Možda tražite i:
Provera
Provera znanja France '98
Provera nakon skeniranja Trojan Hunterom
Provera auta

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Provera

Napisano na dan: 24.3.2008

Provera

Sledeća strana

Pagination

Odgovori

sajmon Poslao: 24 Mar 2008 18:59 Idi na vrh
offline sajmon Građanin Pridružio: 05 Maj 2006 Poruke: 86	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo mog hijackthis loga moze li neko strucan reci da li je sve u redu....inace imam malih problema sa kompom...: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:55:19, on 24.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\utorrent\utorrent.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = norwegian.toggle.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: dcads - {733716E1-76D2-4003-AC39-845281C0EF85} - C:\WINDOWS\system32\nsoE.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: MySidesearch Search Assistant - {C17E102B-BD29-4e92-B699-1A21D2CB8E6C} - C:\WINDOWS\system32\mysidesearch_sidebar.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file) O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.coop.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1061C708-966B-46E3-AF7C-2C3936033184}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\..\{21B48BF8-9C87-48E2-A255-D87EC536144E}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\..\{265A2082-B337-469C-8805-D38368B42B7F}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\..\{2859E691-CB1B-43FD-B203-40279A7538E6}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\..\{5E25966C-9ABD-49CB-95F3-9386EA6FEFBA}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\..\{63CE27CF-33EF-44B3-8150-D51F7924D150}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.36 85.255.112.98 O17 - HKLM\System\CS1\Services\Tcpip\..\{1061C708-966B-46E3-AF7C-2C3936033184}: NameServer = 85.255.116.36,85.255.112.98 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.36 85.255.112.98 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\WINDOWS\system32\pr2akdnc.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 11928 bytes hvala unapred..

Profil

dr_Bora Poslao: 24 Mar 2008 19:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, sajmon... U logu su vidljivi tragovi više infekcija... Vidim da imaš instalirana dva antivirus programa. To nije poželjno i bilo bi dobro da se odlučiš za jednog, a drugi da deinstaliraš. ------------------------------------------------------------------------------------- Preuzmi FixWareOut. Dvoklikom pokreni Fixwareout.exe U prozoru koji se otvori, klikni Next >, a nakon toga Install Kada instalacija bude gotova, klikni Finish Otvoriće se prozor - pritisni bilo koji taster za nastavak Kada se pojavi upit o restartovanju kompjutera, klikni OK Kompjuter će se restartovati, nakon čega će biti nastavljen proces čišćenja Kada se pojavi obaveštenje o započinjanju čišćenja, klikni OK Kada proces bude završen, pojaviće se obaveštenje koje treba zatvoriti klikom na OK i otvoriće se logfile u Notepad-u koji je potrebno iskopirati u temu na forumu ------------------------------------------------------------------------------------- Skini ComboFix sa jedne od sledecih adresa na Desktop: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

