Poslao: 28 Sep 2007 17:20
|
offline
- Pridružio: 26 Feb 2006
- Poruke: 217
|
Novi log:
Logfile of HijackThis v1.99.1
Scan saved at 17:19:51, on 28.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Cyclone PVR\Remote.exe
C:\Program Files\Cyclone PVR\Schedule.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\StickyPad\StickyPad.exe
D:\Program Files\aMSN\bin\wish.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\Milos\Desktop\tr3.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TvrRemote] "C:\Program Files\Cyclone PVR\Remote.exe"
O4 - HKLM\..\Run: [TvrSchedule] "C:\Program Files\Cyclone PVR\Schedule.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [amsn] "D:\Program Files\aMSN\amsn.exe"
O4 - HKCU\..\Run: [Sticky Pad] D:\Program Files\StickyPad\StickyPad.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
|
|
|
|
Poslao: 28 Sep 2007 17:41
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Pokreni HT, skeniraj i štikliraj sledeće linije:
O2 - BHO: Ask Toolbar BHO - {F4D76F01-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
O3 - Toolbar: Ask Toolbar - {F4D76F09-7896-458a-890F-E1F05C46069F} - C:\Program Files\AskPBar\bar\1.bin\ASKPBAR.DLL
i klikni na Fix Checked.
Obriši folder: C:\Program Files\AskPBar
---------------------------------------------------------------------
Skini ComboFix:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
Startuj ga i ne diraj prozor programa dok skenira jer ume da se zaglavi ukoliko ga "uznemiravaš".
Sledi uputstva na ekranu. Kada završi pojaviće se log koji ćeš nam ovde iskopirati kao i novi HT log.
|
|
|
|
Poslao: 28 Sep 2007 18:13
|
offline
- Pridružio: 26 Feb 2006
- Poruke: 217
|
Combofix log:
ComboFix 07-09-21.2 - "Milos" 2007-09-28 17:53:29.1 - NTFSx86
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\skbar.log
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\244666.sdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\704748.sdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ASPL1.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\domains.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\13634
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\34118
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\35000
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\44214
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\52253
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\54473
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\64429
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\65461
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\6873
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\86379
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\90271
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\TooltipXML\9770
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\dynamic\ustat\351c.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans.idx
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\btntrans1.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\buttondir.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\components.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_1000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_2000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_3000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bar.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_bbar1.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_logos.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_buttons_other.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\d_icons_weather.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\default.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_511745-514279.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_categorize.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_comparison.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-Mails.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_explorer-people.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_favorites.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Games.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hide.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hotbarcom.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Hotmail.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_hsskin.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemster.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsterie.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jemsteruk.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_jobsearch.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_Mails.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSidewalk.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_MobileSW-US.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_new.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_premium.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_reun.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_ringtones.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchfor.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_searchgo.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_weather.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Default_yellowpages.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-548964.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-def-511724-9595.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\email-t1-bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\icons2.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords.idx
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\keywords1.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\layout.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\linkpathlegal.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\progress.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\s_icons_buttons.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\sales_buttons.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\seekmo.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\t2_bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\theweb.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\top7.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\Top7_theweb.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\1\tsd_bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans.idx
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\btntrans1.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\buttondir.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\components.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_1000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_2000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_3000.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bar.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_bbar1.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_logos.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_buttons_other.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\d_icons_weather.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\default.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_511745-514279.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-ca.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_bidzC_ZT_IE-us.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_categorize.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_comparison.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-Mails.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_explorer-people.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_favorites.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Games.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hide.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hotbarcom.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Hotmail.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_hsskin.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemster.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsterie.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jemsteruk.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_jobsearch.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_Mails.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSidewalk.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_MobileSW-US.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_new.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_premium.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_reun.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_ringtones.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_SearchBoxTrapper.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchfor.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_searchgo.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_weather.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Default_yellowpages.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-548964.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-def-511724-9595.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\email-t1-bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\icons2.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords.idx
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\keywords1.dat
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\layout.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\linkpathlegal.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\progress.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\s_icons_buttons.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\sales_buttons.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\seekmo.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\t2_bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\theweb.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\top7.cdf
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\Top7_theweb.mnu
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\2\tsd_bg.res
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\BtnTrans1.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\buttondir.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_1000.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_2000.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_3000.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bar.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_bbar1.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_logos.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_buttons_other.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\d_icons_weather.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\default.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\email-t1-bg.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\icons2.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\keywords1.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\layout.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\linkpathlegal.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\progress.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\s_icons_buttons.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\sales_buttons.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.txt
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\samplegroups2.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\seekmo.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\t2_bg.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\top7.xip
C:\DOCUME~1\Milos\APPLIC~1\SeekmoToolbar\v3.0\SeekmoToolbar\static\DownLoad\tsd_bg.xip
.
