Uklanjanje iexplore.exe virus / hijack log

**xalice15x** · #1 10. studenog 2008, 18:14

Hej momački,
Um. Svaki vrijeme JA početak moj računalo, iexplore.exe (U jasle zadatak) dolazi do sve samo po sebi. JA dont 'ikada koristiti internet explorer, koristim Firefox. ali to dolazi na svoje. Također je u koristi većina moje pamćenje. Ja sam također uzimajući milijardu pučanstvo koje sam spreman kladiti da se od toga. kad god sam kraj procesa Internet dogoditi se leđa do 3 ili 4 puta, onda je to obično nestaje nakon 5. put sam ga kraj. ali to je samo za oko 5min onda njegovih leđa opet. netko ne zna zamjena za riječ događaj? Ja sam trčanje skenira sa Ad-Aware, Norton, itd., ali nisu našli ništa.
Dodatne Informacije:
Imam Windows XP's
& & Također postoje glasovi fcoming iz oglasa. Pokušao sam sve. Hvala unaprijed ^ __ ^

Ja sam vrsta novih ovo. Pa erm. Može netko reći mene kako to maknuti? Na jednostavan način-ish? = P

Logfile of HijackThis v1.99.1
Skenirajte spremljena u 6:14:25, on 11/10/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ rasteretiti \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates od HP \ 137903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ 0LFlxR4x.exe
C: \ Program Files \ Lavasoft \ Ad-Aware SE Professional \ Ad-Aware.exe
C: \ Program ~ 1 \ WinZip \ winzip32.exe
C: \ DOCUME ~ 1 \ admini ~ 1 \ LOCALS ~ 1 \ Temp \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (3615EE58-6F38-47BA-9DD9-C99BD611C6A6) - C: \ WINDOWS \ system32 \ efcdbxx.dll (file missing)
O2 - BHO: (no name) - (4715C8BC-06D4-0204-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ rasteretiti \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKLM \ .. \ RunOnce: [Index Perilica] C: \ Program Files \ Webroot \ Perilica \ WashIdx.exe "Upravnik"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Perilica] C: \ Program Files \ Webroot \ Perilica \ wwDisp.exe
O4 - HKLM \ .. \ RunOnce: [Index Perilica] C: \ Program Files \ Webroot \ Perilica \ WashIdx.exe "Upravnik"
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: ubrzati Planirano Updates.lnk = C: \ Program Files \ ubrzati \ bagent.exe
O4 - Global Startup: Ažuriranja HP.lnk = C: \ Program Files \ Updates od HP \ 137903 \ Program \ BackWeb-137903.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Web Player MUSICMATCH MX - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' MENUITEM: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O11 - Options group: [INTERNATIONAL] International *
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: ms-help - (314111C7-A502-11D2-BBCA-00C04F8EC294) - C: \ Program Files \ Common Files \ Microsoft Shared \ Pomoć \ hxds.dll
O18 - Filter kidnapovati: text / xml - (807563E5-5146-11D5-A672-00B0D022E945) - C: \ programa ~ 1 \ UOBIČAJENA ~ 1 \ MICROS ~ 1 \ OFFICE12 \ MSOXMLMF.DL L
O20 - Winlogon Obavijesti: dimsntfy -% SystemRoot% \ System32 \ dimsntfy.dll (file missing)
Ø20 - Winlogon Notify: efcdbxx - efcdbxx.dll (file missing)
O20 - Winlogon Obavijesti: igfxcui - C: \ Windows \ System32 \ igfxsrvc.dll
O20 - Winlogon Obavijesti: NavLogon - C: \ WINDOWS \ system32 \ NavLogon.dll
O23 - Service: Adobe LM Service - Unknown vlasnika - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: ati brza tipka Poller - Unknown vlasnika - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown vlasnika - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

**evilfantasy** · #2 10. studenog 2008, 20:23

Dobrodošli na CJ.

Molimo print ove upute, jer će biti potrebno kasnije kada Internet pristup nije dostupan.

Preuzimanje SDFix by AndyManchesta i spremite ju na radnu površinu.

Kada koristite ovaj alat, morate koristiti Administrator račun ili račun s Administrativna prava

Dvaput kliknite na SDFix.exe i ona će ekstrakt datoteke u% systemdrive%
(ovo je pogon koji sadrži Windows Directory, obično C: \ SDFix).
Ne koristite ga samo još.

Ponovno pokrenuti računalo u Safe Mode koristeći F8 metoda. Da biste to učinili, pokrenite računalo, a nakon rasprave vaše računalo bip jednom tijekom pokretanja (ali prije nego se pojavi ikona Windows) pritisnite tipku F8 uzastopno. A pojavit će se izbornik s nekoliko opcija. Pomoću tipki sa strelicama za navigaciju i odaberite opciju za pokrenuti Windows u "Safe Mode".

Otvorite mapu SDFix i dvostruki klik RunThis.bat za pokretanje skripte.

Vrsta Y da biste započeli proces čišćenje.
To će ukloniti sve Trojanski službe ili stavke registra pronašao onda vas zatražiti da pritisnete bilo koju tipku da biste ponovno podizanje sustava.
Pritisnite bilo koju tipku i ona će se ponovno pokrenuti računalo.
Kada se računalo ponovo pokrene, Fixtool će se ponovno pokrenuti i dovršili postupak uklanjanja, zatim prikaz Završeno, Pritisnite bilo koju tipku da biste prekinuli učitavanje skripte i vaš desktop ikona.
Jednom desktopu ikone učitati SDFix izvještaj na ekranu će se otvoriti i spremiti u mapu SDFix kao Report.txt.
Kopirajte i zalijepite sadržaj rezultate datoteku Report.txt u sljedećem odgovoru.

