Total commander-configuration-display-show hidden system file

ovo je trazio clan genije1, a mogu da pogledaju i ostali clanovi koji se razumeju u ovo.


DDS (Ver_10-12-12.02) - NTFSx86 
Run by xxxxxx xxxxxxxxxx at  0:19:47.50 on 18/12/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1919.1100 [GMT 1:00]

AV: Eset NOD32 antivirus system 2.51 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\system32\svchost -k DcomLaunch
svchost.exe
C:\WINXP\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINXP\system32\Ati2evxx.exe
C:\WINXP\Explorer.EXE
C:\WINXP\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINXP\RTHDCPL.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
C:\WINXP\ATK0100\HControl.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
C:\WINXP\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINXP\system32\svchost.exe -k imgsvc
C:\WINXP\System32\StkCSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINXP\ATK0100\ATKOSD.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINXP\System32\svchost.exe -k HTTPFilter
C:\WINXP\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\xxxxxxx xxxxxxxxxx\My Documents\Downloads\dds.com

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
uRun: [<NO NAME>]
uRun: [StartCCC] c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe
uRun: [ctfmon.exe] c:\winxp\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HControl] c:\winxp\atk0100\HControl.exe
mRun: [Wireless Console 2] c:\program files\wireless console 2\wcourier.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [nod32kui] "c:\program files\eset\nod32kui.exe" /WAITSERVICE
mRun: [NeroFilterCheck] c:\winxp\system32\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [UpdateReminder] c:\program files\eset\UpdateReminder.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\ljubic~1\startm~1\programs\startup\ccc.lnk - c:\program files\ati technologies\ati.ace\core-static\CCC.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\winxp\system32\imon.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\winxp\system32\wpdshserviceobj.dll
mASetup: ccc-core-static - msiexec /fums {857D4360-762B-978B-76AD-491AA719E47A} /qb