sajmon Poslao: 24 Mar 2008 21:39 Idi na vrh
offline sajmon Građanin Pridružio: 05 Maj 2006 Poruke: 86	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga ovaj prvi log: Username "Veljko" - 2008-03-24 20:53:02 [Fixwareout edited 9/01/2007] ~~~~~ Prerun check DNS Resolver-bufferen ble tømt. System was rebooted successfully. ~~~~~ Postrun check HKLM\SOFTWARE\~\Winlogon\ "System"="" .... .... ~~~~~ Misc files. .... ~~~~~ Checking for older varients. .... ~~~~~ Current runs (hklm hkcu "run" Keys Only) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe" "HDAudDeck"="C:\\Program Files\\VIAudioi\\HDADeck\\HDeck.exe 1" "CHotkey"="mHotkey.exe" "ledpointer"="CNYHKey.exe" "NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe" "Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\wmccfg.exe\" /StartQuiet" "DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033" "USBToolTip"="\"C:\\Program Files\\Pinnacle\\Shared Files\\Programs\\USBTip\\USBTip.exe\"" "UnlockerAssistant"="\"C:\\Program Files\\Unlocker\\UnlockerAssistant.exe\"" "Sony Ericsson PC Suite"="\"C:\\Program Files\\Sony Ericsson\\Mobile2\\Application Launcher\\Application Launcher.exe\" /startoptions" "AVP"="\"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe\"" "Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_05\\bin\\jusched.exe\"" "TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\"" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe" "SweetIM"="C:\\Program Files\\Macrogaming\\SweetIM\\SweetIM.exe" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MsnMsgr"="~\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe" .... Hosts file was reset, If you use a custom hosts file please replace it... ~~~~~ End report ~~~~~ kako mislis imam 2 anti virusa...ja imam samo kasperski 6.0 koji je drugi??? stize uskoro ovaj drugi log Dopuna: 24 Mar 2008 21:39 evo ga i drugi log: ComboFix 08-03-22.3 - Veljko 2008-03-24 21:06:16.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.520 [GMT 1:00] Running from: C:\Documents and Settings\Veljko\Desktop\ComboFix.exe * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . -- Other TimeOuts -- VFind -td "C:\WINDOWS\system32\baiso" CF26376.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" CF26376.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" catchme -apx Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF26376.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" catchme -apx catchme -apx SED "s/\\/\\\\/g" MTEE /+ cfiles.dat SED -r "/^svchost.exe$/I!d; s/.{37}//" Handle .exe CF26376.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot" Handle .exe ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Documents and Settings\Cika Gile\err.log C:\Documents and Settings\Veljko\err.log C:\Program Files\Adssite Games Collection C:\Program Files\Adssite Games Collection\BattlesOfHelicopters.exe C:\Program Files\Adssite Games Collection\BobAndBill.exe C:\Program Files\Adssite Games Collection\CrazyBlocks.exe C:\Program Files\Adssite Games Collection\Lines.exe C:\Program Files\Adssite Games Collection\uninstall.exe C:\Program Files\Adssite Games Collection\VideoPool.exe C:\WINDOWS\Fonts\acrsecB.fon C:\WINDOWS\Fonts\acrsecI.fon C:\WINDOWS\system32\Cache C:\WINDOWS\system32\dcads-remove.exe C:\WINDOWS\system32\nsoE.dll C:\WINDOWS\system32\tmp22.tmp D:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2008-02-24 to 2008-03-24 ))))))))))))))))))))))))))))))) . 2008-03-24 21:18 . 2008-03-24 21:18 6,736 --a------ C:\WINDOWS\system32\drivers\PROCEXP90.SYS 2008-03-24 20:13 . 2008-03-24 20:36 <DIR> d-------- C:\ComboFix[1] 2008-03-24 19:59 . 2008-03-24 20:59 <DIR> d-------- C:\fixwareout 2008-03-20 19:50 . 2008-03-20 20:27 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\U3 2008-03-18 13:19 . 2008-03-18 13:19 153,600 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll 2008-03-17 02:14 . 2008-03-19 00:27 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 2008-03-14 16:52 . 2008-03-20 03:22 <DIR> d-------- C:\Program Files\Counter-Strike Source 2008-03-07 12:46 . 2008-03-18 21:13 84,729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe 2008-03-07 12:45 . 2008-03-07 12:45 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe 2008-03-02 19:33 . 2008-03-02 19:33 <DIR> d-------- C:\Program Files\iTunes 2008-03-02 19:33 . 2008-03-02 19:33 <DIR> d-------- C:\Program Files\iPod 2008-03-02 19:27 . 2008-03-02 19:27 <DIR> d-------- C:\Program Files\Bonjour 2008-03-01 09:57 . 2008-03-01 10:03 <DIR> d-------- C:\Program Files\DietSuccess 2008-02-29 22:40 . 2008-03-04 16:11 <DIR> d-------- C:\Program Files\MixVibes6 2008-02-29 22:28 . 2008-03-04 16:30 <DIR> d-------- C:\OtsLabs 2008-02-29 22:21 . 2008-02-29 22:35 <DIR> d-------- C:\Program Files\AV Vcs 6.0 2008-02-29 21:48 . 2008-03-24 21:00 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\LimeWire 2008-02-29 21:46 . 2008-02-29 21:47 <DIR> d-------- C:\Program Files\LimeWire 2008-02-29 15:42 . 2008-02-29 15:42 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-28 20:08 . 