----------

Također instalirati novu verziju HijackThis i post novi zapisnik iz nje u Normal modu nakon čizma SDFix je završen.

Preuzimanje TrendMicro HijackThis.exe (HJT) na radnoj površini.

Dvaput kliknite na HJTInstall.
Kliknite na Instalacija gumb.
Bit će automatski HJT mjesto u C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Nakon instaliranja, HijackThis trebali otvoriti za vas.
Kliknite na Da li je sustav skenirati i spremanje log datoteku button
HijackThis ce skenirati a zatim i prijava će se otvoriti u Notepad.
Kopirajte i zalijepite onda cijeli sadržaj se prijaviti u vaš post.
Ne HijackThis su riješili ništa još. Većina onoga što će se pronađe bezopasni ili čak obavezna.

**xalice15x** · #3 11. studenog 2008, 08:55

SDFix Report

SDFix: 1,240 Version
Trčanje by Administrator on Tue 11/11/2008 at 08:39

Microsoft Windows XP [Version 5/1/2600]
Running From: C: \ SDFix

Provjera Usluge :

Vraćanjem Default Security Vrijednosti
Vraćanjem Default Hosts File

Postupak ponovne inicijalizacije operacijskog sust

Provjera Files :

Trojanski Files Pronađeno:

C: \ Program Files \ nvcoi \ mst.stt - Obrisane

Mapu C: \ Program Files \ nvcoi - Removed
Mapu C: \ Program Files \ Temporary - Removed
Mapu C: \ Temp \ sanR24 - Removed

Uklanjanje Temp Files

Provjerite REKLAME :

Završna Provjeri :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-11 08:47:19
5/1/2600 Windows Service Pack 3 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih i usluge Grozd sustava ...

skeniranja skrivenih stavki registra ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skriveni procesi: 0
skriven usluge: 0
skrivenih datoteka: 0

Preostali Usluge :

Ovlašteni Aplikacija Ključ Izvoz:

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ standardnih profila \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"C: \ Program Files \ Updates od HP-a \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" = "C: \ Program Files \ Updates od HP-a \ \ 137.903 \ \ Program \ \ BackWeb-137903 . exe: *: Disabled: BackWeb-137903 "
"C: \ Program Files \ Microsoft Office \ Office12 \ \ Outlook.exe" = "C: \ Program Files \ Microsoft Office \ Office12 \ \ Outlook.exe: *: Omogućen: Microsoft Office Outlook"
"C: \ Program Files \ Microsoft Office \ Office12 \ \ GROOVE.EXE" = "C: \ Program Files \ Microsoft Office \ Office12 \ \ GROOVE.EXE: *: Omogućen: Microsoft Office Groove"
"C: \ Program Files \ Microsoft Office \ Office12 \ \ OneNote.exe" = "C: \ Program Files \ Microsoft Office \ Office12 \ \ OneNote.exe: *: Omogućen: Microsoft Office OneNote"
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" = "C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe: *: Omogućeno : AOL Loader "
"C: \ Program Files \ \ AIM6 \ \ aim6.exe" = "C: \ Program Files \ \ AIM6 \ \ aim6.exe: *: Omogućen: AIM"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ servic ES \ sharedaccess \ Parameters \ firewallpolicy \ domainpr ofile \ authorizedapplications \ list]
"% windir% \ \ system32 \ \ sessmgr.exe" = "% windir% \ \ syste m32 \ \ sessmgr.exe: *: enabled: @ xpsp2res.dll, -22019"
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" = "% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe: *: Omogućen: @ xpsp3res.dll, -20000"

Preostali Files :

Datoteke sigurnosne kopije: - C: \ SDFix \ sigurnosne kopije \ backups.zip

Skrivene datoteke s Svojstva :

Wed 14 studeni 2007 204 A. SHR --- "C: \ BOOT.BAK"
Fri 22 kolovoz 2008 635.848 A.SH. --- "C: \ Program Files \ Internet Explorer \ iexplore.exe"
Thu 15 srpnja 2004 0 A.SH. --- "C: \ WINDOWS \ SMINST \ HPCD.SYS"
Thu 10 siječanj 2008 4.348 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv1.bak"
Thu 10 siječanj 2008 401 A.SH. --- "C: \ Documents and Settings \ All Users \ DRM \ DRMv19.bak"
Wed 29 listopad 2008 3.442 A.SH. --- "C: \ Documents and Settings \ All Users \ Documents \ Snimljeni TV \ TempRec \ TempSBE \ SBE3.tmp"

Završeno!