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ljubic~1\applic~1\mozilla\firefox\profiles\xcjluoya.default\
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\microsoft sql server\100\dts\binn\MsDtsSrvr.exe [2008-7-10 218136]
R2 NOD32krn;NOD32 Kernel Service;c:\program files\eset\nod32krn.exe [2010-11-29 507904]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\microsoft sql server\msrs10.mssqlserver\reporting services\reportserver\bin\ReportingServicesService.exe [2008-7-10 1106968]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\winxp\system32\StkCSrv.exe [2010-11-29 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\winxp\system32\drivers\StkCMini.sys [2010-11-29 1324544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\winxp\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\microsoft sql server\mssql10.mssqlserver\mssql\binn\fdlauncher.exe [2008-7-10 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\winxp\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 RsFx0103;RsFx0103 Driver;c:\winxp\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-12-16 13:16:25   50200   ----a-w-   c:\winxp\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2010-12-16 13:16:00   79896   ----a-w-   c:\winxp\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2010-12-16 13:03:58   --------   d-----w-   c:\docume~1\alluse~1\applic~1\PreEmptive Solutions
2010-12-16 12:49:29   --------   d-----w-   c:\program files\Microsoft Help Viewer
2010-12-16 12:49:29   --------   d-----w-   c:\program files\Microsoft F#
2010-12-16 12:49:29   --------   d-----w-   c:\program files\HTML Help Workshop
2010-12-16 12:49:29   --------   d-----w-   c:\program files\common files\Merge Modules
2010-12-09 13:58:32   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Identities
2010-12-04 18:10:18   --------   d-----w-   C:\Serije
2010-12-04 09:36:21   --------   d-----w-   c:\winxp\system32\appmgmt
2010-12-04 09:36:20   --------   d-----w-   c:\winxp\SxsCaPendDel
2010-12-03 17:24:00   --------   d-----w-   c:\program files\Microsoft ASP.NET
2010-12-03 17:23:52   --------   d-----w-   c:\program files\IIS
2010-12-03 17:22:37   2377696   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\10.0\1033\ResourceCache.dll
2010-12-03 17:13:19   --------   d-----w-   c:\program files\Microsoft Visual Studio 10.0
2010-12-03 16:32:41   --------   d-----w-   c:\documents and settings\all users\Microsoft
2010-12-03 16:20:21   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Microsoft_Corporation
2010-12-03 16:17:11   50200   ----a-w-   c:\winxp\system32\perf-ReportServer-rsctr.dll
2010-12-03 16:15:49   397664   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2010-12-03 16:15:22   397664   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2010-12-03 16:13:49   50200   ----a-w-   c:\winxp\system32\perf-SQLSERVERAGENT-sqlagtctr10.0.1600.22.dll
2010-12-03 16:13:29   79896   ----a-w-   c:\winxp\system32\perf-MSSQLSERVER-sqlctr10.0.1600.22.dll
2010-12-03 16:07:49   18368   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\vsa\9.0\1033\ResourceCache.dll
2010-12-03 16:07:47   121728   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\visualstudio\9.0\1033\ResourceCache.dll
2010-12-03 16:00:37   416   ----a-w-   c:\docume~1\alluse~1\applic~1\microsoft\msdn\9.0\1033\ResourceCache.dll
2010-12-03 15:58:22   --------   d-----w-   c:\program files\Microsoft Synchronization Services
2010-12-03 15:57:13   --------   d-----w-   c:\program files\Microsoft Analysis Services
2010-12-03 15:55:37   --------   d-----w-   c:\winxp\system32\RsFx
2010-12-03 15:54:51   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Microsoft Help
2010-12-03 15:53:55   --------   d-----w-   c:\program files\Microsoft SQL Server Compact Edition
2010-12-03 15:53:14   --------   d-----w-   c:\program files\MSXML 6.0
2010-12-03 15:47:16   --------   d-----w-   c:\program files\Microsoft SQL Server
2010-12-03 15:41:14   --------   d-----w-   c:\winxp\system32\XPSViewer
2010-12-03 15:40:42   89088   ----a-w-   c:\winxp\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-12-03 15:40:21   89088   -c----w-   c:\winxp\system32\dllcache\filterpipelineprintproc.dll
2010-12-03 15:40:21   597504   -c----w-   c:\winxp\system32\dllcache\printfilterpipelinesvc.exe
2010-12-03 15:40:21   597504   ------w-   c:\winxp\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-12-03 15:40:21   575488   -c----w-   c:\winxp\system32\dllcache\xpsshhdr.dll