2008-03-01 01:57 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\Skype 2008-02-24 19:30 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-24 20:27 40,630,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-24 20:26 1,067,040 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-24 19:54 546,752 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-24 19:54 103,976 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-24 19:02 --------- d-----w C:\Program Files\Google 2008-03-24 19:01 --------- d-----w C:\Documents and Settings\Veljko\Application Data\uTorrent 2008-03-24 00:12 --------- d-----w C:\Program Files\Java 2008-03-21 16:56 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-15 22:43 --------- d-----w C:\Program Files\sXe Injected 2008-03-09 21:31 --------- d-----w C:\Program Files\Sibelius Software 2008-03-04 15:29 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-04 15:23 --------- d-----w C:\Program Files\Ganymede 2008-03-04 15:20 --------- d-----w C:\Program Files\PeerWeb DC++ 2008-03-04 15:18 --------- d-----w C:\Program Files\Screamer Radio 2008-03-03 15:09 --------- d-----w C:\Program Files\QuickTime 2008-02-29 14:41 --------- d-----w C:\Program Files\Common Files\Real 2008-02-26 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Desperate Housewives 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\Cika Gile\Application Data\Desperate Housewives 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desperate Housewives 2008-02-21 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 18:40 --------- d-----w C:\Program Files\PAN Vision 2008-02-20 18:11 --------- d-----w C:\Program Files\Evonsoft Computer Repair 2008-02-20 18:11 --------- d-----w C:\Documents and Settings\Veljko\Application Data\IObit 2008-02-19 20:01 --------- d-----w C:\Documents and Settings\Veljko\Application Data\GanymedeNet 2008-02-19 15:05 --------- d-----w C:\Program Files\Bridge Builder 2008-02-15 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sibelius Software 2008-02-14 13:48 --------- d-----w C:\Program Files\Microsoft VM 2008-02-13 17:06 --------- d-----w C:\Documents and Settings\Veljko\Application Data\Sibelius Software 2008-02-12 22:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-12 20:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-11 21:52 2,526 ----a-w C:\Documents and Settings\Veljko\Application Data\wklnhst.dat 2008-02-10 22:38 --------- d-----w C:\Program Files\Skype 2008-02-10 22:38 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-10 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-07 20:22 --------- d-----w C:\Documents and Settings\Veljko\Application Data\Neuratron 2008-02-07 20:05 --------- d-----w C:\Documents and Settings\Veljko\Application Data\BSplayer Pro 2008-02-07 18:33 --------- d-----w C:\Program Files\Neuratron PhotoScore Lite 2008-02-07 18:20 --------- d-----w C:\Program Files\Native Instruments 2008-02-01 19:32 --------- d-----w C:\Program Files\Sony 2008-02-01 19:30 --------- d-----w C:\Program Files\Winamp 2008-02-01 19:30 --------- d-----w C:\Program Files\CA 2008-01-30 20:02 --------- d-----w C:\Documents and Settings\Cika Gile\Application Data\Sony Ericsson 2008-01-28 18:43 --------- d-----w C:\Program Files\VstPlugins 2008-01-28 18:43 --------- d-----w C:\Program Files\Image-Line 2008-01-28 17:43 --------- d-----w C:\Program Files\VirtualDJ 2008-01-27 18:15 --------- d-----w C:\Program Files\DivX 2008-01-25 21:52 --------- d-----w C:\Program Files\Sony Setup 2007-12-06 18:58 604 ---ha-w C:\Program Files\STLL Notifier 2007-10-13 17:43 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-10-13 17:39 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-08-03 14:27 284 ----a-w C:\Documents and Settings\Cika Gile\Application Data\wklnhst.dat 2006-11-14 20:38 81,920 ----a-w C:\Documents and Settings\Veljko\Application Data\ezpinst.exe 2006-11-14 20:38 47,360 ----a-w C:\Documents and Settings\Veljko\Application Data\pcouffin.sys 1996-02-23 14:46 29,184 ----a-w C:\Documents and Settings\Veljko\Fb_ngn.exe 1996-02-23 14:21 16,896 ----a-w C:\Documents and Settings\Veljko\Uraspec.exe 1996-02-23 14:17 18,432 ----a-w C:\Documents and Settings\Veljko\Dictmgr.exe 2007-06-13 14:07 6,276,080 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C17E102B-BD29-4e92-B699-1A21D2CB8E6C}] 2008-03-18 13:19 153600 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-07-25 15:35 102512] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01 67584] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 23:36 684032] "CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\wmccfg.exe" [2006-10-18 21:58 8704] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-06-01 03:37 196608] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-29 15:39 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] C:\Documents and Settings\Veljko\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 22:32:57 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\WinPcap\\rpcapd.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R0 klick;klick;C:\WINDOWS\system32\Drivers\klick.sys [2008-03-24 20:55] R0 klin;klin;C:\WINDOWS\system32\Drivers\klin.sys [2008-03-24 20:55] R0 ps6akdnc;You Are Empty Synchronization Driver (ps6akdnc);C:\WINDOWS\system32\drivers\ps6akdnc.sys [2007-04-19 10:50] R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sMSSMLBIZ [] R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 07:22] R2 SMTPSVC;Simple Mail Transport Protocol (SMTP);C:\WINDOWS\system32\inetsrv\inetinfo.exe [2004-08-10 13:00] R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 04:29] R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-29 00:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 18:45] S2 pr2akdnc;You Are Empty Drivers Auto Removal (pr2akdnc);C:\WINDOWS\system32\pr2akdnc.exe svc [] S2 SurferService;AutomatedSurfer;C:\WINDOWS\system32\srvany.exe [1997-05-14 23:49] S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);C:\WINDOWS\system32\DRIVERS\CPWGU.sys [] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-10-24 13:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-03-01 09:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-24 21:27:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDefend] "ImagePath"="\"C:\Program Files\Windows Defender\MsMpEng.exe\"" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe -> C:\WINDOWS\HKCYDLL.dll . Completion time: 2008-03-24 21:36:01 ComboFix-quarantined-files.txt 2008-03-24 20:35:36 . 2008-02-08 14:26:59 --- E O F ---