------------------------------------------

HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2
Skenirajte spremljena u 8:55:16, on 11/11/2008
Platforma: Windows XP SP3 (Winnt 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Pokretanje procesa:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ System32 \ Ati2evxx.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ WINDOWS \ explorer.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
C: \ WINDOWS \ ehome \ ehtray.exe
C: \ Windows \ System \ hpsysdrv.exe
C: \ Program Files \ HP \ Digital Imaging \ rasteretiti \ hpqcmon.exe
C: \ WINDOWS \ System32 \ hphmon05.exe
C: \ HP \ KBD \ KBD.EXE
C: \ WINDOWS \ LTMSG.exe
C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe
C: \ WINDOWS \ ALCXMNTR.EXE
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Webroot \ Perilica \ wwDisp.exe
C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
C: \ Program Files \ Updates od HP \ 137903 \ Program \ BackWeb-137903.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://srch-us10.hpwis.com/
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = o: blank
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Bar = http://srch-us10.hpwis.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://us10.hpwis.com/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Postavke, ProxyOverride = localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: (no name) - (4715C8BC-06D4-0204-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
O2 - BHO: (684a8728-dd11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
O3 - Toolbar: HP View - (B2847E28-5D7D-4DEB-8B67-05D28BCF79F5) - C: \ Program Files \ HP \ Digital Imaging \ bin \ hpdtlk02.dll
O4 - HKLM \ .. \ Run: [ehTray] C: \ WINDOWS \ ehome \ ehtray.exe
O4 - HKLM \ .. \ Run: [hpsysdrv] c: \ windows \ system \ hpsysdrv.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ System32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [CamMonitor] C: \ Program Files \ HP \ Digital Imaging \ rasteretiti \ hpqcmon.exe
O4 - HKLM \ .. \ Run: [HPHUPD05] C: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
O4 - HKLM \ .. \ Run: [HPHmon05] C: \ WINDOWS \ System32 \ hphmon05.exe
O4 - HKLM \ .. \ Run: [KBD] C: \ HP \ KBD \ KBD.EXE
O4 - HKLM \ .. \ Run: [TkBellExe] "C: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe"-osboot
O4 - HKLM \ .. \ Run: [AutoTKit] C: \ hp \ bin \ AUTOTKIT.EXE
O4 - HKLM \ .. \ Run: [Recguard] C: \ WINDOWS \ SMINST \ RECGUARD.EXE
O4 - HKLM \ .. \ Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM \ .. \ Run: [LTMSG] LTMSG.exe 7
O4 - HKLM \ .. \ Run: [PS2] C: \ WINDOWS \ system32 \ ps2.exe
O4 - HKLM \ .. \ Run: [Sunkist2k] C: \ Program Files \ Multimedia Card Reader \ shwicon2k.exe
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ programa ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM \ .. \ Run: [UpdateManager] "C: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe" / r
O4 - HKLM \ .. \ Run: [ATIPTA] C: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
O4 - HKCU \ .. \ Run: [Window Perilica] C: \ Program Files \ Webroot \ Perilica \ wwDisp.exe
O4 - HKUS \ S-1-5-18 \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C: \ Program Files \ Common Files \ Adobe \ Kalibracija \ Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe
O4 - Global Startup: ubrzati Planirano Updates.lnk = C: \ Program Files \ ubrzati \ bagent.exe
O4 - Global Startup: Ažuriranja HP.lnk = C: \ Program Files \ Updates od HP \ 137903 \ Program \ BackWeb-137903.exe
O8 - Extra kontekst meni stavka: E & zvezi u Microsoft Excel - res: / / C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & kraj OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: Web Player MUSICMATCH MX - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
O9 - Extra button: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) - C: \ WINDOWS \ Network Diagnostic \ xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O16 - DPF: (67DABFBF-D0AB-41FA-9C46-CC0F21721616) -- http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: (D27CDB6E-AE6D-11CF-96B8-444553540000) (Shockwave Flash Object) -- http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ programa ~ 1 \ MI1933 ~ 1 \ Office12 \ GR99D3 ~ 1.DLL
O23 - Service: Adobe LM Service - Unknown vlasnika - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: ati brza tipka Poller - Unknown vlasnika - C: \ WINDOWS \ System32 \ Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: Pml Driver HPZ12 - HP - C: \ WINDOWS \ system32 \ HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: ScsiAccess - Unknown vlasnika - C: \ Program Files \ Photodex \ ProShowGold \ ScsiAccess.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe

--
End of file - 9268 bytes

**evilfantasy** · #4 11. studenog 2008, 11:07

Preuzimanje Onemogući / Remove Windows Messenger na radnu površinu da uklonite Windows Messenger.

Nemojte brkati Windows Messenger s MSN Messenger jer nisu isti. Windows Messenger jedan je od čestih uzroka popups.

Otvoriti rajsfešlus datoteku na radnu površinu. Otvori MessengerDisable.exe dno, te odaberite okvir -- Deinstalirajte Windows Messenger i kliknite Primijeniti.

Izlaz iz MessengerDisable zatim izbrišite dvije datoteke koje su stavili na radnoj površini.

----------

Otvori HijackThis i odaberite Da li je sustav skenirati samo.

Stavite oznaku uz sljedeće stavke: (ako postoji)

- O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
- O2 - BHO: (no name) - (4715C8BC-0204-06D4-0A62-2E00BBB78BBD) - C: \ WINDOWS \ system32 \ izf.dll (file missing)
- O2 - BHO: (no name) - (843B515A-BBC4-4AF2-916D-69E9F7DD8F9D) - C: \ WINDOWS \ system32 \ vtsqo.dll (file missing)
- O2 - BHO: (684a8728-DD11-3ef9-b3e4-ea3410654e7c) - (c7e45601-43ae-4e3b-9fe3-11dd8278a486) - C: \ WINDOWS \ system32 \ ikwijhuy.dll (file missing)
- O4 - HKLM \ .. \ Run: [AlcxMonitor] ALCXMNTR.EXE

Važno: Zatvori sve prozore osim HijackThis, a zatim kliknite Fix checked.