((((((((((((((((((((((((( Files Created from 2007-08-28 to 2007-09-28 )))))))))))))))))))))))))))))))
.
2007-09-28 17:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-27 17:02 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\OpenOffice.org2
2007-09-27 16:58 <DIR> d-------- C:\Program Files\OpenOffice.org 2.2
2007-09-24 17:08 <DIR> d-------- C:\Program Files\Ofb1
2007-09-22 12:58 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\InstallShield
2007-09-20 21:53 <DIR> d-------- C:\DTaskManager
2007-09-19 22:38 11,264 --a------ C:\WINDOWS\IFD32.exe
2007-09-19 22:22 59,904 --a------ C:\fhxwqdkq.exe
2007-09-19 22:22 45,383 --a------ C:\gyac.exe
2007-09-19 22:22 35,115 --a------ C:\acecdejd.exe
2007-09-19 22:22 32,768 --a------ C:\stfqfrq.exe
2007-09-19 22:22 32,584 --a------ C:\jyrue.exe
2007-09-17 06:13 1,268,368 --a------ C:\WINDOWS\system32\Bikini02.Scr
2007-09-16 17:35 9,806 --a------ C:\WINDOWS\We.exe
2007-09-15 15:29 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\Nokia Multimedia Player
2007-09-15 14:45 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-09-15 13:15 <DIR> d-------- C:\DOCUME~1\Milos\Phone Browser
2007-09-15 13:15 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\Nokia
2007-09-15 13:15 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\Datalayer
2007-09-15 13:14 <DIR> d-------- C:\Program Files\DIFX
2007-09-15 13:13 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-09-15 13:13 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-09-15 13:13 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-09-15 13:13 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-09-15 13:13 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-09-15 13:13 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-09-15 13:13 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-09-15 13:13 <DIR> d-------- C:\Program Files\Nokia
2007-09-15 13:13 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-09-15 13:13 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\PC Suite
2007-09-15 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PC Suite
2007-09-15 13:13 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2007-09-09 01:13 47,036 --a------ C:\WINDOWS\PPe.exe
2007-09-08 22:52 47,036 --a------ C:\WINDOWS\avss.exe
2007-09-08 20:22 <DIR> d-------- C:\Lyrics
2007-09-08 20:22 <DIR> d-------- C:\DOCUME~1\Milos\APPLIC~1\MiniLyrics
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-28 18:01 --------- d-------- C:\DOCUME~1\Milos\APPLIC~1\Free Download Manager
2007-09-28 17:57 22516512 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-09-28 17:57 1118496 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-09-28 17:11 304220 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-09-28 17:11 107756 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-09-28 16:22 --------- d-------- C:\Program Files\Crawler
2007-09-27 18:12 --------- d-------- C:\DOCUME~1\Milos\APPLIC~1\Skype
2007-09-26 17:18 642 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2007-09-26 16:27 10646 --ahs---- C:\WINDOWS\system32\KGyGaAvL.sys
2007-09-19 23:24 --------- d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-15 11:16 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-08-27 22:35 --------- d-------- C:\DOCUME~1\Milos\APPLIC~1\GRETECH
2007-08-26 22:09 --------- d-------- C:\Program Files\SystemRequirementsLab
2007-08-26 22:09 --------- d-------- C:\DOCUME~1\Milos\APPLIC~1\SystemRequirementsLab
2007-08-23 17:54 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-08-21 14:27 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-08-16 12:37 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\NVIDIA
2007-08-16 12:18 --------- d-------- C:\Program Files\My Company Name
2007-08-14 01:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Help
2007-08-14 00:59 --------- d-------- C:\Program Files\MSBuild
2007-08-14 00:59 --------- d-------- C:\Program Files\Microsoft Works
2007-08-14 00:57 --------- d-------- C:\Program Files\Microsoft.NET
2007-08-14 00:53 --------- d-------- C:\Program Files\Microsoft Visual Studio 8
2007-08-13 23:13 --------- d-------- C:\Program Files\Common Files\Autodesk Shared