Profil

dr_Bora Poslao: 24 Mar 2008 22:08 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! U logu su vidljivi tragovi McAfee-a. Da bi ga potpuno uklonio, možeš koristiti program sa sledećeg linka: http://download.mcafee.com/products/licensed/cust_support_patches/MCPR.exe Pokreni ga dvoklikom - pojaviće se i odmah zatvoriti crni prozor. Potrebno je da sačekaš da se pojavi naredni prozor sa obaveštenjem da je proces završen (može potrajati koji minut). ------------------------------------------------------------------------------------- Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\mysidesearch_sidebar.dll C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\superiorads-uninst.exe Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C17E102B-BD29-4e92-B699-1A21D2CB8E6C}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Takođe, postavi i svež HijackThis log.

Profil

sajmon Poslao: 25 Mar 2008 10:48 Idi na vrh
offline sajmon Građanin Pridružio: 05 Maj 2006 Poruke: 86	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! izbirsao sam mcafree i pojavljivali su se crni prozori i onda se na kraju restartovao komp... evo prvog loga: ComboFix 08-03-22.3 - Veljko 2008-03-25 10:15:54.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.490 [GMT 1:00] Running from: C:\Documents and Settings\Veljko\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Veljko\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\mysidesearch_sidebar.dll C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\superiorads-uninst.exe . -- Other TimeOuts -- VFind -td "C:\WINDOWS\system32\baiso" CF16962.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" SED "/32\\[0-9]\\insatll.~tmp/I!d" VFind -tf "C:\WINDOWS\system32\insatll.~tmp" CF16962.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" catchme -apx Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement" GREP -i "C:\\Program Files\\[^\\]\\[^\\]$" VFind -tf -s282624 "C:\Program Files\????????[0-9].dll" CF16962.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin C:\_install.exe >DirRoot" catchme -apx catchme -apx ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\mysidesearch_sidebar.dll C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe C:\WINDOWS\system32\superiorads-uninst.exe . ((((((((((((((((((((((((( Files Created from 2008-02-25 to 2008-03-25 ))))))))))))))))))))))))))))))) . 2008-03-24 20:13 . 2008-03-24 20:36 <DIR> d-------- C:\ComboFix[1] 2008-03-24 19:59 . 2008-03-24 20:59 <DIR> d-------- C:\fixwareout 2008-03-20 19:50 . 2008-03-20 20:27 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\U3 2008-03-17 02:14 . 2008-03-19 00:27 <DIR> d-------- C:\Program Files\Counter-Strike 1.6 2008-03-14 16:52 . 2008-03-20 03:22 <DIR> d-------- C:\Program Files\Counter-Strike Source 2008-03-02 19:33 . 2008-03-02 19:33 <DIR> d-------- C:\Program Files\iTunes 2008-03-02 19:33 . 2008-03-02 19:33 <DIR> d-------- C:\Program Files\iPod 2008-03-02 19:27 . 2008-03-02 19:27 <DIR> d-------- C:\Program Files\Bonjour 2008-03-01 09:57 . 2008-03-01 10:03 <DIR> d-------- C:\Program Files\DietSuccess 2008-02-29 22:40 . 2008-03-04 16:11 <DIR> d-------- C:\Program Files\MixVibes6 2008-02-29 22:28 . 2008-03-04 16:30 <DIR> d-------- C:\OtsLabs 2008-02-29 22:21 . 2008-02-29 22:35 <DIR> d-------- C:\Program Files\AV Vcs 6.0 2008-02-29 21:48 . 2008-03-25 09:58 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\LimeWire 2008-02-29 21:46 . 2008-02-29 21:47 <DIR> d-------- C:\Program Files\LimeWire 2008-02-29 15:42 . 2008-02-29 15:42 <DIR> d-------- C:\Program Files\Common Files\xing shared 2008-02-28 20:08 . 2008-03-01 01:57 <DIR> d-------- C:\Documents and Settings\Veljko\Application Data\Skype . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-03-25 09:28 41,151,520 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat 2008-03-25 09:28 1,080,352 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat 2008-03-25 09:26 --------- d-----w C:\Program Files\Kaspersky Lab 2008-03-25 09:12 --------- d-----w C:\Program Files\MIDI Locator 2008-03-25 08:55 553,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx 2008-03-25 08:55 105,224 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx 2008-03-24 19:02 --------- d-----w C:\Program Files\Google 2008-03-24 19:01 --------- d-----w C:\Documents and Settings\Veljko\Application Data\uTorrent 2008-03-24 00:12 --------- d-----w C:\Program Files\Java 2008-03-21 16:56 --------- d-----w C:\Program Files\Windows Live Safety Center 2008-03-15 22:43 --------- d-----w C:\Program Files\sXe Injected 2008-03-09 21:31 --------- d-----w C:\Program Files\Sibelius Software 2008-03-04 15:29 --------- d-----w C:\Program Files\Windows Live Toolbar 2008-03-04 15:23 --------- d-----w C:\Program Files\Ganymede 2008-03-04 15:20 --------- d-----w C:\Program Files\PeerWeb DC++ 2008-03-04 15:18 --------- d-----w C:\Program Files\Screamer Radio 2008-03-03 15:09 --------- d-----w C:\Program Files\QuickTime 2008-02-29 14:41 --------- d-----w C:\Program Files\Common Files\Real 2008-02-26 15:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Desperate Housewives 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\Cika Gile\Application Data\Desperate Housewives 2008-02-21 19:53 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Desperate Housewives 2008-02-21 19:44 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-02-21 18:40 --------- d-----w C:\Program Files\PAN Vision 2008-02-20 18:11 --------- d-----w C:\Program Files\Evonsoft Computer Repair 2008-02-20 18:11 --------- d-----w C:\Documents and Settings\Veljko\Application Data\IObit 2008-02-19 20:01 --------- d-----w C:\Documents and Settings\Veljko\Application Data\GanymedeNet 2008-02-19 15:05 --------- d-----w C:\Program Files\Bridge Builder 2008-02-15 13:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sibelius Software 2008-02-14 13:48 --------- d-----w C:\Program Files\Microsoft VM 2008-02-13 17:06 --------- d-----w C:\Documents and Settings\Veljko\Application Data\Sibelius Software 2008-02-12 22:22 --------- d-----w C:\Program Files\Common Files\Adobe 2008-02-12 20:38 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-02-11 21:52 2,526 ----a-w C:\Documents and Settings\Veljko\Application Data\wklnhst.dat 2008-02-10 22:38 --------- d-----w C:\Program Files\Skype 2008-02-10 22:38 --------- d-----w C:\Program Files\Common Files\Skype 2008-02-10 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2008-02-07 20:22 --------- d-----w C:\Documents and Settings\Veljko\Application Data\Neuratron 2008-02-07 20:05 --------- d-----w C:\Documents and Settings\Veljko\Application Data\BSplayer Pro 2008-02-07 18:33 --------- d-----w C:\Program Files\Neuratron PhotoScore Lite 2008-02-07 18:20 --------- d-----w C:\Program Files\Native Instruments 2008-02-01 19:32 --------- d-----w C:\Program Files\Sony 2008-02-01 19:30 --------- d-----w C:\Program Files\Winamp 2008-02-01 19:30 --------- d-----w C:\Program Files\CA 2008-01-30 20:02 --------- d-----w C:\Documents and Settings\Cika Gile\Application Data\Sony Ericsson 2008-01-28 18:43 --------- d-----w C:\Program Files\VstPlugins 2008-01-28 18:43 --------- d-----w C:\Program Files\Image-Line 2008-01-28 17:43 --------- d-----w C:\Program Files\VirtualDJ 2008-01-27 18:15 --------- d-----w C:\Program Files\DivX 2008-01-25 21:52 --------- d-----w C:\Program Files\Sony Setup 2007-12-06 18:58 604 ---ha-w C:\Program Files\STLL Notifier 2007-10-13 17:43 3,655,488 ----a-w C:\Program Files\FLV PlayerRCATSetup.exe 2007-10-13 17:39 411,248 ----a-w C:\Program Files\FLV PlayerRCSetup.exe 2007-08-03 14:27 284 ----a-w C:\Documents and Settings\Cika Gile\Application Data\wklnhst.dat 2006-11-14 20:38 81,920 ----a-w C:\Documents and Settings\Veljko\Application Data\ezpinst.exe 2006-11-14 20:38 47,360 ----a-w C:\Documents and Settings\Veljko\Application Data\pcouffin.sys 1996-02-23 14:46 29,184 ----a-w C:\Documents and Settings\Veljko\Fb_ngn.exe 1996-02-23 14:21 16,896 ----a-w C:\Documents and Settings\Veljko\Uraspec.exe 1996-02-23 14:17 18,432 ----a-w C:\Documents and Settings\Veljko\Dictmgr.exe 2007-06-13 14:07 6,276,080 ----a-w C:\Program Files\mozilla firefox\plugins\ScorchPDFWrapper.dll . ((((((((((((((((((((((((((((( snapshot@2008-03-24_21.34.34.43 ))))))))))))))))))))))))))))))))))))))))) . + 2007-10-10 23:55:51 124,928 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\advpack.dll + 2007-08-13 17:35:46 346,624 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtmsft.dll + 2007-10-10 23:55:51 214,528 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\dxtrans.dll + 2007-10-10 23:55:51 132,608 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\extmgr.dll + 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\icardie.dll + 2007-10-10 10:59:40 70,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ie4uinit.exe + 2007-10-10 23:55:51 153,088 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakeng.dll + 2007-10-10 23:55:51 230,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieaksie.dll + 2007-10-10 05:46:55 161,792 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieakui.dll + 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieapfltr.dll + 2007-10-10 23:55:52 384,512 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iedkcs32.dll + 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieframe.dll + 2007-10-10 23:55:55 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iernonce.dll + 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iertutil.dll + 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\ieudinit.exe + 2007-10-10 10:59:52 625,152 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\iexplore.exe + 2007-10-10 23:55:56 27,648 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\jsproxy.dll + 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeeds.dll + 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msfeedsbs.dll + 2007-10-30 23:42:28 3,590,656 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtml.dll + 2007-10-10 23:55:58 478,208 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mshtmled.dll + 2007-10-10 23:55:58 193,024 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\msrating.dll + 2007-10-10 23:55:59 671,232 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\mstime.dll + 2007-10-10 23:55:59 102,400 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\occache.dll + 2007-08-13 17:36:12 44,544 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\pngfilt.dll + 2007-03-06 01:22:41 213,216 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe + 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\updspapi.dll + 2007-10-10 23:55:59 105,984 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\url.dll + 2007-10-10 23:56:00 1,159,680 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\urlmon.dll + 2007-10-10 23:56:00 232,960 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\webcheck.dll + 2007-10-10 23:56:00 824,832 -c----w C:\WINDOWS\ie7updates\KB944533-IE7\wininet.dll - 2007-10-10 23:55:51 124,928 ----a-w C:\WINDOWS\system32\advpack.dll + 2007-12-07 02:21:45 124,928 ----a-w C:\WINDOWS\system32\advpack.dll - 2007-10-10 23:55:51 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll + 2007-12-07 02:21:45 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll - 2006-04-18 04:23:00 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll + 2008-01-10 18:44:47 369,664 -c--a-w C:\WINDOWS\system32\dllcache\asp51.dll - 2007-08-13 17:35:46 346,624 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll + 2007-12-19 23:01:06 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll - 2007-10-10 23:55:51 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll + 2007-12-07 02:21:45 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll - 2007-10-10 23:55:51 132,608 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll + 2007-12-07 02:21:45 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll - 2007-10-10 23:55:51 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll + 2007-12-07 02:21:45 63,488 -c----w C:\WINDOWS\system32\dllcache\icardie.dll - 2007-10-10 10:59:40 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe + 2007-12-06 11:00:57 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe - 2007-10-10 23:55:51 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll + 2007-12-07 02:21:45 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll - 2007-10-10 23:55:51 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll + 2007-12-07 02:21:45 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll - 2007-10-10 05:46:55 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll + 2007-12-06 04:59:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll - 2007-10-10 23:55:52 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll + 2007-12-07 02:21:45 383,488 -c----w C:\WINDOWS\system32\dllcache\ieapfltr.dll - 2007-10-10 23:55:52 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll + 2007-12-07 02:21:45 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll - 2007-10-10 23:55:54 6,065,664 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll + 2007-12-07 02:21:46 6,066,176 -c----w C:\WINDOWS\system32\dllcache\ieframe.dll - 2007-10-10 23:55:55 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll + 2007-12-07 02:21:46 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll - 2007-10-10 23:55:55 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll + 2007-12-07 02:21:46 267,776 -c----w C:\WINDOWS\system32\dllcache\iertutil.dll - 2007-10-10 10:59:40 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe + 2007-12-06 11:00:58 