Izlaz HijackThis.

----------

Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava

Idi na Start> Run i tip notepad.exe zatim pritisnite U redu

Kopirajte i zalijepite niže u Notepad i spremite kao fixme.reg da svoju Desktop

Code:

REGEDIT4 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run] "AlcxMonitor" =-

Pronađite fixme.reg na desktopu i dvokliknite ga. Odgovor Da kada upitani za spajanje sa Registry.

Pobrinite se da ćete mi reći ako primite poruku o uspjehu dodavši gore u registar. Ako ne dobijete poruku uspjeh, on nije 'funkcionirati.

Brisanje fixme.reg iz Desktop.

----------

Download ComboFix by sUBs jedan od linkova ispod. Budite sigurni da ste na vrhu u Desktop.

Link # 1
Link # 2

** Napomena: Važno je da se sprema izravno na svoj Desktop

Zatvori otvoriti bilo koju web preglednicima. (Firefox, Internet Explorer, etc) prije početka ComboFix.

Privremeno onemogućiti tvoj AntiVirus, A svaka protušpijunskih Zaštita u stvarnom vremenu prije obavlja scan. Kliknite ovaj link da biste vidjeli popis sigurnosne programe, koji bi trebao biti onemogućen i kako onemogućiti ih.

Dvaput kliknite combofix.exe i slijedite upute.

Za instalaciju sustava Windows XP Recovery Console:

- Ako koristite sustav Windows XP i već nemate instaliranu konzolu za oporavak, provjerite Vašu internetsku vezu je aktivna (ako je moguće) i kliknite na Da.
- Ako za neki razlog Internet nije rad klik Ne.
-- Ako ne koristite Windows XP, nećete biti upozoreni.
- Kada se od vas zatraži da prihvatite LUKK-klikni U redu.
- Prihvatiti Microsoft EULA (Klikni Da).
- Kada su rekli da RC je ispravno instaliran kliknite DA da nastavi skeniranje za štetne sadržaje.

Kada završite ComboFix će proizvesti prijava za vas.
Objaviti ComboFix log u sljedećem odgovoru.

Važno: Ne mouseclick ComboFix's prozor dok je pokrenut. Svibanj uzrokovati da ga zatajiti.

Ne zaboravite ponovo uključili vaš protuvirusni i protušpijunski ComboFix zaštita kada je završeno.

Također javite mi kako je računalo trčanje zatim.

**xalice15x** · #5 11. studenog 2008, 11:55

ComboFix log

ComboFix 08-11-10.01 - Administrator 2008-11-11 11:39:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.176 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
* Created novu točku vraćanja
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ Documents and Settings \ Administrator \ My Documents \ TSKS ~ 1
c: \ Program Files \ Common Files \ racle ~ 1
c: \ program files \ stem32 ~ 1
c: \ program files \ wnsxs ~ 1
c: \ windows \ BMf3ec611b.txt
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ epljwqgq.ini
c: \ windows \ system32 \ fj8wNOvc.exe.a_a
c: \ windows \ system32 \ icidbcft.ini
c: \ windows \ system32 \ iDlo01
c: windows \ system32 \ jrjvfibu.ini
c: \ windows \ system32 \ jryeuaqx.ini
c: \ windows \ system32 \ mcrh.tmp
c: \ windows \ system32 \ MSINET.oca
c: \ windows \ system32 \ mvmqocpc.ini
c: \ windows \ system32 \ oqstv.ini
c: \ windows \ system32 \ oqstv.ini2
D: \ Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2008/10/11 to 2008/11/11 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - - --- c c: \ windows \ system32 \ Dllcache \ User32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-11-02 09:12. 2008-11-10 14:10 41.474 - a ------ C: \ windows \ system32 \0LFlxR4x.exe_
2008-11-02 09:12. 2008-11-11 09:12 40.450 - a ------ C: \ windows \ system32 \0LFlxR4x.exe
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- --- c c: \ windows \ system32 \ Dllcache \ srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- --- c c: \ windows \ system32 \ Dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- --- c c: \ windows \ system32 \ Dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- --- c c: \ windows \ system32 \ Dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- --- c c: \ windows \ system32 \ Dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- --- c c: \ windows \ system32 \ Dllcache \ inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- --- c c: \ windows \ system32 \ Dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ windows \ WININIT.INI
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- --- c c: \ windows \ system32 \ Dllcache \ netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ skriptiranje
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ en
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ bita
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2007-06-13 03:23 1.033.216 - a ------ C: \ windows \ SET25A.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive
2008-10-12 17:26. 2008-10-12 17:25 30.272 - a ------ C: \ windows \ system32 \ fj8wNOvc.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-11 18:38 --------- d ----- wc: \ Program Files \ Symantec Antivirusni
2008-11-10 22:05 --------- d ----- wc: \ Program Files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- wc: \ Program Files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. DAT
2008-10-29 22:21 77.824 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ FDIWrapper.dll
2008-10-29 22:21 69.632 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ msxmlwrapper.dll
2008-10-29 22:21 5.632 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ GUI.dll
2008-10-29 22:21 49.152 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ PCHI18N.dll
2008-10-29 22:21 32.768 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ pchapi.dll
2008-10-29 22:21 26.572 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ INV16.dll
2008-10-29 22:21 213.089 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ motive.zip
2008-10-29 22:21 139.264 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ ContentUpdater.exe
2008-10-29 22:21 114.688 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ ZipLib.dll
2008-10-29 22:21 114.688 ---- aw C: \ windows \ pchealth \ helpctr \ Prodavateljima \ CN = Hewlett-Packard, L = Cupertino, S = Ca, C = US \ Paviljon \ XPENABP4EN \ plugin \ bin \ jsharpde \ asst_ui.dll
2008-10-29 22:11 --------- d - h - wc: \ Program Files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ Program Files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ očište
2008-10-16 01:06 --------- d ----- wc: \ Program Files \ Google
2008-09-28 22:59 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ VSO
2008-09-15 12:12 1.846.400 ---- AW c: \ windows \ system32 \ Win32k.sys
2008-08-26 07:24 826.368 ---- aw C: \ windows \ system32 \ Wininet.dll
2008-08-14 09:33 2.023.936 ---- aw C: \ windows \ system32 \ Ntkrnlpa.exe
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ Program Files \ Webroot \ Perilica \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"hpsysdrv" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "c: \ windows \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"Kbd" = "c: \ hp \ kbd \ KBD.EXE" [2003-02-11 61440]
"TkBellExe" = "c: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "c: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "C: \ Program ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "c: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e Xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - c: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ Updates od HP-a \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Unakrižna Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ curre ntversion \ Explorer \ mountpoints2 \ D]
\ Shell \ AutoRun \ naredba - D: \ Info.exe folder.htt 480 480

