Uzas! Trebam vasu pomoc.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:17:07, on 6.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DU Meter\DUMeterSvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Darko\Desktop\hjt 3\ht3.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\dse235rgd0.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe
O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 8616 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...

* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-11-05.02 - Darko 2008-11-07 0:28:52.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1526 [GMT 1:00]
Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-06 21:35 . 2008-11-07 00:07 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-05 18:01 . 2008-11-05 18:01 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-11-05 18:01 . 2008-11-05 18:19 13,030 --a------ C:\PDOXUSRS.NET
2008-10-31 15:23 . 1999-01-21 23:40 180,224 --------- c:\windows\Res2_uninst.exe
2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-27 23:56 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\documents and settings\Darko\Application Data\SystemRequirementsLab
2008-10-27 23:21 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-10-27 23:21 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-10-27 23:21 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-10-27 23:21 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-10-27 23:21 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-10-27 23:19 . 2008-10-27 23:19 <DIR> d-------- c:\windows\Logs
2008-10-27 20:00 . 2008-10-27 20:00 <DIR> d-------- c:\program files\Rapid Hacker
2008-10-22 22:41 . 2008-10-22 22:41 <DIR> d-------- c:\program files\VeryPDF PDF2Word v3.0
2008-10-22 22:27 . 2008-10-22 22:42 312 --a------ c:\windows\pdf2word.INI
2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\program files\SweetIM
2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM
2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\program files\Apple Software Update
2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\program files\WorldOfGoo
2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-10-07 15:05 . 2008-10-07 15:38 261 --a------ c:\windows\WPE PRO - modified.INI
2008-10-07 10:39 . 2008-10-07 10:39 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 23:32 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK
2008-11-06 23:27 --------- d-----w c:\documents and settings\Darko\Application Data\Skype
2008-11-06 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\skypePM
2008-11-06 15:13 --------- d-----w c:\documents and settings\Darko\Application Data\DMCache
2008-11-05 10:46 --------- d-----w c:\documents and settings\Darko\Application Data\uTorrent
2008-11-04 17:49 --------- d-----w c:\documents and settings\Darko\Application Data\LimeWire
2008-10-31 14:40 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-10-27 22:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-27 22:19 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-27 22:19 22,328 ----a-w c:\documents and settings\Darko\Application Data\PnkBstrK.sys
2008-10-27 22:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe
2008-10-27 22:18 2,250,024 ----a-w c:\windows\system32\pbsvc.exe
2008-10-27 22:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-23 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2008-10-23 11:58 --------- d-----w c:\documents and settings\Darko\Application Data\Xfire
2008-10-21 15:36 --------- d-----w c:\documents and settings\Darko\Application Data\Bioshock
2008-10-11 18:32 --------- d-----w c:\program files\Internet Download Manager
2008-10-07 09:39 --------- d-----w c:\program files\Common Files\Adobe
2008-10-06 18:31 --------- d-----w c:\documents and settings\Darko\Application Data\IDM
2008-10-05 21:24 --------- d-----w c:\program files\NSS
2008-10-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-05 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-05 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-10-05 14:36 817,664 ---h--w c:\windows\system32\wodfamoh.dll