13,824 -c----w C:\WINDOWS\system32\dllcache\ieudinit.exe - 2007-10-10 10:59:52 625,152 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe + 2007-12-06 11:01:25 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe - 2004-08-10 12:00:00 257,024 -c--a-w C:\WINDOWS\system32\dllcache\infocomm.dll + 2008-01-10 05:20:21 257,024 -c--a-w C:\WINDOWS\system32\dllcache\infocomm.dll - 2007-10-10 23:55:56 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll + 2007-12-07 02:21:47 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll - 2004-08-10 12:00:00 181,248 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys + 2007-12-18 09:51:35 179,584 -c--a-w C:\WINDOWS\system32\dllcache\mrxdav.sys - 2007-10-10 23:55:56 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll + 2007-12-07 02:21:47 459,264 -c----w C:\WINDOWS\system32\dllcache\msfeeds.dll - 2007-10-10 23:55:56 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll + 2007-12-07 02:21:47 52,224 -c----w C:\WINDOWS\system32\dllcache\msfeedsbs.dll - 2007-10-30 23:42:28 3,590,656 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2007-12-08 05:21:48 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2007-10-10 23:55:58 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll + 2007-12-07 02:21:47 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll - 2007-10-10 23:55:58 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll + 2007-12-07 02:21:48 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll - 2007-10-10 23:55:59 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll + 2007-12-07 02:21:48 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll - 2007-10-10 23:55:59 102,400 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll + 2007-12-07 02:21:48 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll - 2007-05-17 11:28:05 549,376 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll + 2007-12-04 18:38:13 550,912 -c--a-w C:\WINDOWS\system32\dllcache\oleaut32.dll - 2007-08-13 17:36:12 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll + 2008-01-11 05:53:32 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll - 2007-10-10 23:55:59 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll + 2007-12-07 02:21:48 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll - 2007-10-10 23:56:00 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2007-12-07 02:21:48 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2007-10-10 23:56:00 232,960 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll + 2007-12-07 02:21:48 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll - 2007-10-10 23:56:00 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2007-12-07 02:21:48 824,832 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2008-03-24 19:55:38 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.sys + 2008-03-25 08:56:32 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.sys - 2008-03-24 19:55:38 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.sys + 2008-03-25 08:56:32 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.sys - 2004-08-10 12:00:00 181,248 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys + 2007-12-18 09:51:35 179,584 ----a-w C:\WINDOWS\system32\drivers\mrxdav.sys - 2007-08-13 17:35:46 346,624 ----a-w C:\WINDOWS\system32\dxtmsft.dll + 2007-12-19 23:01:06 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll - 2007-10-10 23:55:51 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll + 2007-12-07 02:21:45 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll - 2007-10-10 23:55:51 132,608 ----a-w C:\WINDOWS\system32\extmgr.dll + 2007-12-07 02:21:45 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll - 2007-10-10 23:55:51 63,488 ----a-w C:\WINDOWS\system32\icardie.dll + 2007-12-07 02:21:45 63,488 ----a-w C:\WINDOWS\system32\icardie.dll - 2007-10-10 10:59:40 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe + 2007-12-06 11:00:57 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe - 2007-10-10 23:55:51 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll + 2007-12-07 02:21:45 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll - 2007-10-10 23:55:51 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll + 2007-12-07 02:21:45 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll - 2007-10-10 05:46:55 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll + 2007-12-06 04:59:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll - 2007-10-10 23:55:52 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll + 2007-12-07 02:21:45 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll - 2007-10-10 23:55:52 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll + 2007-12-07 02:21:45 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll - 2007-10-10 23:55:54 6,065,664 ----a-w C:\WINDOWS\system32\ieframe.dll + 2007-12-07 02:21:46 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll - 2007-10-10 23:55:55 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll + 2007-12-07 02:21:46 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll - 2007-10-10 23:55:55 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll + 2007-12-07 02:21:46 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll - 2007-10-10 10:59:40 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe + 2007-12-06 11:00:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe - 2006-04-18 04:23:00 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll + 2008-01-10 18:44:47 369,664 ----a-w C:\WINDOWS\system32\inetsrv\asp.dll - 2004-08-10 12:00:00 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll + 2008-01-10 05:20:21 257,024 ----a-w C:\WINDOWS\system32\inetsrv\infocomm.dll - 2008-03-24 19:59:40 238,175 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin + 2008-03-25 09:12:34 238,174 ----a-w C:\WINDOWS\system32\inetsrv\MetaBase.bin - 2007-10-10 23:55:56 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll + 2007-12-07 02:21:47 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll - 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe + 2008-03-05 07:30:56 19,148,408 ----a-w C:\WINDOWS\system32\MRT.exe - 2007-10-10 23:55:56 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll + 2007-12-07 02:21:47 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll - 2007-10-10 23:55:56 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll + 2007-12-07 02:21:47 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll - 2007-10-30 23:42:28 3,590,656 ----a-w C:\WINDOWS\system32\mshtml.dll + 2007-12-08 05:21:48 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll - 2007-10-10 23:55:58 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll + 2007-12-07 02:21:47 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll - 2007-10-10 23:55:58 193,024 ----a-w C:\WINDOWS\system32\msrating.dll + 2007-12-07 02:21:48 193,024 ----a-w C:\WINDOWS\system32\msrating.dll - 2007-10-10 23:55:59 671,232 ----a-w C:\WINDOWS\system32\mstime.dll + 2007-12-07 02:21:48 671,232 ----a-w C:\WINDOWS\system32\mstime.dll - 2007-10-10 23:55:59 102,400 ----a-w C:\WINDOWS\system32\occache.dll + 2007-12-07 02:21:48 102,912 ----a-w C:\WINDOWS\system32\occache.dll - 2007-05-17 11:28:05 549,376 ----a-w C:\WINDOWS\system32\oleaut32.dll + 2007-12-04 18:38:13 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll - 2007-08-13 17:36:12 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll + 2008-01-11 05:53:32 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll - 2007-10-10 23:55:59 105,984 ----a-w C:\WINDOWS\system32\url.dll + 2007-12-07 02:21:48 105,984 ----a-w C:\WINDOWS\system32\url.dll - 2007-10-10 23:56:00 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll + 2007-12-07 02:21:48 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-10-10 23:56:00 232,960 ----a-w C:\WINDOWS\system32\webcheck.dll + 2007-12-07 02:21:48 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll - 2007-10-10 23:56:00 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2007-12-07 02:21:48 824,832 ----a-w C:\WINDOWS\system32\wininet.dll + 2008-03-25 08:56:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_8f0.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 13:00 15360] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-07-25 15:35 102512] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208] "MsnMsgr"="~C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 20:05 204288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 22:01 67584] "HDAudDeck"="C:\Program Files\VIAudioi\HDADeck\HDeck.exe" [2006-07-17 23:36 684032] "CHotkey"="mHotkey.exe" [2004-02-24 13:05 508416 C:\WINDOWS\mHotkey.exe] "ledpointer"="CNYHKey.exe" [2004-02-03 16:15 5794816 C:\WINDOWS\CNYHKey.exe] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 09:50 155648] "Windows Media Connect 2"="C:\Program Files\Windows Media Connect 2\wmccfg.exe" [2006-10-18 21:58 8704] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 21:09 157592] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-06-01 03:37 196608] "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 18:19 15872] "Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 01:06 487424] "AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" [2006-11-08 18:28 155751] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-29 15:39 185896] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 13:00 15360] C:\Documents and Settings\Veljko\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 19:16:50 113664] LimeWire On Startup.lnk - C:\Program Files\LimeWire\LimeWire.exe [2008-02-08 22:32:57 147456] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisableRegistryTools"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiHacker] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\WINDOWS\\system32\\sessmgr.exe"= "C:\\Program Files\\NetMeeting\\Conf.exe"= "C:\\Program Files\\Ahead\\Nero MediaHome\\NeroMediaHome.exe"= "C:\\WINDOWS\\system32\\mqsvc.exe"= "C:\\Program Files\\utorrent\\utorrent.exe"= "C:\\Program Files\\Windows Media Player\\wmplayer.exe"= "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"= "C:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "C:\\WINDOWS\\system32\\rundll32.exe"= "C:\\WINDOWS\\system32\\rtcshare.exe"= "C:\\WINDOWS\\system32\\dpvsetup.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\WinPcap\\rpcapd.exe"= "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "C:\\Program Files\\MSN Messenger\\livecall.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Bonjour\\mDNSResponder.exe"= "C:\\Program Files\\iTunes\\iTunes.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1700:TCP"= 1700:TCP:MioNet Remote Drive Access "1641:TCP"= 1641:TCP:MioNet Remote Drive Verification R0 klick;klick;C:\WINDOWS\system32\Drivers\klick.sys [2008-03-25 09:56] R0 klin;klin;C:\WINDOWS\system32\Drivers\klin.sys [2008-03-25 09:56] R0 ps6akdnc;You Are Empty Synchronization Driver (ps6akdnc);C:\WINDOWS\system32\drivers\ps6akdnc.sys [2007-04-19 10:50] R2 Prvflder;Prvflder;C:\WINDOWS\system32\DRIVERS\prvflder.sys [2006-04-21 07:22] R3 3xHybrid;Philips SAA713x PCI Card;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-04-29 00:34] R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 13:58] R3 UKBFLT;UKBFLT;C:\WINDOWS\system32\DRIVERS\UKBFLT.sys [2003-12-19 16:13] R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 18:45] S3 CPWGU(Philips);Philips SNU5600 Wireless USB Adapter 11b/g(Philips);C:\WINDOWS\system32\DRIVERS\CPWGU.sys [] S3 se44bus;Sony Ericsson Device 068 driver (WDM);C:\WINDOWS\system32\DRIVERS\se44bus.sys [2006-11-30 14:58] S3 se44mdfl;Sony Ericsson Device 068 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se44mdfl.sys [2006-11-30 14:58] S3 se44mdm;Sony Ericsson Device 068 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se44mdm.sys [2006-11-30 14:58] S3 se44mgmt;Sony Ericsson Device 068 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se44mgmt.sys [2006-11-30 14:58] S3 se44nd5;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (NDIS);C:\WINDOWS\system32\DRIVERS\se44nd5.sys [2006-11-30 14:58] S3 se44obex;Sony Ericsson Device 068 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se44obex.sys [2006-11-30 14:58] S3 se44unic;Sony Ericsson Device 068 USB Ethernet Emulation SEMC44 (WDM);C:\WINDOWS\system32\DRIVERS\se44unic.sys [2006-11-30 14:58] S3 w200bus;Sony Ericsson W200 driver (WDM);C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 09:42] S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\w200mdfl.sys [2006-11-07 09:42] S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\w200mdm.sys [2006-11-07 09:42] S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\w200mgmt.sys [2006-10-24 13:12] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe -a . Contents of the 'Scheduled Tasks' folder "2008-03-01 09:11:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-03-25 10:28:24 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-03-25 10:38:05 ComboFix-quarantined-files.txt 2008-03-25 09:37:45 ComboFix2.txt 2008-03-24 20:36:03 . 2008-03-24 22:39:59 --- E O F --- Dopuna: 25 Mar 2008 10:48 evo i hijackthis loga: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:46:48, on 25.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\NOTEPAD.EXE C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = norwegian.toggle.com/index.php?rvs=hompag R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.coop.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file) O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\WINDOWS\system32\pr2akdnc.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9736 bytes sta dalje