* Nedavno Created Service * - PROCEXP90
.
Sadržaj je 'Scheduled Tasks' folder

2008/10/30 c: \ windows \ Tasks \ At1.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 c: \ windows \ Tasks \ At10.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 c: \ windows \ Tasks \ At100.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At101.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At102.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At103.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At104.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At105.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 c: \ windows \ Tasks \ At106.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 c: \ windows \ Tasks \ At107.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At108.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At109.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 c: \ windows \ Tasks \ At11.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 c: \ windows \ Tasks \ At110.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 c: \ windows \ Tasks \ At111.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/10 c: \ windows \ Tasks \ At112.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/06 c: \ windows \ Tasks \ At113.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At114.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 c: \ windows \ Tasks \ At115.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/11 c: \ windows \ Tasks \ At116.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At117.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At118.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At119.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At12.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 c: \ windows \ Tasks \ At120.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/09 c: \ windows \ Tasks \ At13.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 c: \ windows \ Tasks \ At14.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 c: \ windows \ Tasks \ At15.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/10 c: \ windows \ Tasks \ At16.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/06 C: \ Windows \ Tasks \ At17.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 c: \ windows \ Tasks \ At18.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 c: \ windows \ Tasks \ At19.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At2.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/11 c: \ windows \ Tasks \ At20.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/09 c: \ windows \ Tasks \ At21.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At22.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At23.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At24.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At3.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At4.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At5.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At6.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/31 c: \ windows \ Tasks \ At7.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/10/30 c: \ windows \ Tasks \ At8.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/01 c: \ windows \ Tasks \ At9.job
- C: \ windows \ system32 \ fj8wNOvc.exe [2008-10-12 17:25]

2008/11/02 c: \ windows \ Tasks \ At97.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At98.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]

2008/11/02 c: \ windows \ Tasks \ At99.job
- C: \ windows \ system32 \0LFlxR4x.exe [2008-11-11 09:12]
.
- - - - Orphans Odstranjena - - - --

HKCU-Run-SWG - c: \ Program Files \ Google \ GoogleToolbarNotifier \ 1.2.1128.5462 \ G oogleToolbarNotifier.exe
HKCU-Run-RecordNow! - (No file)
HKLM-Run-HPHUPD05 - c: \ Program Files \ HP \ (45B6180B-DCAB-4093-8EE8-6164457517F0) \ hphupd05.exe
HKLM-Run-AutoTKit - c: \ hp \ bin \ AUTOTKIT.EXE
HKLM-Run-UpdateManager - c: \ Program Files \ Common Files \ Sonic \ Update Manager \ sgtray.exe
HKLM-Run-ATIPTA - c: \ Program Files \ ATI Technologies \ ATI Control Panel \ atiptaxx.exe

.
------- Supplementary Scan -------
.
FireFox -: Profil - c: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - o: blank
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ Firefox \ Profiles \0rews22y.default \ extensions \ moveplayer @ movenetworks. com \ platforma \ WINNT_x86-msvc \ plugins \ npmnqmp07076007.dll
FF -: plugin - C: \ Documents and Settings \ Administrator \ Application Data \ Mozilla \ plugins \ npPxPlay.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npmozax.dll
FF -: plugin - C: \ Program Files \ Mozilla Firefox \ plugins \ npsnapfish.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nppl3260.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprjplug.dll
FF -: plugin - C: \ Program Files \ Real \ RealOne Player \ Netscape6 \ nprpjplug.dll
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-11 11:44:13
5/1/2600 Windows Service Pack 3 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

************************************************** ************************
.
Completion time: 2008-11-11 11:47:43
ComboFix-u karanteni-files.txt 2008-11-11 18:46:39

Pre-Run: 89004101632 bytes free
Post-Run: 89081098240 bytes free

272 --- EOF --- 2008-10-30 03:01:59

~ ~
Do sada iexplore.exe hasn't popped up ^ _ ^
Ima li bilo kako biste bili sigurni da je to otišao?
& & Je li u redu ako sam izbrisati stvari koje ja preuzimanje datoteka?

