corporation 2008-05-26 23:36 . 2008-05-26 23:36 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Leadertech 2008-05-26 22:58 . 2008-05-26 23:05 <DIR> d-------- C:\Program Files\defragment 2008-05-26 13:46 . 2008-05-26 13:46 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Thinstall 2008-05-23 18:44 . 2008-05-23 18:44 268 --ah----- C:\sqmdata00.sqm 2008-05-23 18:44 . 2008-05-23 18:44 244 --ah----- C:\sqmnoopt00.sqm 2008-05-21 16:14 . 2008-05-21 16:14 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Symantec 2008-05-21 12:06 . 2008-05-21 12:06 <DIR> d-------- C:\Program Files\Symantec 2008-05-21 12:05 . 2007-12-20 17:13 136,416 --a------ C:\WINDOWS\system32\drivers\symsnap.sys 2008-05-21 12:05 . 2008-01-19 20:12 128,104 --a------ C:\WINDOWS\system32\drivers\WimFltr.sys 2008-05-21 12:05 . 2008-01-19 19:31 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll 2008-05-21 12:05 . 2008-01-19 19:45 38,112 --a------ C:\WINDOWS\system32\drivers\v2imount.sys 2008-05-21 12:05 . 2008-01-19 19:31 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys 2008-05-21 12:05 . 2008-01-19 19:40 15,088 --a------ C:\WINDOWS\system32\drivers\vproeventmonitor.sys 2008-05-21 12:04 . 2008-05-21 12:04 <DIR> d-------- C:\Program Files\Norton Ghost 2008-05-21 12:04 . 2008-05-21 12:06 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared 2008-05-21 12:04 . 2008-05-21 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec 2008-05-11 23:12 . 2008-05-11 23:12 <DIR> d-------- C:\Program Files\Halflife Logo Creator 2008-05-11 21:16 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll 2008-05-11 21:16 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll 2008-05-11 21:16 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll 2008-05-11 21:16 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll 2008-05-11 21:12 . 2008-05-11 21:12 <DIR> d-------- C:\Program Files\Sega 2008-05-09 21:37 . 2008-05-09 21:36 774,144 --a------ C:\Program Files\RngInterstitial.dll 2008-05-09 21:34 . 2008-05-09 21:34 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\AdobeUM 2008-05-09 21:27 . 2008-05-26 23:36 <DIR> d-------- C:\WINDOWS\Downloaded Installations 2008-05-09 21:16 . 2008-05-09 21:30 <DIR> d-------- C:\Program Files\Common Files\Adobe 2008-05-09 14:01 . 2008-05-09 14:01 31 --a------ C:\WINDOWS\bluevoda.ini 2008-05-09 13:53 . 2008-05-09 13:54 <DIR> d-------- C:\Program Files\BlueVoda Website Builder 2008-05-09 13:53 . 2008-05-09 13:53 737,280 --a------ C:\WINDOWS\iun6002.exe 2008-05-08 09:45 . 2008-05-15 15:14 <DIR> d-------- C:\Documents and Settings\Margo\Application Data\Hamachi 2008-05-08 09:45 . 2008-05-08 09:45 15,440 --a------ C:\WINDOWS\system32\drivers\hamachi.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-05-28 20:56 --------- d-----w C:\Program Files\Valve 2008-05-28 20:56 --------- d-----w C:\Program Files\sXe Injected 2008-05-28 16:42 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys 2008-05-27 23:01 --------- d-----w C:\Program Files\Planplus 2008-05-27 22:07 --------- d-----w C:\Program Files\Kaspersky Lab 2008-05-27 20:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files 2008-05-27 14:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-05-26 12:30 --------- d-----w C:\Program Files\Google 2008-05-26 11:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2008-05-21 09:35 --------- d-----w C:\Documents and Settings\Margo\Application Data\Spyware Terminator 2008-05-21 00:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator 2008-05-12 00:10 --------- d-----w C:\Program Files\Torrent Harvester 2008-05-11 21:22 --------- d-----w C:\Program Files\Counter-Strike 1.6 2008-05-09 19:36 --------- d-----w C:\Program Files\Real 2008-05-09 19:36 --------- d-----w C:\Program Files\Common Files\Real 2008-05-09 08:00 --------- d-----w C:\Program Files\Spyware Terminator 2008-04-25 19:15 --------- d-----w C:\Program Files\Steam 2008-04-25 14:37 --------- d-----w C:\Documents and Settings\Margo\Application Data\Blueberry 