2010-12-03 15:40:21   575488   ------w-   c:\winxp\system32\xpsshhdr.dll
2010-12-03 15:40:21   117760   ------w-   c:\winxp\system32\prntvpt.dll
2010-12-03 15:40:20   1676288   -c----w-   c:\winxp\system32\dllcache\xpssvcs.dll
2010-12-03 15:40:20   1676288   ------w-   c:\winxp\system32\xpssvcs.dll
2010-12-03 15:40:19   --------   d-----w-   C:\278de58954fe43cf2b70e91d304ed7ca
2010-11-30 20:31:15   --------   d-----w-   c:\documents and settings\ljubica mihailovic\.idlerc
2010-11-30 20:29:00   --------   d-----w-   C:\Python31
2010-11-30 18:48:14   12160   -c--a-w-   c:\winxp\system32\dllcache\mouhid.sys
2010-11-30 18:48:14   12160   ----a-w-   c:\winxp\system32\drivers\mouhid.sys
2010-11-30 18:48:10   10368   -c--a-w-   c:\winxp\system32\dllcache\hidusb.sys
2010-11-30 18:48:10   10368   ----a-w-   c:\winxp\system32\drivers\hidusb.sys
2010-11-30 16:27:43   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Adobe
2010-11-29 20:56:18   --------   d-----r-   c:\program files\Skype
2010-11-29 20:04:32   553696   ----a-w-   c:\program files\mozilla firefox\uninstall\helper.exe
2010-11-29 20:04:29   66520   ----a-w-   c:\program files\mozilla firefox\plugins\npnul32.dll
2010-11-29 20:04:29   25048   ----a-w-   c:\program files\mozilla firefox\components\browserdirprovider.dll
2010-11-29 20:04:29   140248   ----a-w-   c:\program files\mozilla firefox\components\brwsrcmp.dll
2010-11-29 20:04:29   11775448   ----a-w-   c:\program files\mozilla firefox\xul.dll
2010-11-29 20:04:28   98304   ----a-w-   c:\program files\mozilla firefox\nssdbm3.dll
2010-11-29 20:04:28   89048   ----a-w-   c:\program files\mozilla firefox\nssutil3.dll
2010-11-29 20:04:28   719832   ----a-w-   c:\program files\mozilla firefox\mozcrt19.dll
2010-11-29 20:04:28   719832   ----a-w-   c:\program files\mozilla firefox\mozcpp19.dll
2010-11-29 20:04:28   492504   ----a-w-   c:\program files\mozilla firefox\sqlite3.dll
2010-11-29 20:04:28   16856   ----a-w-   c:\program files\mozilla firefox\plugin-container.exe
2010-11-29 20:04:28   107480   ----a-w-   c:\program files\mozilla firefox\crashreporter.exe
2010-11-29 19:40:38   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Mozilla
2010-11-29 18:31:04   73728   ----a-w-   c:\winxp\system32\javacpl.cpl
2010-11-29 18:31:04   410984   ----a-w-   c:\winxp\system32\deploytk.dll
2010-11-29 16:13:12   --------   d-----w-   c:\program files\Microsoft ActiveSync
2010-11-29 16:12:59   --------   d-----w-   c:\winxp\SHELLNEW
2010-11-29 16:09:18   --------   d-----w-   c:\program files\InCode Solutions
2010-11-29 15:19:26   465152   ----a-w-   c:\winxp\system32\drivers\rt73.sys
2010-11-29 15:19:21   --------   d-----w-   c:\docume~1\alluse~1\applic~1\TP-LINK Driver
2010-11-29 15:15:15   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Ahead
2010-11-29 15:08:45   --------   d-----w-   c:\program files\Nero
2010-11-29 15:04:49   502368   ----a-w-   c:\winxp\system32\drivers\amon.sys
2010-11-29 15:04:49   270336   ----a-w-   c:\winxp\system32\imon.dll
2010-11-29 15:04:49   --------   d-----w-   c:\program files\Eset
2010-11-29 14:57:22   --------   d-----w-   c:\docume~1\ljubic~1\applic~1\Malwarebytes
2010-11-29 14:57:21   20952   ----a-w-   c:\winxp\system32\drivers\mbam.sys
2010-11-29 14:57:19   38224   ----a-w-   c:\winxp\system32\drivers\mbamswissarmy.sys
2010-11-29 14:57:18   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-11-29 14:57:18   --------   d-----w-   c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-11-29 14:42:54   --------   d-sh--w-   c:\documents and settings\ljubica mihailovic\PrivacIE
2010-11-29 14:42:53   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\Google
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\UC.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\RAR.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\PKZIP.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\PKUNZIP.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\NOCLOSE.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\LHA.PIF
2010-11-29 14:40:15   545   ----a-w-   c:\winxp\ARJ.PIF
2010-11-29 14:40:15   --------   d-----w-   C:\totalcmd
2010-11-29 14:38:29   164352   ----a-w-   c:\winxp\system32\unrar.dll
2010-11-29 14:38:26   --------   d-----w-   c:\program files\K-Lite Codec Pack