**evilfantasy** · #6 11. studenog 2008, 12:04

Mi ćemo očistiti sve gore prije nego što su učinili. Tu je još više treba učiniti, ali moram da se kandidira za neko vrijeme. Be back later.

**xalice15x** · #7 11. studenog 2008, 12:19

Više koraka? Mislio sam da smo bili učinili D:
Brzo pitanje; Je li bilo koji od ove će se utjecati na programe koji su instalirani na moje računalo?
Alrightie, moram ići po malo kao i xP

**xalice15x** · #8 11. studenog 2008, 13:07

iexplore.exe 's još uvijek ovdje, -;

**evilfantasy** · #9 11. studenog 2008, 16:28

Ne mi nismo učinili. Ja ću dati sve jasno kada it's over

Napomena: se upute u nastavku su izrađene specijalno za ovog korisnika. Ukoliko niste u ovom, NE slijedite ove smjerove, jer bi mogao oštetiti djelovanju vašeg sustava

Izbriši ove datoteke / mape, kako slijedi:

1. Idi na Početak > Pokrenuti > Tip Notepad.exe i kliknite U redu otvoriti Notepad.
To morati biti Notepad, WordPad ne.
2. Kopiraj tekst ispod u okvir code by označavanje svih tekstualnih i pritiskom na Ctrl + C

Code:

3. Idi na Notepad prozor i kliknite na Uredi > Zalijepi
4. Zatim kliknite na Datoteka > Spremiti
5. Ime datoteke CFScript.txt - Spremi datoteku na svoj Desktop
6. Zatim povucite CFScript (držite lijevu tipku miša dok povučete datoteku), a pad je (otpustite lijevu tipku miša) u ComboFix.exe kao što vidite na sliki ispod. Važno: Obavi ovo uputstvo pažljivo!

ComboFix će se početi izvršavati, samo slijedite upute.
Nakon što ponovno podizanje sustava (u slučaju da ga zatraži ponovno podizanje sustava), on će proizvesti prijava za vas.
Pošta koja log (Combofix.txt) u sljedeći odgovor.

Napomena: Ne mouseclick ComboFix's prozor dok je pokrenut. To svibanj nanijeti tvoj sistem za zamrzavanje

**xalice15x** · #10 11. studenog 2008, 17:36

Ok ^ __ ^

Prijavite Combofix

ComboFix 08-11-10.01 - Administrator 2008-11-11 17:21:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.153 [GMT -7:00]
Running from: C: \ Documents and Settings \ Administrator \ Desktop \ ComboFix.exe
Command sklopke koriste:: c: \ Documents and Settings \ Administrator \ Desktop \ CFScript.txt
* Created novu točku vraćanja

SLIKA:
c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe_
c: \ windows \ system32 \ fj8wNOvc.exe
C: \ Windows \ Tasks \ At1.job
C: \ Windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
C: \ Windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
C: \ Windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
C: \ Windows \ Tasks \ At13.job
C: \ Windows \ Tasks \ At14.job
C: \ Windows \ Tasks \ At15.job
C: \ Windows \ Tasks \ At16.job
C: \ Windows \ Tasks \ At17.job
C: \ Windows \ Tasks \ At18.job
C: \ Windows \ Tasks \ At19.job
C: \ Windows \ Tasks \ At2.job
C: \ Windows \ Tasks \ At20.job
C: \ Windows \ Tasks \ At21.job
C: \ Windows \ Tasks \ At22.job
C: \ Windows \ Tasks \ At23.job
C: \ Windows \ Tasks \ At24.job
C: \ Windows \ Tasks \ At3.job
C: \ Windows \ Tasks \ At4.job
C: \ Windows \ Tasks \ At5.job
C: \ Windows \ Tasks \ At6.job
C: \ Windows \ Tasks \ At7.job
C: \ Windows \ Tasks \ At8.job
C: \ Windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job
.

Ostali ((((((((((((((((((((((((((((((((((((((( brisanja ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