2008-04-24 22:56 4,608 ----a-w C:\WINDOWS\system32\bbchlp.dll 2008-04-24 22:56 4,096 ----a-w C:\WINDOWS\system32\drivers\bbcap.sys 2008-04-24 22:56 30,720 ----a-w C:\WINDOWS\system32\bbcap.dll 2008-04-24 22:56 --------- d--h--w C:\Documents and Settings\All Users\Application Data\{294396B0-C9B8-4E26-A8D2-ED9103C92D00} 2008-04-24 22:56 --------- d-----w C:\Program Files\Common Files\Blueberry Software 2008-04-24 22:56 --------- d-----w C:\Program Files\Blueberry Software 2008-04-24 22:56 --------- d-----w C:\Documents and Settings\Margo\Application Data\LogSys 2008-04-24 22:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\LogSys 2008-04-24 20:41 141,312 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys 2008-04-24 20:40 --------- d-----w C:\Program Files\freebird 2008-04-21 23:06 --------- d-----w C:\Program Files\Cheating-Death 2008-04-20 19:38 --------- d-----w C:\Documents and Settings\Margo\Application Data\Media Player Classic 2008-04-20 19:26 --------- d-----w C:\Program Files\K-Lite Codec Pack 2008-04-16 17:53 --------- d-----w C:\Program Files\C-Media 6501 Sound 2008-04-16 17:48 --------- d-----w C:\Documents and Settings\Margo\Application Data\Creative 2008-04-16 17:26 --------- d-----w C:\Program Files\Creative 2008-04-16 14:46 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-04-16 14:41 --------- d-----w C:\Program Files\iolo 2008-04-16 14:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-04-16 14:06 --------- d-----w C:\Program Files\Yahoo! 2008-04-16 14:02 --------- d-----w C:\Program Files\ASUS 2008-04-16 14:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-04-16 13:19 --------- d-----w C:\Program Files\RegSupreme Pro 2008-04-15 22:28 --------- d-----w C:\Program Files\ClocX 2008-04-12 23:24 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2008-04-12 20:30 --------- d-----w C:\Program Files\ReflexiveArcade 2008-04-12 16:31 --------- d-----w C:\Documents and Settings\Margo\Application Data\Ahead 2008-04-12 16:29 108,144 ------w C:\WINDOWS\system32\CmdLineExt.dll 2008-04-12 16:29 --------- d--h--r C:\Documents and Settings\Margo\Application Data\SecuROM 2008-04-12 16:29 --------- d-----w C:\Documents and Settings\Margo\Application Data\Zanichelli 2008-04-12 14:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth 2008-04-12 13:08 1,890 --sh--w C:\WINDOWS\system32\KGyGaAvL.sys 2008-04-12 13:08 --------- d-----w C:\Program Files\Common Files\Corel 2008-04-12 13:07 --------- d-----w C:\Program Files\Corel 2008-04-12 12:48 --------- d-----w C:\Documents and Settings\Margo\Application Data\Corel 2008-04-11 23:24 --------- d-----w C:\Program Files\CyberLink 2008-04-11 19:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI 2008-04-11 19:54 --------- d-----w C:\Program Files\ATI Technologies 2008-04-11 19:25 --------- d-----w C:\Program Files\DAEMON Tools 2008-04-10 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-04-10 22:01 --------- d-----w C:\Program Files\MSBuild 2008-04-10 22:01 --------- d-----w C:\Program Files\Microsoft Works 2008-04-10 22:00 --------- d-----w C:\Program Files\Microsoft.NET 2008-04-10 21:59 --------- d-----w C:\Program Files\Microsoft Visual Studio 8 2008-04-10 21:55 --------- d-----w C:\Program Files\MagicISO 2008-04-10 21:42 --------- d-----w C:\Program Files\Lavasoft 2008-04-10 21:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-04-10 20:55 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2008-04-10 20:55 --------- d-----w C:\Program Files\Windows Live 2008-04-10 20:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-04-10 16:42 --------- d-----w C:\Documents and Settings\Margo\Application Data\Yahoo! 