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-11-29 14:37:34   131072   ----a-w-   c:\program files\internet explorer\plugins\npqtplugin.dll
2010-11-29 14:36:05   --------   d-----w-   c:\program files\Webteh
2010-11-29 14:35:05   --------   d-----w-   c:\program files\The KMPlayer
2010-11-29 14:34:09   --------   d-----w-   c:\program files\Unlocker
2010-11-29 14:34:09   --------   d-----w-   c:\docume~1\ljubic~1\applic~1\Desktopicon
2010-11-29 14:32:48   --------   d-----w-   c:\docume~1\alluse~1\applic~1\GRETECH
2010-11-29 14:32:25   --------   d-----w-   c:\program files\GRETECH
2010-11-29 14:10:13   --------   d--h--w-   c:\winxp\system32\GroupPolicy
2010-11-29 13:31:44   --------   d-----w-   c:\program files\Wireless Console 2
2010-11-29 13:31:25   172032   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2010-11-29 13:31:24   733184   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2010-11-29 13:31:24   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2010-11-29 13:31:24   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2010-11-29 13:31:24   303236   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2010-11-29 13:31:24   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2010-11-29 13:31:24   180356   ----a-w-   c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2010-11-29 13:31:03   5632   ----a-r-   c:\winxp\system32\drivers\ATKACPI.sys
2010-11-29 13:31:03   --------   d-----w-   c:\winxp\ATK0100
2010-11-29 13:29:59   20747   ----a-w-   c:\winxp\system32\drivers\AegisP.sys
2010-11-29 13:29:52   754688   ----a-w-   c:\winxp\system32\drivers\bcmwl564.sys
2010-11-29 13:29:37   61440   ----a-w-   c:\winxp\system32\ASUSW32N50.dll
2010-11-29 13:29:37   537600   ----a-w-   c:\winxp\system32\ASWL2K.exe
2010-11-29 13:29:37   496640   ----a-w-   c:\winxp\system32\ASWLSVC.exe
2010-11-29 13:29:37   16269   ----a-w-   c:\winxp\system32\ASNDIS5.sys
2010-11-29 13:29:37   159827   ----a-w-   c:\winxp\system32\RemSvc.exe
2010-11-29 13:29:37   15577   ----a-w-   c:\winxp\system32\ASNDIS3.vxd
2010-11-29 13:29:37   141824   ----a-w-   c:\winxp\system32\ClientCpl.cpl
2010-11-29 13:29:36   604928   ----a-w-   c:\winxp\system32\drivers\BCMWL5.SYS
2010-11-29 13:29:34   --------   d-----w-   c:\program files\ASUS
2010-11-29 13:28:02   --------   d-----w-   c:\winxp\system32\Lang
2010-11-29 13:25:57   16269312   ------r-   c:\winxp\RTHDCPL.exe
2010-11-29 13:24:23   --------   d-----w-   c:\docume~1\ljubic~1\locals~1\applic~1\ATI
2010-11-29 13:16:11   32768   ----a-w-   c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-29 13:16:10   729088   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iKernel.dll
2010-11-29 13:16:10   69715   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\ctor.dll
2010-11-29 13:16:10   5632   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\DotNetInstaller.exe
2010-11-29 13:16:10   266240   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iscript.dll
2010-11-29 13:16:10   192512   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iuser.dll
2010-11-29 13:16:10   188548   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\iGdi.dll
2010-11-29 13:16:09   311428   ----a-w-   c:\program files\common files\installshield\professional\runtime\09\01\intel32\setup.dll
2010-11-29 13:16:02   307200   ----a-r-   c:\winxp\system32\atiiiexx.dll
2010-11-29 13:16:00   307200   ----a-r-   c:\winxp\system32\ATIDEMGX.dll
2010-11-29 13:15:54   --------   d-----w-   c:\winxp\system32\ReinstallBackups
2010-11-29 13:15:46   --------   d-----w-   c:\program files\ATI Technologies
2010-11-29 13:15:17   212992   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2010-11-29 13:14:49   7424   ----a-r-   c:\winxp\system32\drivers\MMIOPORT.SYS
2010-11-29 13:02:06   24064   ------w-   c:\winxp\system32\msxml3a.dll
2010-11-29 13:01:41   499712   ------w-   c:\winxp\system32\msvcp71.dll
2010-11-29 13:01:41   348160   ----a-w-   c:\winxp\system32\msvcr71.dll
2010-11-29 13:01:11   --------   d-----w-   C:\MyWorks
2010-11-29 13:00:37   77824   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2010-11-29 13:00:37   32768   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2010-11-29 13:00:37   225280   ----a-w-   c:\program files\common files\installshield\iscript\iscript.dll
2010-11-29 13:00:37   176128   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2010-11-29 13:00:34   610436   ----a-w-   c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe

==================== Find3M  ====================

2010-10-12 17:34:34   119808   ----a-w-   c:\winxp\system32\t2embed.dll
2010-10-12 17:34:32   1861888   ----a-w-   c:\winxp\system32\win32k.sys
2010-10-12 17:34:30   1289216   ----a-w-   c:\winxp\system32\ole32.dll
2010-10-12 17:34:28   919552   ----a-w-   c:\winxp\system32\wininet.dll
2010-10-12 17:34:22   43520   ----a-w-   c:\winxp\system32\licmgr10.dll
2010-10-12 17:34:22   1469440   ----a-w-   c:\winxp\system32\inetcpl.cpl
2010-10-12 17:34:03   317440   ----a-w-   c:\winxp\system32\mp4sdecd.dll
2010-10-12 17:34:02   974848   ----a-w-   c:\winxp\system32\mfc42u.dll
2010-10-12 17:34:02   974848   ----a-w-   c:\winxp\system32\mfc42.dll
2010-10-12 17:34:01   954368   ----a-w-   c:\winxp\system32\mfc40.dll
2010-10-12 17:34:01   953856   ----a-w-   c:\winxp\system32\mfc40u.dll
2010-10-12 17:33:59   590848   ----a-w-   c:\winxp\system32\rpcrt4.dll
2010-10-12 17:33:57   99840   ----a-w-   c:\winxp\system32\srvsvc.dll
2010-10-12 17:33:57   5120   ----a-w-   c:\winxp\system32\xpsp4res.dll
2010-10-12 17:33:55   617472   ----a-w-   c:\winxp\system32\comctl32.dll
2010-10-12 17:33:54   285824   ----a-w-   c:\winxp\system32\atmfd.dll
2004-12-07 08:13:40   479432   ----a-w-   c:\program files\dxsetup.exe
2004-12-07 08:13:38   69832   ----a-w-   c:\program files\DSETUP.dll
2004-12-07 08:13:38   2249416   ----a-w-   c:\program files\dsetup32.dll

============= FINISH:  0:21:00.53 ===============

Imas tu jedan adware ( nista strasno) i raznoraznog smeca...
U sustini,na prvi pogled nista specijalno...




*  Preuzmi Combofix program
Poseti ovu stranicu za download link i Uputstvo za nacin rada i koriscenje Combofix programa:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*  Privremeno iskljuci svoj AntiVirus program.
Poseti ovu stranicu za uputstvo:
http://www.bleepingcomputer.com/forums/topic114351.html

*  Pokreni Combofix! Pitace te za instalaciju Recovery Console,dozvoli mu.
Kad alat zavrsi skeniranje otvorice notepad sa izvestajem (log).
Kopiraj taj izvestaj ovde. (tipicna lokacija loga: C:\ComboFix.txt)

Evo sta sam nasao jos po preporuci od Tomislav91

Da li je neki od ovih .dll mozda u pitanju, a ovo sa combofix cu da uradim malo kasnije, sada moram na posao.

Hvala

 

Searchresult for *.**.**.dll:

25 files found (sorted by filename)