2007-08-13 23:13 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-08-13 23:09 --------- d-------- C:\Program Files\Spyware Terminator
2007-08-12 16:19 --------- d-------- C:\Program Files\JoWooD
2007-08-09 14:31 --------- d-------- C:\Program Files\Common Files\DirectX
2007-08-09 00:15 37888 --a------ C:\WINDOWS\system32\flash_lib.dll
2007-08-09 00:15 1117184 --a------ C:\WINDOWS\system32\swfExt.dll
2007-08-07 12:41 --------- d-------- C:\Program Files\GNU
2007-08-07 00:46 --------- d-------- C:\Program Files\Windows Media Connect 2
2007-06-30 11:14 35363 --a------ C:\WINDOWS\system32\windrvNT.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-04-15 05:01 C:\WINDOWS\SOUNDMAN.EXE]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"DU Meter"="D:\Program Files\DU Meter\DUMeter.exe" [2005-02-01 20:28]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"TvrRemote"="C:\Program Files\Cyclone PVR\Remote.exe" [2005-09-14 12:49]
"TvrSchedule"="C:\Program Files\Cyclone PVR\Schedule.exe" [2005-09-27 20:03]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-11-09 00:00]
"AGRSMMSG"="AGRSMMSG.exe" [2002-10-18 05:07 C:\WINDOWS\AGRSMMSG.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 15:43]
"nwiz"="nwiz.exe" [2006-08-11 15:43 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-08-11 15:43 C:\WINDOWS\system32\nvmctray.dll]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"Free Download Manager"="D:\Program Files\Free Download Manager\fdm.exe" [2006-08-21 00:24]
"amsn"="D:\Program Files\aMSN\amsn.exe" [2006-11-24 20:51]
"Sticky Pad"="D:\Program Files\StickyPad\StickyPad.exe" [2007-04-23 23:13]
C:\DOCUME~1\Milos\STARTM~1\Programs\Startup\
OpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe [2007-02-02 17:54:56]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ServiceLayer"=3 (0x3)
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{96c1c808-fe4c-11db-9aa1-0015f23356a3}]
AutoRun\command- E:\Autorun.exe
*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-09-28 15:15:00 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-28 18:01:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-28 18:03:24
C:\ComboFix-quarantined-files.txt ... 2007-09-28 18:03
.
--- E O F ---
HijackThis log:
Logfile of HijackThis v1.99.1
Scan saved at 18:13:00, on 28.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Cyclone PVR\Remote.exe
C:\Program Files\Cyclone PVR\Schedule.exe
D:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Free Download Manager\fdm.exe
D:\Program Files\StickyPad\StickyPad.exe
D:\Program Files\aMSN\bin\wish.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\NetLimiter 2 Monitor\NLClient.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Milos\Desktop\tr3.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO.dll
O2 - BHO: Alcohol Toolbar Helper - {52D06F97-5511-43FA-8FDA-C481864FD26E} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - D:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: Alcohol Toolbar - {4C4E7CDB-5BFC-4D74-83E2-8AE659B7EDA2} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TvrRemote] "C:\Program Files\Cyclone PVR\Remote.exe"
O4 - HKLM\..\Run: [TvrSchedule] "C:\Program Files\Cyclone PVR\Schedule.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\RunOnce: [AskPBar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] D:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [amsn] "D:\Program Files\aMSN\amsn.exe"
O4 - HKCU\..\Run: [Sticky Pad] D:\Program Files\StickyPad\StickyPad.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} (FunGamesLoader Object) - http://www.worldwinner.com/games/v46/shared/FunGamesLoader.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: NetLimiter (nlsvc) - Locktime Software - D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe (file missing)
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - D:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
|
|
|
|
Poslao: 28 Sep 2007 19:58
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Potrebno je da omogućiš prikaz skrivenih fileova/foldera:
My Computer > izabere se Tools menu i klik na Folder Options.
Izabere se View tab.