2008-04-10 16:33 --------- d-----w C:\Documents and Settings\Margo\Application Data\CyberLink 2008-04-10 16:31 639,224 ------w C:\WINDOWS\system32\drivers\sptd.sys 2008-04-10 15:58 --------- d-----w C:\Program Files\RocketDock 2008-04-10 15:56 --------- d-----w C:\Program Files\Webteh 2008-04-10 13:38 --------- d-----w C:\Program Files\IVT Corporation 2008-04-10 13:37 --------- d-----w C:\Program Files\VID_1345&PID_0003 2008-04-10 13:36 --------- d-----w C:\Documents and Settings\Margo\Application Data\Ulead Systems 2008-04-10 13:35 --------- d-----w C:\Program Files\Picasa2 2008-04-10 13:32 --------- d-----w C:\Program Files\Ulead Systems 2008-04-10 13:32 --------- d-----w C:\Program Files\Common Files\Ulead Systems 2008-04-10 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-04-10 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-04-10 13:31 --------- d-----w C:\Documents and Settings\Margo\Application Data\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Program Files\Common Files\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Program Files\ACD Systems 2008-04-10 13:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2008-04-10 13:23 --------- d-----w C:\Program Files\eMule 2008-04-10 13:20 --------- d-----w C:\Program Files\Common Files\xing shared 2008-04-10 13:16 --------- d-----w C:\Documents and Settings\Margo\Application Data\Apple Computer 2008-04-10 13:14 --------- d-----w C:\Program Files\Windows Media Connect 2 2008-04-10 13:14 --------- d-----w C:\Program Files\QuickTime 2008-04-10 13:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-04-10 13:08 --------- d-----w C:\Program Files\Nero 2008-04-10 13:08 --------- d-----w C:\Program Files\Common Files\Ahead 2008-04-10 13:07 --------- d-----w C:\Documents and Settings\Margo\Application Data\eMule 2008-04-10 13:03 --------- d-----w C:\Program Files\Opera 2008-04-10 13:02 --------- d-----w C:\Program Files\Windows Media Components 2008-04-10 13:02 --------- d-----w C:\Program Files\Common Files\InterVideo 2008-04-10 13:02 --------- d-----w C:\Documents and Settings\Margo\Application Data\InstallShield 2008-04-10 13:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\InterVideo 2008-04-10 12:47 --------- d-----w C:\Program Files\A4Tech . ((((((((((((((((((((((((((((( snapshot@2008-05-29_ 9.56.57.78 ))))))))))))))))))))))))))))))))))))))))) . - 2008-05-29 07:55:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-29 17:37:05 2,048 --s-a-w C:\WINDOWS\bootstat.dat + 2008-05-29 17:37:16 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_24c.dat + 2008-05-29 17:37:19 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_36c.dat + 2008-05-29 17:37:24 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_ed8.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] "Creative MediaSource Go"="C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 13:48 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iKeyWorks"="C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe" [2002-09-04 17:52 73728] "SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 18:06 45056] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-27 11:10 729088] "C6501Sound"="c6501.cpl" [] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-10 15:20 185896] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360] C:\Documents and Settings\Margo\Start Menu\Programs\Startup\ RocketDock.lnk - C:\Program Files\RocketDock\RocketDock.exe [2008-04-10 17:58:00 630784] Shortcut to YzDock.lnk - D:\Temp\Intalacija\Leva zeza\YzDock.exe [2008-01-30 00:25:08 386560] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv "vidc.yv12"= yv12vfw.dll "msacm.l3fhg"= mp3fhg.acm "msacm.imc"= imc32.acm [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClocX] --a------ 2004-09-04 10:28 270336 C:\Program Files\ClocX\ClocX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper] --a------ 2007-04-09 12:32 19456 C:\WINDOWS\system32\CtHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol] --a------ 2003-09-17 10:43 57344 C:\Program Files\Creative\Surround Mixer\CTSysVol.