    * 2ndsrch.dll
      Step 1: Use Windows File Search Tool to Find 2ndsrch.dll Path 1. Go to Start > Search > All Files or Folders. 2. In the "All or part of the the file name" section, type in "2ndsrch.dll" file name(s). 3. To get better results, select "Look in...
    * aunps2.dll
      aunps2.dll is a AlwaysUpdatedNews.com related parasite or malware. ##### # Instructions: ##### 1. Click start, choose 'run' 2. Type 'regedit' 3. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run 4. From the right pan...
    * bridge.dll
      Adware.WinFavorites is an adware program that may have two components: an executable file and a Browser Helper Object. When Adware.WinFavorites is executed, it does the following: Attempts to insert the files: bridge.dll bridge.inf Cre...
    * bs2.dll
      Bs3.dll is related to the BookedSpace adware, used to display pop-up advertisement. These instructions is related for bs2.dll, bs3.dll and rem00001.dll ##### # Instructions: ##### 1. Click start, choose 'run' 2. Type 'cmd' - You should now ...
    * bs3.dll
      Bs3.dll is related to the BookedSpace adware, used to display pop-up advertisement. These instructions is related for bs2.dll, bs3.dll and rem00001.dll ##### # Instructions: ##### 1. Click start, choose 'run' 2. Type 'cmd' - You should now ...
    * bxxs5.dll
      bxxs5.dll is included in a trojan/spyware. It is recommended to remove it. bxxs5.dll is part of the SpyWare "BookedSpace". Bazooka Adware and Spyware Scanner detects BookedSpace. Bazooka is freeware and detects spyware, adware, foistware, ...
    * cdaengine0400.dll
      cdaEngine0400.dll is part of WildTangent Spyware. Follow the instructions below, to get rid of cdaEngine0400.dll problems. Uninstall notice for WildTangent Notice that removing WildTangent may cause the program that bundled it to not function as ...
    * ctrlpan.dll
      Troj/StartPg-BG Aliases Trojan.Win32.StartPage.bg Type Trojan Detection A virus identity (IDE) file which provides protection is available now from the Latest virus identities section, and is incorporated into the February 2004 (3.78) re...
    * cygwin1.dll
      Cygwin® POSIX Emulation DLL, v. 1001.8.0.0, Download Sourcecode.
      Notice to users:
      Because of the special technical nature of the Cygwin™ DLL in its role providing POSIX-like services on MS Windows s...
    * d3dx9.dll
      d3dx9.dll exists in many different versions with the file format d3dx9_XX.dll, where XX is replaced by a number.
      Some d3dx9.dll problems may be solved by downloading the latest d3dx9_XX.dll<...
    * e6f1873b.dll
      E6F1873B.DLL is part of an AdWare called BrowserAid. These instructions, will help you to get rid of any startup errors about E6F1873B.DLL. DLL-files.com strongly recommends that you back up the registry before making any changes to it. Incorrect c...
    * kctl32.dll
      kctl32.dll is part of spyware/trojan. The problem occurs, when your computer has deleted kctl32.dll from your system directory. You do not need kctl32.dll to make your system work. Therefor, we provide simple instructions, how to get rid of your p...
    * kernel32.dll
      Win32 Kernel, v. 4.10.2222 (Swedish). Very often problems like: 'error in kernel32.dll'
    * msa64chk.dll
      Manual removal Please follow the instructions below if you would like to remove Mostrar Dialer manually. Please notice that you must follow the instructions very carefully and delete everything that is mentioned. In most cases the removal will fail i...
    * msin32.dll
      msin32.dll is part of Tofger Trojan. Follow the instructions below to get rid of the problem: Step 1 : Use Windows File Search Tool to Find Tofger Trojan Path 1. Go to Start > Search > All Files or Folders. 2. In the "All or part of the the f...
    * ole32ws.dll
      Virus Characteristics Ole32ws.dll is part of a downloader trojan. The purpose of this malware is simply to connect to a remote system, download the specified files to the local machine, and execute those files. When run, the trojan contacts the ...
    * p2esocks_1014.dll
      p2esocks_1014.dll is left from spyware and is not needed by your system. The following step by step instructions, will help you to get rid of your problem. But remember: YOU ARE DOING IT ON YOUR OWN RISK! YOU ARE DOING IT ON YOUR OWN RISK! YOU ARE ...
    * rem00001.dll
      Bs3.dll is related to the BookedSpace adware, used to display pop-up advertisement. These instructions is related for bs2.dll, bs3.dll and rem00001.dll ##### # Instructions: ##### 1. Click start, choose 'run' 2. Type 'cmd' - You should now ...
    * se.dll
      ieplugin.dll is part of Spyware/Trojan, called "ieplugin". ## Overview: IEPlugin is an IE BHO that monitors web site addresses you visit, form contents and even your local file browsing! It also automatically updates and adds a few items to your...
    * sp.dll
      sp.dll and sp.reg is spyware that changes your IE explorer searchpage to http://www.topsearcher.com/ie/. To get rid of it, try the tips below: Goto Start>Programs>Startup If there is a shortcut to SP.DLL, delete it. Goto Start>Run> type MSCO...
    * stlb2.dll
      STLB2.DLL is part of an AdWare called BrowserAid. These instructions, will help you to get rid of any startup errors about STLB2.DLL. DLL-files.com strongly recommends that you back up the registry before making any changes to it. Incorrect changes...
    * stlport.5.1.dll
      STLport, STLport Standard ANSI C++ Library, 5.1.2
    * wdengine.dll
      wdengine.dll is part of Spyware - Wildtangent. The instructions below, comes from the WildTangent Customer help. Follow those instructions, and your problem will be solved. Good Luck! To remove the Web Driver, and associated software, please...
    * winupd.dll
      Description: This adware program may arrive on a system through the Web, manual installation, or as a downloaded program. It also comes packaged with the famous peer-to-peer (P2P) application called FreeWire. It runs on Windows 95, 98, ME, NT, 2000...
    * wnim.dll
      ## Overview: wnim.dll is part of Spyware/Trojan. It is recommended to run a spyware remover, se http://www.dll-files.com/software for more details, and an antivirus software. After that, you may follow the instructions below, to get rid of the anno...

Suggest us to add a dll-file to our website:
Filename:
Make a new search:

Ja nista ne radim napamet...ovo sto si sad ti uradio je trazenje igle u plasti sena.
Zato sam i trazio da pustis dijagnosticki alat da vidim sta se tu desava...da ne nagadjam ( mozda je ovo...probaj ono...ja sam ovako..)