c: \ windows \ SET25A.tmp
c: \ windows \ system32 \0LFlxR4x.exe
c: \ windows \ system32 \0LFlxR4x.exe.a_a
c: \ windows \ system32 \ fj8wNOvc.exe
C: \ Windows \ Tasks \ At1.job
C: \ Windows \ Tasks \ At10.job
c: \ windows \ Tasks \ At100.job
c: \ windows \ Tasks \ At101.job
c: \ windows \ Tasks \ At102.job
c: \ windows \ Tasks \ At103.job
c: \ windows \ Tasks \ At104.job
c: \ windows \ Tasks \ At105.job
c: \ windows \ Tasks \ At106.job
c: \ windows \ Tasks \ At107.job
c: \ windows \ Tasks \ At108.job
c: \ windows \ Tasks \ At109.job
C: \ Windows \ Tasks \ At11.job
c: \ windows \ Tasks \ At110.job
c: \ windows \ Tasks \ At111.job
c: \ windows \ Tasks \ At112.job
c: \ windows \ Tasks \ At113.job
c: \ windows \ Tasks \ At114.job
c: \ windows \ Tasks \ At115.job
c: \ windows \ Tasks \ At116.job
c: \ windows \ Tasks \ At117.job
c: \ windows \ Tasks \ At118.job
c: \ windows \ Tasks \ At119.job
C: \ Windows \ Tasks \ At12.job
c: \ windows \ Tasks \ At120.job
C: \ Windows \ Tasks \ At13.job
C: \ Windows \ Tasks \ At14.job
C: \ Windows \ Tasks \ At15.job
C: \ Windows \ Tasks \ At16.job
C: \ Windows \ Tasks \ At17.job
C: \ Windows \ Tasks \ At18.job
C: \ Windows \ Tasks \ At19.job
C: \ Windows \ Tasks \ At2.job
C: \ Windows \ Tasks \ At20.job
C: \ Windows \ Tasks \ At21.job
C: \ Windows \ Tasks \ At22.job
C: \ Windows \ Tasks \ At23.job
C: \ Windows \ Tasks \ At24.job
C: \ Windows \ Tasks \ At3.job
C: \ Windows \ Tasks \ At4.job
C: \ Windows \ Tasks \ At5.job
C: \ Windows \ Tasks \ At6.job
C: \ Windows \ Tasks \ At7.job
C: \ Windows \ Tasks \ At8.job
C: \ Windows \ Tasks \ At9.job
c: \ windows \ Tasks \ At97.job
c: \ windows \ Tasks \ At98.job
c: \ windows \ Tasks \ At99.job

.
((((((((((((((((((((((((( Files Created from 2008/10/12 to 2008/11/12 ))))))))))) ))))))))))))))))))))
.