2008-10-02 15:10 --------- d-----w c:\documents and settings\Darko\Application Data\SPORE
2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2008-09-29 19:39 --------- d-----w c:\documents and settings\Darko\Application Data\NSeries
2008-09-29 17:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-09-29 17:36 --------- d-----w c:\program files\World of Warcraft
2008-09-25 18:01 2,856 ----a-w c:\program files\Common Files\unins000.dat
2008-09-25 18:00 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-24 16:42 --------- d-----w c:\program files\Nokia
2008-09-24 16:42 --------- d-----w c:\program files\Common Files\Nokia
2008-09-24 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-09-24 14:12 --------- d-----w c:\program files\CAPCOM
2008-09-24 08:50 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-09-22 20:39 --------- d-----w c:\documents and settings\Darko\Application Data\Nokia
2008-09-22 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-09-22 00:22 --------- d-----w c:\program files\Pro Pinball
2008-09-17 14:41 --------- d-----w c:\program files\Microsoft Works
2008-09-17 14:40 --------- d-----w c:\program files\MSXML 4.0
2008-09-17 13:07 --------- d-----w c:\program files\MSN Messenger
2008-09-17 10:57 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-16 15:06 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-09-16 14:49 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-09-16 14:49 --------- d-----w c:\documents and settings\Darko\Application Data\TuneUp Software
2008-09-16 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-13 23:34 --------- d-----w c:\program files\CyberLink
2008-09-13 23:23 --------- d-----w c:\program files\Xilisoft
2008-09-13 23:23 --------- d-----w c:\documents and settings\Darko\Application Data\Xilisoft Corporation
2008-09-13 23:14 --------- d-----w c:\documents and settings\Darko\Application Data\BSplayer Pro
2008-09-13 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\vlc
2008-09-13 23:06 --------- d-----w c:\documents and settings\Darko\Application Data\dvdcss
2008-09-13 23:05 --------- d-----w c:\program files\VideoLAN
2008-09-13 16:29 --------- d-----w c:\documents and settings\Darko\Application Data\Vso
2008-09-13 08:48 --------- d-----w c:\program files\LimeWire
2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll
2008-09-11 14:23 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-10 23:22 --------- d-----w c:\program files\Qtracker
2008-09-10 23:17 --------- d-----w c:\documents and settings\Darko\Application Data\GSC
2008-09-08 17:52 --------- d-----w c:\program files\Java
2008-09-08 17:51 --------- d-----w c:\program files\Cheatbook 09.2008
2008-09-08 17:46 --------- d-----w c:\program files\Common Files\Java
2008-09-08 17:21 --------- d-----w c:\documents and settings\Darko\Application Data\Media Player Classic
2008-09-08 17:07 --------- d-----w c:\program files\Neoretix
2008-09-08 17:00 --------- d-----w c:\program files\YouTube Downloader
2008-09-08 16:19 --------- d-----w c:\program files\Google
2008-09-08 14:20 --------- d-----w c:\program files\uTorrent
2008-09-08 13:08 --------- d-----w c:\program files\Skype
2008-09-08 13:08 --------- d-----w c:\program files\Common Files\Skype
2008-09-08 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-08 12:24 159,918 ----a-w c:\windows\Marsu-Fix 2.3 Uninstaller.exe
2008-09-08 12:21 --------- d-----w c:\program files\ESET
2008-09-08 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe
2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll
2008-06-25 15:42 119 ----a-w c:\program files\uninstall.url
2008-04-18 08:52 49,024 ----a-w c:\windows\inf\gsiata.sys
2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
2007-04-26 12:37 2,168,069 ----a-w c:\program files\invsecr.exe
1996-12-02 17:44 582,144 ----a-w c:\program files\Common Files\dao350.dll
1996-12-02 11:27 73,184 ----a-w c:\program files\Common Files\dao2535.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-11"="advpack.dll" [2008-06-23 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="c:\program files\KGB\Mpk.exe" [2007-10-09 930304]