Ja iskreno mislim da tebi pravi problem SQL Server...
fajlove koje ti trazis su po mojoj predpostavci ovi:

c:\winxp\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
c:\winxp\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll

Procitaj opet prvi Tomislavov post pa ce ti biti jasnije.

Ali da ne nagadjamo...odradi sve ovo gore sto sam ti napisao pa da vidimo sta dalje...
Takodje...daj mi da vidim sta ti je to eset detektovao

pa da ne bi nagadjali najbolje daj taj log pa cemo videti,imas ti tu problema  u pC-u..
probaj i ovo..uradicemo sfc /scannow
SFC (system file check)

za sfc /scannow treba ti instalacioni disk sa koga si podigao sistem..Funkcija ove komande ti je da "sredi" ostecene sistemske fajlove"....tj da ih prekopira..

SFC (system file check)
-Zamjenjuje ostecene a vraca “missing“ systemske filove
Jedna od slabo znanih mogucnosti unutar Windowsa XP je SFC funkcija ili punim imenom System File Check. Slabo je poznata jer se nalazi unutar Command Promta u koji mnogi korisnici, a posebno noviji korisnici Windowsa, ne vole zalaziti no u njima ima mnogo korisnih funkcija kao što je i SFC. Pre svega potrebno je staviti Windows instalacijski cd u cd-rom(tvoj service pack) ako ne znas koji je,ides desni klik na my computer,pa properties i pisace ti koji SP imas...


kada si ubacio disk,idi na start-run i tu upisi sfc /scannow i idi na OK



posle ce ti se desavati ovako



cim zavrsi rest racunar

Izvinjavam se ali nisam mogao ranije da se javim, ali evo pripemio sam log ComboFix-a:

ComboFix 10-12-19.03 - xxxxxxx xxxxxxxxxx 20/12/2010  19:02:34.1.1 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1919.1335 [GMT 1:00]
Running from: c:\documents and settings\xxxxxxx xxxxxxxxxx\My Documents\Downloads\ComboFix.exe
AV: Eset NOD32 antivirus system 2.51 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
 * Created a new restore point
 * Resident AV is active

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Microsoft
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\Cache\cache.dat
c:\documents and settings\All Users\Microsoft\OfficeSoftwareProtectionPlatform\tokens.dat
c:\documents and settings\xxxxxxx xxxxxxxxxx\Application Data\Desktopicon

.
(((((((((((((((((((((((((   Files Created from 2010-11-20 to 2010-12-20  )))))))))))))))))))))))))))))))
.

2010-12-04 18:10 . 2010-12-09 16:27   --------   d-----w-   C:\Serije
2010-12-03 16:31 . 2010-12-03 16:31   --------   d-----r-   C:\MSOCache
2010-12-03 15:40 . 2010-12-03 15:40   --------   d-----w-   C:\278de58954fe43cf2b70e91d304ed7ca
2010-11-30 20:29 . 2010-11-30 20:29   --------   d-----w-   C:\Python31
2010-11-29 14:40 . 2010-11-29 14:41   --------   d-----w-   C:\totalcmd
2010-11-29 13:01 . 2010-11-29 13:01   --------   d-----w-   C:\MyWorks