2008-11-11 08:54. 2008-11-11 08:54 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-11-11 08:38. 2008-11-11 08:38 578.560 - - --- c c: \ windows \ system32 \ Dllcache \ User32.dll
2008-11-11 08:29. 2008-11-11 08:29 <DIR> d -------- C: \ Windows \ ERUNT
2008-11-11 08:23. 2008-11-11 08:51 <DIR> d -------- C: \ SDFix
2008-10-31 18:00. 2008-10-31 18:00 <DIR> d -------- C: \ Documents and Settings \ NetworkService \ Application Data \ Yahoo!
2008-10-31 16:40. 2008-10-31 16:40 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Yahoo!
2008-10-31 16:39. 2008-11-10 17:27 <DIR> d -------- C: \ Program Files \ Yahoo!
2008-10-29 17:23. 2008-10-29 17:23 <DIR> d -------- C: \ windows \ system32 \ CatRoot_bak
2008-10-29 17:23. 2008-09-08 03:41 333.824 ----- --- c c: \ windows \ system32 \ Dllcache \ srv.sys
2008-10-29 17:23. 2008-06-13 04:05 272.128 ----- --- c c: \ windows \ system32 \ Dllcache \ bthport.sys
2008-10-29 17:23. 2008-08-14 03:04 138.496 ----- --- c c: \ windows \ system32 \ Dllcache \ afd.sys
2008-10-29 17:22. 2008-08-14 03:11 2.189.184 ----- --- c c: \ windows \ system32 \ Dllcache \ ntoskrnl.exe
2008-10-29 17:22. 2008-08-14 03:09 2.145.280 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrnlmp.exe
2008-10-29 17:22. 2008-08-14 02:33 2.066.048 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrnlpa.exe
2008-10-29 17:22. 2008-08-14 02:33 2.023.936 ----- --- c c: \ windows \ system32 \ Dllcache \ Ntkrpamp.exe
2008-10-29 17:22. 2008-09-15 05:12 1.846.400 ----- --- c c: \ windows \ system32 \ Dllcache \ Win32k.sys
2008-10-29 17:22. 2008-04-11 12:04 691.712 ----- --- c c: \ windows \ system32 \ Dllcache \ inetcomm.dll
2008-10-29 17:22. 2008-05-08 07:02 203.136 ----- --- c c: \ windows \ system32 \ Dllcache \ rmcast.sys
2008-10-28 18:39. 2008-10-28 18:39 10 - a ------ C: \ windows \ WININIT.INI
2008-10-23 14:45. 2008-10-15 09:34 337.408 ----- --- c c: \ windows \ system32 \ Dllcache \ netapi32.dll
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ skriptiranje
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ en
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ windows \ system32 \ bita
2008-10-15 18:38. 2008-10-29 15:26 <DIR> d -------- C: \ Windows \ l2schemas
2008-10-15 18:23. 2006-09-23 14:12 1.022.976 - a ------ C: \ windows \ system32 \ SETA0B.tmp
2008-10-15 18:22. 2008-08-14 03:09 2.145.280 - a ------ C: \ windows \ system32 \ ntoskrnl.exe
2008-10-15 16:09. 2008-10-15 16:09 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Application Data \ Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-12 00:29 --------- d ----- wc: \ Program Files \ Symantec Antivirusni
2008-11-10 22:05 --------- d ----- wc: \ Program Files \ DivX
2008-11-10 22:03 --------- d ----- wc: \ Program Files \ Java
2008-11-10 01:37 --------- d ----- wc: \ Program Files \ Microsoft Plus! Digital Media Edition
2008-11-10 01:35 --------- d ----- wc: \ Program Files \ Microsoft Works
2008-11-08 02:37 90.112 ---- aw C: \ Windows \ DUMP3a98.tmp
2008-11-08 01:26 30 ---- aw C: \ Documents and Settings \ Administrator \ jagex_runescape_preferences. DAT
2008-10-29 22:11 --------- d - h - wc: \ Program Files \ InstallShield Installation Information
2008-10-29 22:11 --------- d ----- wc: \ Program Files \ ATI Technologies
2008-10-25 01:16 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ Move Networks
2008-10-16 22:05 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ očište
2008-10-16 01:06 --------- d ----- wc: \ Program Files \ Google
2008-09-28 22:59 --------- d ----- wc: \ Program Files \ Common Files \ AOL
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL OCP
2008-09-22 21:29 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ acccore
2008-09-22 21:27 --------- d ----- wc: \ Documents and Settings \ All Users \ Application Data \ AOL
2008-09-17 01:24 --------- d ----- wc: \ Documents and Settings \ Administrator \ Application Data \ VSO
2007-12-28 00:53 79.738 ---- aw C: \ Documents and Settings \ Fonts \ broken_ghost.zip
2007-11-23 01:25 81.920 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ ezpinst.exe
2007-11-23 01:25 47.360 ---- aw C: \ Documents and Settings \ Administrator \ Application Data \ pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & čitljiv default unose se ne prikazuju
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "c: \ windows \ system32 \ Ctfmon.exe" [2008-04-13 15360]
"Window Washer" = "c: \ Program Files \ Webroot \ Perilica \ wwDisp.exe" [2005-03-08 910336]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"ehTray" = "c: \ windows \ ehome \ ehtray.exe" [2004-08-04 50176]
"hpsysdrv" = "c: \ windows \ system \ hpsysdrv.exe" [1998-05-07 52736]
"HotKeysCmds" = "c: \ windows \ System32 \ hkcmd.exe" [2003-10-02 118784]
"CamMonitor" = "c: \ Program Files \ HP \ Digital Imaging \ Unload \ hpqcmon.exe" [2002-10-07 90112]
"HPHmon05" = "c: \ windows \ System32 \ hphmon05.exe" [2003-05-23 483328]
"Kbd" = "c: \ hp \ kbd \ KBD.EXE" [2003-02-11 61440]
"TkBellExe" = "c: \ Program Files \ Common Files \ Real \ Update_OB \ realsched.exe" [2003-12-17 151597]
"Recguard" = "c: \ windows \ SMINST \ RECGUARD.EXE" [2002-09-13 212992]
"PS2" = "c: \ windows \ system32 \ ps2.exe" [2002-10-16 81920]
"Sunkist2k" = "c: \ program files \ Multimedia Card Reader \ shwicon2k.exe" [2003-08-14 139264]
"ccApp" = "c: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2005-06-02 48752]
"vptray" = "C: \ Program ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2005-06-23 85696]
"RemoteControl" = "c: \ Program Files \ CyberLink \ PowerDVD \ PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck" = "c: \ windows \ system32 \ NeroCheck.e Xe" [2001-07-09 155648]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2007-10-10 39792]
"ATIModeChange" = "Ati2mdxx.exe" [2001/09/05 c: \ windows \ system32 \ Ati2mdxx.exe]
"LTMSG" = "LTMSG.exe" [2003/07/14 c: \ windows \ ltmsg.exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"AdobeUpdater" = "C: \ Program Files \ Common Files \ Adobe \ Updater5 \ AdobeUpdater.exe" [2007-03-01 2321600]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Adobe Gamma Loader.lnk - c: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2007-11-22 113664]
HP Digital Imaging Monitor.lnk - c: \ Program Files \ HP \ Digital Imaging \ bin \ hpqtra08.exe [2003-09-16 237568]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ sigurnosni centar \ Praćenje \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"c: \ \ Program Files \ Updates od HP-a \ \ 137.903 \ \ Program \ \ BackWeb-137903.exe" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ OUTLOOK.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"c: \ \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =

R2 CX88XBAR; Conexant 2388x Unakrižna Dual Input; c: \ windows \ system32 \ drivers \ CX88XBARDUAL.sys [2003-12-10 7040]
.

************************************************** ************************

catchme 0.3.1367 W2K/XP/Vista - rootkit / potaja detector by Gmer zlonamjernih programa, http://www.gmer.net
Rootkit scan 2008-11-11 17:26:59
5/1/2600 Windows Service Pack 3 NTFS

skeniranja skrivenih procesa ...

skeniranja skrivenih autostart entries ...

skeniranja skrivenih datoteka ...

scan uspješno završena
skrivenih datoteka: 0

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
c: \ windows \ system32 \ ati2evxx.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
c: \ program files \ Photodex \ ProShowGold \ scsiaccess.exe
C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
c: \ program files \ Updates od HP-a \ 137.903 \ Program \ BackWeb-137903.exe
c: \ windows \ system32 \ hpzipm12.exe
.
************************************************** ************************
.
Completion time: 2008-11-11 17:34:29 - stroj digne
ComboFix-u karanteni-files.txt 2008-11-12 00:34:22
ComboFix2.txt 2008-11-11 18:47:44

Pre-Run: 89064681472 bytes free
Post-Run: 89055629312 bytes free

239 --- EOF --- 2008-10-30 03:01:59