c:\documents and settings\Darko\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-30 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-30 20:03 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 15:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-10-10 18:50 2607616 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 21:02 1082152 c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 21:02 2048808 c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-09-28 17:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-10 13:27 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset]
--a------ 2008-04-28 19:57 208353 c:\windows\fix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
"c:\\Program Files\\KGB\\Mpk.exe"=
"c:\\Program Files\\KGB\\MpkView.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\Program Files\\TmNationsForever\\TmForever.exe"=
"i:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 enport;enport;c:\windows\system32\drivers\enport.sys [2008-04-18 4992]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 50984]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-16 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}]
\Shell\AutoOpen\command - e:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}]
\Shell\AutoRun\command - E:\dwg3gngs.exe
\Shell\explore\Command - E:\dwg3gngs.exe
\Shell\open\Command - E:\dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}]
\Shell\Auto\command - J:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Darko\Application Data\Mozilla\Firefox\Profiles\cbcvrs3p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-07 00:32:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
Completion time: 2008-11-07 0:33:08
ComboFix-quarantined-files.txt 2008-11-06 23:32:55
ComboFix2.txt 2008-11-06 22:46:47
ComboFix3.txt 2008-11-06 22:28:19
ComboFix4.txt 2008-11-06 20:58:29

Pre-Run: 13.980.884.992 bytes free
Post-Run: 13,955,461,120 bytes free

311 --- E O F --- 2008-09-17 14:47:47

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napravio si haos za mene... Zašto si pokretao ComboFix nekoliko puta?
Molim te, priloži mi prvi log koji si dobio...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Combofix sam pokretao vise puta, zato sto mi se komp restartovao u pola procedure Combofix-a. Kako sada da nadjem prvi log?

Dopuna: 07 Nov 2008 10:42

Nasao sam prvi.



ComboFix 08-11-05.02 - Darko 2008-11-06 21:49:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1352 [GMT 1:00]
Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
c:\documents and settings\Darko\Desktop\flash 4g\Darko Logic 54\Desktop_.ini
c:\program files\FunWebProducts
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dse235rgd0.dll
c:\windows\system32\packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wedasgads0.dll
c:\windows\system32\wpcap.dll
D:\Autorun.inf
G:\Autorun.inf
g:\recycler\Desktop_.ini
H:\Autorun.inf
h:\recycler\Desktop_.ini
I:\Autorun.inf
K:\autorun.inf
K:\hni.cmd

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 )))))))))))))))))))))))))))))))
.

2008-11-06 21:35 . 2008-11-06 21:35 <DIR> d-------- c:\program files\Enigma Software Group
2008-11-05 18:01 . 2008-11-05 18:01 <DIR> d-------- c:\program files\Common Files\Borland Shared
2008-11-05 18:01 . 2008-11-05 18:19 13,030 --a------ C:\PDOXUSRS.NET
2008-10-31 15:23 . 1999-01-21 23:40 180,224 --------- c:\windows\Res2_uninst.exe
2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\windows\system32\AGEIA
2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-27 23:56 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb
2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\program files\SystemRequirementsLab
2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\documents and settings\Darko\Application Data\SystemRequirementsLab
2008-10-27 23:21 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll
2008-10-27 23:21 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll
2008-10-27 23:21 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll
2008-10-27 23:21 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll
2008-10-27 23:21 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll
2008-10-27 23:19 . 2008-10-27 23:19 <DIR> d-------- c:\windows\Logs
2008-10-27 20:00 . 2008-10-27 20:00 <DIR> d-------- c:\program files\Rapid Hacker
2008-10-22 22:41 . 2008-10-22 22:41 <DIR> d-------- c:\program files\VeryPDF PDF2Word v3.0
2008-10-22 22:27 . 2008-10-22 22:42 312 --a------ c:\windows\pdf2word.INI
2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\program files\SweetIM
2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM
2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\program files\Apple Software Update
2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\program files\WorldOfGoo
2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy
2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll
2008-10-07 15:05 . 2008-10-07 15:38 261 --a------ c:\windows\WPE PRO - modified.INI
2008-10-07 10:39 . 2008-10-07 10:39 <DIR> d-------- c:\program files\Bonjour