Profil

dr_Bora Poslao: 25 Mar 2008 16:38 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pokreni HijackThis, skeniraj i čekiraj sledeću liniju: O22 - SharedTaskScheduler: boob - {01b55afa-f451-474b-9e91-c35b24d02641} - (no file) Klikni Fix Checked. Restartuj PC, postavi svež HijackThis log i reci mi kakvo je sada stanje sa kompjuterom.

Profil

sajmon Poslao: 25 Mar 2008 17:44 Idi na vrh
offline sajmon Građanin Pridružio: 05 Maj 2006 Poruke: 86	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo ga log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:40:16, on 25.03.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608-) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe C:\WINDOWS\System32\snmp.exe c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\system32\mqsvc.exe C:\WINDOWS\system32\mqtgsvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\VIAudioi\HDADeck\HDeck.exe C:\WINDOWS\mHotkey.exe C:\WINDOWS\CNYHKey.exe C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Teleca Shared\Generic.exe C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O3 - Toolbar: ImageShack Toolbar - {6932D140-ABC4-4073-A44C-D4A541665E35} - C:\WINDOWS\ImageShackToolbar\ImageShackToolbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\wmccfg.exe" /StartQuiet O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] ~"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.coop.no O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {6932D140-ABC4-4073-A44C-D4A541665E35} (ImageShack Toolbar) - toolbar.imageshack.us/toolbar/ImageShackToolbar.cab O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - sibelius.com/download/software/win/ActiveXPlugin.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - adobe.com/products/acrobat/nos/gp.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe O23 - Service: Bonjour-tjeneste (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod-tjeneste (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: You Are Empty Drivers Auto Removal (pr2akdnc) (pr2akdnc) - Cenega Publishing - C:\WINDOWS\system32\pr2akdnc.exe O23 - Service: Private Folder Service (prfldsvc) - Unknown owner - C:\Program Files\Microsoft Private Folder 1.0\PrfldSvc.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: AutomatedSurfer (SurferService) - Unknown owner - C:\WINDOWS\system32\srvany.exe O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- End of file - 9579 bytes pa dobro radi sad...pre mi je bio spor dosta i kocio sada je oki barem za sada.... inace jos jedno pitanje...imam neki program zove se"SpeedUpMyPC.3.5.2356.130" kao navodno ubrzava internet i tako....jer moze to nesto zeznuti PC ako ga instaliram????

Profil

dr_Bora Poslao: 25 Mar 2008 18:13 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl:

Profil

sajmon Poslao: 25 Mar 2008 19:03 Idi na vrh
offline sajmon Građanin Pridružio: 05 Maj 2006 Poruke: 86	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ok uradio sam sve ovo sto si rekao sve je zavrseno...:Dhval ti jos jednom na pomoci ziv bio pozdrav

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Provera

Ko je trenutno na forumu

Ukupno su 863 korisnika na forumu :: 12 registrovanih, 2 sakrivenih i 849 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., croato, darkojbn, deimos25, drimer, Lazarus, Metanoja, Mi lao shu, panzerwaffe, sasa87, sevenino, strelac07

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by