.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-12 17:34 . 2010-10-12 17:34   119808   ----a-w-   c:\winxp\system32\t2embed.dll
2010-10-12 17:34 . 2010-10-12 17:34   1861888   ----a-w-   c:\winxp\system32\win32k.sys
2010-10-12 17:34 . 2010-10-12 17:34   1289216   ----a-w-   c:\winxp\system32\ole32.dll
2010-10-12 17:34 . 2010-10-12 17:34   919552   ----a-w-   c:\winxp\system32\wininet.dll
2010-10-12 17:34 . 2010-10-12 17:34   43520   ----a-w-   c:\winxp\system32\licmgr10.dll
2010-10-12 17:34 . 2010-10-12 17:34   1469440   ----a-w-   c:\winxp\system32\inetcpl.cpl
2010-10-12 17:34 . 2010-10-12 17:34   317440   ----a-w-   c:\winxp\system32\mp4sdecd.dll
2010-10-12 17:34 . 2010-10-12 17:34   974848   ----a-w-   c:\winxp\system32\mfc42u.dll
2010-10-12 17:34 . 2010-10-12 17:34   974848   ----a-w-   c:\winxp\system32\mfc42.dll
2010-10-12 17:34 . 2010-10-12 17:34   954368   ----a-w-   c:\winxp\system32\mfc40.dll
2010-10-12 17:34 . 2010-10-12 17:34   953856   ----a-w-   c:\winxp\system32\mfc40u.dll
2010-10-12 17:33 . 2010-10-12 17:33   590848   ----a-w-   c:\winxp\system32\rpcrt4.dll
2010-10-12 17:33 . 2010-10-12 17:33   99840   ----a-w-   c:\winxp\system32\srvsvc.dll
2010-10-12 17:33 . 2010-10-12 17:33   5120   ----a-w-   c:\winxp\system32\xpsp4res.dll
2010-10-12 17:33 . 2010-10-12 17:33   357248   ----a-w-   c:\winxp\system32\drivers\srv.sys
2010-10-12 17:33 . 2010-10-12 17:33   617472   ----a-w-   c:\winxp\system32\comctl32.dll
2010-10-12 17:33 . 2010-10-12 17:33   285824   ----a-w-   c:\winxp\system32\atmfd.dll
2004-12-07 08:13 . 2004-12-07 08:13   479432   ----a-w-   c:\program files\dxsetup.exe
2004-12-07 08:13 . 2004-12-07 08:13   69832   ----a-w-   c:\program files\DSETUP.dll
2004-12-07 08:13 . 2004-12-07 08:13   2249416   ----a-w-   c:\program files\dsetup32.dll
.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 94208]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"HControl"="c:\winxp\ATK0100\HControl.exe" [2006-10-14 110592]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2010-11-29 921600]
"NeroFilterCheck"="c:\winxp\system32\NeroCheck.exe" [2001-07-09 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-11-29 148888]
"UpdateReminder"="c:\program files\Eset\UpdateReminder.exe" [2010-11-30 434176]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

c:\documents and settings\xxxxxxx xxxxxxxxxx\Start Menu\Programs\Startup\
CCC.lnk - c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [2006-9-29 49152]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 MsDtsServer100;SQL Server Integration Services 10.0;c:\program files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [10/07/2008 01:22 218136]
R2 ReportServer;SQL Server Reporting Services (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [10/07/2008 02:22 1106968]
R2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\winxp\system32\StkCSrv.exe [29/11/2010 14:44 24576]
R3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\winxp\system32\drivers\StkCMini.sys [29/11/2010 14:44 1324544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\winxp\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe --> c:\winxp\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]
S4 MSSQLFDLauncher;SQL Full-text Filter Daemon Launcher (MSSQLSERVER);c:\program files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [10/07/2008 01:15 31256]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [10/07/2008 03:49 47128]
S4 RsFx0102;RsFx0102 Driver;c:\winxp\system32\drivers\RsFx0102.sys [10/07/2008 02:49 242712]
S4 RsFx0103;RsFx0103 Driver;c:\winxp\system32\drivers\RsFx0103.sys [30/03/2009 03:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 03:23 366936]
.
Contents of the 'Scheduled Tasks' folder

2010-12-13 c:\winxp\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\winxp\system32\imon.dll
FF - ProfilePath - c:\documents and settings\xxxxxxx xxxxxxxxxx\Application Data\Mozilla\Firefox\Profiles\xcjluoya.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

ActiveSetup-ccc-core-static - msiexec



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-20 19:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ... 

scanning hidden autostart entries ...

scanning hidden files ... 

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(672)
c:\winxp\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(728)
c:\winxp\system32\imon.dll
.
Completion time: 2010-12-20  19:10:47
ComboFix-quarantined-files.txt  2010-12-20 18:10

Pre-Run: 52,458,827,776 bytes free
Post-Run: 53,083,070,464 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINXP
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINXP="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 25E64C1C973D6349F0E3742A488BDED9

 

Izgleda u redu, prijavljuje ti jos onaj fajl?

Nz zalost, da.

daj mi tacan naziv \ putanju, ili sliku sta Nod detektuje.

Cekaj, ajde ovako, Obrisi taj CF pa skini novi na desktop

Otvori notepad i kopiraj ovo


Snimi na desktop kao CFScript

Prevuci CFScript na ikonicu Combofixa



Postavi mi log