Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:5

3

Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:5

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Usnimio sam novi ESET Smart Security 4 i skenirao pa mi se opet javljaja isto?

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Zelezni ::Usnimio sam novi ESET Smart Security 4 i skenirao pa mi se opet javljaja isto?

Koje isto?

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:02:46.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1315 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated)
FW: ESET Personal firewall *enabled*
* Resident AV is active

.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:03:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:04:48
ComboFix-quarantined-files.txt 2009-04-10 15:04:46
ComboFix2.txt 2009-04-10 14:23:49
ComboFix3.txt 2009-04-09 19:47:59
ComboFix4.txt 2009-04-08 21:22:08
ComboFix5.txt 2009-04-10 15:02:34

Pre-Run: 25.986.342.912 bytes free
Post-Run: 25,974,857,728 bytes free

208 --- E O F --- 2009-03-15 04:21:27

Dopuna: 10 Apr 2009 17:22

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:17:34.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1259 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Pedja\LOCALS~1\Temp\Perflib_Perfdata_fdc.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:21:17
ComboFix-quarantined-files.txt 2009-04-10 15:21:14
ComboFix2.txt 2009-04-10 15:04:49
ComboFix3.txt 2009-04-10 14:23:49
ComboFix4.txt 2009-04-09 19:47:59
ComboFix5.txt 2009-04-10 15:17:20

Pre-Run: 25.984.237.568 bytes free
Post-Run: 25,972,465,664 bytes free

208 --- E O F --- 2009-03-15 04:21:27

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Klikni Start-Run-i zatim kucaj combofix /u pa OK.

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

ComboFix 09-04-04.01 - Pedja 2009-04-10 17:17:34.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1259 [GMT 2:00]
Running from: c:\documents and settings\Pedja\Desktop\ComboFix.exe
Command switches used :: / u
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2009-03-10 to 2009-04-10 )))))))))))))))))))))))))))))))
.

2009-04-10 15:43 . 2009-04-10 15:43 <DIR> d-------- c:\windows\LastGood
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\program files\iTunes
2009-04-08 18:08 . 2009-04-08 18:08 <DIR> d-------- c:\program files\iPod
2009-04-08 18:08 . 2009-04-08 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-08 18:06 . 2009-04-08 18:06 <DIR> d-------- c:\program files\QuickTime
2009-04-08 17:51 . 2009-04-08 17:51 <DIR> d-------- c:\program files\Bonjour
2009-04-08 17:13 . 2009-04-08 17:13 <DIR> d---s---- c:\documents and settings\Pedja\UserData
2009-03-20 22:28 . 2009-03-20 22:28 1,964 --a------ c:\windows\ST5UNST.003
2009-03-19 11:45 . 2009-03-19 11:45 131,976 --a------ c:\windows\system32\drivers\epfw.sys
2009-03-19 11:45 . 2009-03-19 11:45 55,768 --a------ c:\windows\system32\drivers\epfwtdi.sys
2009-03-19 11:45 . 2009-03-19 11:45 33,096 --a------ c:\windows\system32\drivers\epfwndis.sys
2009-03-19 11:44 . 2009-03-19 11:44 107,256 --a------ c:\windows\system32\drivers\ehdrv.sys
2009-03-19 11:41 . 2009-03-19 11:41 113,960 --a------ c:\windows\system32\drivers\eamon.sys
2009-03-19 01:44 . 2009-03-19 01:44 1,964 --a------ c:\windows\ST5UNST.002
2009-03-18 22:37 . 2009-03-18 22:37 1,964 --a------ c:\windows\ST5UNST.001
2009-03-17 15:50 . 2009-03-17 15:50 1,964 --a------ c:\windows\ST5UNST.000
2009-03-16 23:06 . 2009-03-16 23:06 <DIR> d-------- c:\program files\Engleski
2009-03-16 23:06 . 1997-01-16 00:00 195,856 --a------ c:\windows\system32\RICHTX32.OCX
2009-03-16 23:06 . 1997-01-16 00:00 192,272 --a------ c:\windows\system32\MCI32.OCX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-10 13:42 --------- d-----w c:\program files\ESET
2009-04-08 16:08 --------- d-----w c:\program files\Common Files\Apple
2009-04-08 16:08 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-04-07 22:35 --------- d-----w c:\program files\myBabylon_English
2009-03-29 20:35 --------- d-----w c:\program files\TuneUp Utilities 2009
2009-03-19 14:32 23,400 ----a-w c:\windows\system32\drivers\GEARAspiWDM.sys
2009-02-16 16:35 --------- d-----w c:\program files\Counter-Strike 1.6
2009-02-09 10:19 1,846,272 ----a-w c:\windows\system32\win32k.sys
2009-01-12 21:09 603,904 ----a-w c:\windows\system32\TUProgSt.exe
2009-01-12 21:09 360,192 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-01-11 18:22 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-04-08_ 0.32.59,44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-08 15:51:28 86,016 ----a-r c:\windows\Installer\{07287123-B8AC-41CE-8346-3D777245C35B}\PrntWzrdIco.exe
+ 2009-04-08 16:09:26 102,400 ----a-r c:\windows\Installer\{5EFCBB42-36AB-4FF9-B90C-E78C7B9EE7B3}\iTunesIco.exe
+ 2009-04-10 13:43:56 10,134 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\callmsi.exe
+ 2009-04-10 13:43:56 97,360 ----a-r c:\windows\Installer\{C21C71CB-3E5C-401C-91D2-DEDACDB26BAF}\egui.exe
+ 2009-03-19 09:45:34 33,096 ----a-w c:\windows\LastGood\system32\DRIVERS\epfwndis.sys
- 2008-08-29 09:18:58 87,336 ----a-w c:\windows\system32\dns-sd.exe
+ 2008-12-12 09:18:16 87,336 ----a-w c:\windows\system32\dns-sd.exe
- 2008-08-29 08:53:50 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-12-12 09:11:46 61,440 ----a-w c:\windows\system32\dnssd.dll
+ 2008-04-17 10:12:54 107,368 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspi.dll
+ 2009-03-19 14:32:48 23,400 -c--a-w c:\windows\system32\DRVSTORE\GEARAspiWD_F475AF659D36685632E9BD97B57E9D9661FF3FFD\x86\GEARAspiWDM.sys
+ 2009-03-26 13:23:46 36,864 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaapl.sys
+ 2009-03-26 13:23:46 1,900,544 -c--a-w c:\windows\system32\DRVSTORE\usbaapl_AF109929C2381E41FEF454F3FEDAA257A9E85F92\usbaaplrc.dll
- 2008-04-17 12:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
+ 2008-04-17 10:12:54 107,368 ----a-w c:\windows\system32\GEARAspi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-02-07 14:39 1881112 --a------ c:\program files\myBabylon_English\tbmyB1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-02-07 1881112]