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --------- 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --------- 2006-10-27 00:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2006-05-18 11:29 49152 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 14.0] --a------ 2008-01-19 20:01 2245984 C:\Program Files\Norton Ghost\Agent\VProTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --------- 2007-12-11 10:56 286720 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2005-12-07 22:57 30208 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] --------- 2008-04-10 15:20 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --------- 2004-11-26 11:43 90112 C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload] --------- 2007-07-23 13:55 341232 C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 7.0.1.321\\English\\setup.exe"= "C:\\Program Files\\eMule\\emule.exe"= "C:\\Program Files\\Opera\\Opera.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\Program Files\\Valve\\hl.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"= "C:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"= "C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"= "D:\\Temp\\Igrice\\Chessmaster9000\\Chessmaster.exe"= R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;C:\WINDOWS\system32\dllhost.exe [2004-08-04 01:56] R3 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2008-04-25 00:56] R3 cm102u32;C-Media CM6501 Like Sound Interface;C:\WINDOWS\system32\drivers\c6501.sys [2006-09-05 11:04] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 13:28] R3 SymSnapService;SymSnapService;"C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe" [2007-12-20 17:13] S3 ddsxeiservice;ddsxeiservice2;C:\Program Files\sXe Injected\ddsxei.sys [2008-05-27 08:13] Newly Created Service - CATCHME . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-05-29 19:50:29 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-05-29 19:52:06 ComboFix-quarantined-files.txt 2008-05-29 17:52:03 ComboFix2.txt 2008-05-29 07:57:21 Pre-Run: 33,859,772,416 bytes free Post-Run: 33,842,733,056 bytes free 289 --- E O F --- 2008-04-16 11:47:59 Dopuna: 29 Maj 2008 19:58 Logfile of HijackThis v1.99.1 Scan saved at 7:57:51 PM, on 5/29/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe C:\Program Files\RocketDock\RocketDock.exe D:\Temp\Intalacija\Leva zeza\YzDock.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Norton Ghost\Agent\VProSvc.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\explorer.exe D:\Temp\Intalacija\Sredjivanje kompa preko neta\New Folder\tr3.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=061208 serial=DR12WTX-9999998-YSP lang=EN O4 - HKLM\..\Run: [C6501Sound] RunDll32 c6501.cpl,CMICtrlWnd O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Creative MediaSource Go] C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB O4 - Startup: RocketDock.lnk = C:\Program Files\RocketDock\RocketDock.exe O4 - Startup: Shortcut to YzDock.lnk = D:\Temp\Intalacija\Leva zeza\YzDock.exe O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D69485C-EAB1-42AE-93C1-B5A53F238C5A} (FileInterface Class) - online.bancaintesabeograd.com/RetailDLL/FSINT.dll O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - secure.deltabanka.rs/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7845765656 O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing) O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: SymSnapService - Symantec - C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

Profil

DEMIAN Poslao: 29 Maj 2008 20:16 Idi na vrh
offline DEMIAN Legendarni građanin IT Manager Pridružio: 25 Mar 2005 Poruke: 3706 Gde živiš: The darkest place on earth..	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Ponovo problem sa virusima

Ko je trenutno na forumu

Ukupno su 951 korisnika na forumu :: 24 registrovanih, 4 sakrivenih i 923 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: babaroga, Bane san, Bickoooo, cuculo, darkojbn, djboj, djuradj, Dorcolac, DragoslavS, elenemste, FileFinder, Georgius, Hexe, ILGromovnik, Još malo pa deda, Koca Popovic, lord sir giga, raptorsi, rikirubio, rodoljub, ruger357, stagezin, vathra, VladaKG1980

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by