Nadje se Hidden files and folders označi opcija Show hidden files and folders.
Deštiklira opcija Hide file extensions for known types.
Slikano:
https://www.mycity.rs/must-login.png
--------------------------------------------------
Pronađi sledeće file-ove i upakuj ih u jedan zip:
C:\WINDOWS\IFD32.exe
C:\fhxwqdkq.exe
C:\gyac.exe
C:\acecdejd.exe
C:\stfqfrq.exe
C:\jyrue.exe
C:\WINDOWS\system32\Bikini02.Scr
C:\WINDOWS\We.exe
C:\WINDOWS\avss.exe
i uploaduj taj zip file: http://www.mycity.rs/ambulanta-upload.php
------------------------------------------------------------------
Napiši mi sledeće: da li je drive sa oznakom E: particija na hard disku ili je u pitanju CD/DVD?
Takođe, imaš li TV karticu?
|
|
|
|
Poslao: 28 Sep 2007 20:15
|
offline
- Pridružio: 26 Feb 2006
- Poruke: 217
|
Imam TV kartu, i E: mi je ili DVD ili Virtual drive. Sad ću da uploadujem ono...
Dopuna: 28 Sep 2007 20:11
Uploaduje se...
Dopuna: 28 Sep 2007 20:15
Uploadovano. Arhiva se zove m1los.zip.
|
|
|
|
Poslao: 28 Sep 2007 21:17
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Obriši sledeće file-ove:
C:\WINDOWS\IFD32.exe
C:\fhxwqdkq.exe
C:\gyac.exe
C:\acecdejd.exe
C:\stfqfrq.exe
C:\jyrue.exe
C:\WINDOWS\We.exe
C:\WINDOWS\avss.exe
-------------------------------------------
Skeniraj komp sa GMER-om i postavi log da proverimo da nema nekih rootkitova...
Uradi sledeće:
Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.
Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard.
Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt.
Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt.
Iskopiraj nam ovde sadrzaj ta dva fajla koja smo malopre snimili.
|
|
|
|
|
Poslao: 28 Sep 2007 22:00
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Iskopiraj... ako bude preveliko za poruku, onda priloži.
|
|
|
|
Poslao: 28 Sep 2007 22:06
|
offline
- Pridružio: 26 Feb 2006
- Poruke: 217
|
File1: https://www.mycity.rs/must-login.png
File 2:
GMER 1.0.13.12551 - http://www.gmer.net
Autostart scan 2007-09-28 21:52:35
Windows 5.1.2600 Service Pack 2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon >>>
@UserinitC:\WINDOWS\system32\userinit.exe, = C:\WINDOWS\system32\userinit.exe,
@UIHostC:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe = C:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
klogon@DLLName = C:\WINDOWS\system32\klogon.dll
WgaLogon@DLLName = WgaLogon.dll
HKLM\SYSTEM\CurrentControlSet\Services\ >>>
ATKKeyboardService /*ATK Keyboard Service*/@ = C:\WINDOWS\ATKKBService.exe
MDM /*Machine Debug Manager*/@ = "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
nlsvc /*NetLimiter*/@ = "D:\Program Files\NetLimiter 2 Monitor\nlsvc.exe"
NOD32krn /*NOD32 Kernel Service*/@ = "C:\Program Files\Eset\nod32krn.exe"
NVSvc /*NVIDIA Display Driver Service*/@ = %SystemRoot%\system32\nvsvc32.exe
RichVideo /*Cyberlink RichVideo Service(CRVS)*/@ = "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" ?????????????????????????????????????????????????????? /*file not found*/
SPF4 /*Sunbelt Personal Firewall 4*/@ = "C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"
Spooler /*Print Spooler*/@ = %SystemRoot%\system32\spoolsv.exe
StarWindService /*StarWind iSCSI Service*/@ = D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe /*file not found*/
HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@SoundManSOUNDMAN.EXE = SOUNDMAN.EXE
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
@DU MeterD:\Program Files\DU Meter\DUMeter.exe = D:\Program Files\DU Meter\DUMeter.exe
@NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe = C:\WINDOWS\system32\NeroCheck.exe
@TvrRemote"C:\Program Files\Cyclone PVR\Remote.exe" = "C:\Program Files\Cyclone PVR\Remote.exe"
@TvrSchedule"C:\Program Files\Cyclone PVR\Schedule.exe" = "C:\Program Files\Cyclone PVR\Schedule.exe"
@DAEMON Tools"D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 = "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
@AGRSMMSGAGRSMMSG.exe = AGRSMMSG.exe
@NvCplDaemonRUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