[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"filehippo.com"="c:\program files\filehippo.com\UpdateChecker.exe" [2008-12-31 146432]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ACU"="c:\program files\Atheros\ACU.exe" [2007-05-03 376921]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2002-12-31 208896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-04-02 342312]
"CyberMania"="c:\program files\ESET\CyberMania.exe" [2008-07-04 556175]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-03-19 2029640]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 c:\windows\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2006-06-29 c:\windows\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2002-12-31 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-09-09 525664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 21:24 32768 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\Orb.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbTray.exe"=
"c:\\Program Files\\Winamp Remote\\bin\\OrbStreamerClient.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-03-19 107256]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-03-19 731840]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-01-12 603904]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [2009-01-11 30336]
R3 WSIMD;wsimd Service;c:\windows\system32\drivers\wsimd.sys [2009-01-11 57024]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - EHDRV
*NewlyCreated* - EKRN

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-12-11 22:36]

2009-04-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 13:34]

2009-04-10 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 18:39]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/home
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\documents and settings\Pedja\Application Data\Mozilla\Firefox\Profiles\e2hdx16a.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-10 17:19:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\Pedja\LOCALS~1\Temp\Perflib_Perfdata_fdc.dat 16384 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1068-)
c:\windows\system32\athgina.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-10 17:21:17
ComboFix-quarantined-files.txt 2009-04-10 15:21:14
ComboFix2.txt 2009-04-10 15:04:49
ComboFix3.txt 2009-04-10 14:23:49
ComboFix4.txt 2009-04-09 19:47:59
ComboFix5.txt 2009-04-10 15:17:20

Pre-Run: 25.984.237.568 bytes free
Post-Run: 25,972,465,664 bytes free

208 --- E O F --- 2009-03-15 04:21:27

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Taj log ti se pojavi kada ono uradis, ili krene skeniranje pa ti se pojavi log?

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Ovo sa ti poslao posle>Klikni Start-Run-i zatim kucaj combofix /u pa OK.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Cudno, raspitacu se.

offline
  • Pridružio: 08 Apr 2009
  • Poruke: 57
  • Gde živiš: Indjija

Nakon te komande koju si mi poslao racunar je skeniran pomocu combofix-a a rezultat skeniranja sam ti poslao u 19.34

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8620
  • Gde živiš: Novi Beograd

Sad mi je skrenuta paznja, a nisam ni ja video...

Ti si kucao razmak i pre u.

Ukucaj ovo sto ti napisem:

combofix /u

Ko je trenutno na forumu
 

Ukupno su 864 korisnika na forumu :: 6 registrovanih, 0 sakrivenih i 858 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: babaroga, Milos ZA, Neutral-M, Panter, pein, VJ