@nwiznwiz.exe /install = nwiz.exe /install
@NvMediaCenterRunDLL32.exe NvMCTray.dll,NvTaskbarInit = RunDLL32.exe NvMCTray.dll,NvTaskbarInit
@nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE = "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
RunOnce@AskPBar Uninstall = rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@Free Download ManagerD:\Program Files\Free Download Manager\fdm.exe -autorun /*file not found*/ = D:\Program Files\Free Download Manager\fdm.exe -autorun /*file not found*/
@amsn"D:\Program Files\aMSN\amsn.exe" = "D:\Program Files\aMSN\amsn.exe"
@Sticky PadD:\Program Files\StickyPad\StickyPad.exe = D:\Program Files\StickyPad\StickyPad.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{A7C41360-B167-4916-9221-FA397C8291C3} /*StickyPad icon handler*/D:\Program Files\StickyPad\StickyPadIconHandler.dll = D:\Program Files\StickyPad\StickyPadIconHandler.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{B089FE88-FB52-11D3-BDF1-0050DA34150D} /*NOD32 Context Menu Shell Extension*/C:\Program Files\Eset\nodshex.dll = C:\Program Files\Eset\nodshex.dll
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll
axcrypt.File@{C7409F58-062E-4D45-B206-5DB1D983E66F} = D:\Program Files\Axon Data\AxCrypt\1.6.3\AxCrypt.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
TuneUp Shredder Shell Extension@{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} = C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
axcrypt.File@{C7409F58-062E-4D45-B206-5DB1D983E66F} = D:\Program Files\Axon Data\AxCrypt\1.6.3\AxCrypt.dll
Kaspersky Anti-Virus@{dd230880-495a-11d1-b064-008048ec2fc5} = C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll
NOD32 Context Menu Shell Extension@{B089FE88-FB52-11D3-BDF1-0050DA34150D} = C:\Program Files\Eset\nodshex.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
@{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}D:\Program Files\BitComet\tools\BitCometBHO.dll = D:\Program Files\BitComet\tools\BitCometBHO.dll
@{52D06F97-5511-43FA-8FDA-C481864FD26E}C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll = C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
@{9030D464-4C02-4ABF-8ECC-5164760863C6}C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
@{CC59E0F9-7E43-44FA-9FAA-8377850BF205}D:\Program Files\Free Download Manager\iefdmcks.dll = D:\Program Files\Free Download Manager\iefdmcks.dll
HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm
HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-help@CLSID = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
skype4com@CLSID = C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\ >>>
000000000001@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000002@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000003@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000004@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
000000000005@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000019@PackedCatalogItem = C:\WINDOWS\system32\imon.dll
C:\Documents and Settings\Milos\Start Menu\Programs\Startup = OpenOffice.org 2.2.lnk
---- EOF - GMER 1.0.13 ----
|
|
|
|
Poslao: 29 Sep 2007 00:11
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Uradićemo još jednu dodatnu proveru...
Skini Dr.Web Cureit!, smesti ga na desktopu i sa njim skeniraj kompjuter na sledeci nacin:
prvo udji u Safe Mode, uputstvo imas -> ovde
dvoklikom pokreni cureit.exe nakon cega ce se pojaviti uvodni prozor, onda pritisni dugme Start,
opet ce se pojaviti jos jedan prozor, izaberi OK,
sacekaj nekoliko minuta da Dr.Web izvrsi uvodno skeniranje memorije,
klikom misa obelezi particije za skeniranje, obelezene su kada se na njima nalazi crvena loptica,
u gornjem levom uglu programa idi na Options->Change settings F9 i uradi kao sto je objasnjeno na slici -> ovde,
na desnoj strani programa pritisni Start i Dr.Web ce zapoceti skeniranje.
Nakon skeniranja, postavi ovde novi HT log i priloži uz poruku file C:\Documents and Settings\Milos\DoctorWeb\CureIt.log.
|
|
|
|