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-06 20:54 --------- d-----w c:\documents and settings\Darko\Application Data\skypePM
2008-11-06 20:54 --------- d-----w c:\documents and settings\Darko\Application Data\Skype
2008-11-06 20:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK
2008-11-06 15:13 --------- d-----w c:\documents and settings\Darko\Application Data\DMCache
2008-11-05 10:46 --------- d-----w c:\documents and settings\Darko\Application Data\uTorrent
2008-11-04 17:49 --------- d-----w c:\documents and settings\Darko\Application Data\LimeWire
2008-10-27 22:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-27 22:19 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-10-27 22:19 22,328 ----a-w c:\documents and settings\Darko\Application Data\PnkBstrK.sys
2008-10-27 22:13 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-23 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft
2008-10-23 11:58 --------- d-----w c:\documents and settings\Darko\Application Data\Xfire
2008-10-21 15:36 --------- d-----w c:\documents and settings\Darko\Application Data\Bioshock
2008-10-11 18:32 --------- d-----w c:\program files\Internet Download Manager
2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys
2008-10-07 09:39 --------- d-----w c:\program files\Common Files\Adobe
2008-10-06 18:31 --------- d-----w c:\documents and settings\Darko\Application Data\IDM
2008-10-05 21:24 --------- d-----w c:\program files\NSS
2008-10-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-10-05 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-10-05 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania
2008-10-02 15:10 --------- d-----w c:\documents and settings\Darko\Application Data\SPORE
2008-09-29 19:39 --------- d-----w c:\documents and settings\Darko\Application Data\NSeries
2008-09-29 17:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment
2008-09-29 17:36 --------- d-----w c:\program files\World of Warcraft
2008-09-25 18:01 2,856 ----a-w c:\program files\Common Files\unins000.dat
2008-09-25 18:00 728,858 ----a-w c:\program files\Common Files\unins000.exe
2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-09-24 16:42 --------- d-----w c:\program files\Nokia
2008-09-24 16:42 --------- d-----w c:\program files\Common Files\Nokia
2008-09-24 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2008-09-24 14:12 --------- d-----w c:\program files\CAPCOM
2008-09-22 20:39 --------- d-----w c:\documents and settings\Darko\Application Data\Nokia
2008-09-22 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2008-09-22 00:22 --------- d-----w c:\program files\Pro Pinball
2008-09-17 14:41 --------- d-----w c:\program files\Microsoft Works
2008-09-17 14:40 --------- d-----w c:\program files\MSXML 4.0
2008-09-17 13:07 --------- d-----w c:\program files\MSN Messenger
2008-09-17 10:57 --------- d-----w c:\program files\DAEMON Tools Lite
2008-09-16 15:06 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-09-16 14:49 --------- d-----w c:\documents and settings\Darko\Application Data\TuneUp Software
2008-09-16 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-09-13 23:34 --------- d-----w c:\program files\CyberLink
2008-09-13 23:23 --------- d-----w c:\program files\Xilisoft
2008-09-13 23:23 --------- d-----w c:\documents and settings\Darko\Application Data\Xilisoft Corporation
2008-09-13 23:14 --------- d-----w c:\documents and settings\Darko\Application Data\BSplayer Pro
2008-09-13 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\vlc
2008-09-13 23:06 --------- d-----w c:\documents and settings\Darko\Application Data\dvdcss
2008-09-13 23:05 --------- d-----w c:\program files\VideoLAN
2008-09-13 16:29 --------- d-----w c:\documents and settings\Darko\Application Data\Vso
2008-09-13 08:48 --------- d-----w c:\program files\LimeWire
2008-09-11 14:23 --------- d-----w c:\program files\Messenger Plus! Live
2008-09-10 23:22 --------- d-----w c:\program files\Qtracker
2008-09-10 23:17 --------- d-----w c:\documents and settings\Darko\Application Data\GSC
2008-09-08 17:52 --------- d-----w c:\program files\Java
2008-09-08 17:51 --------- d-----w c:\program files\Cheatbook 09.2008
2008-09-08 17:46 --------- d-----w c:\program files\Common Files\Java
2008-09-08 17:21 --------- d-----w c:\documents and settings\Darko\Application Data\Media Player Classic
2008-09-08 17:07 --------- d-----w c:\program files\Neoretix
2008-09-08 17:00 --------- d-----w c:\program files\YouTube Downloader
2008-09-08 16:19 --------- d-----w c:\program files\Google
2008-09-08 14:20 --------- d-----w c:\program files\uTorrent
2008-09-08 13:08 --------- d-----w c:\program files\Skype
2008-09-08 13:08 --------- d-----w c:\program files\Common Files\Skype
2008-09-08 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-09-08 12:24 159,918 ----a-w c:\windows\Marsu-Fix 2.3 Uninstaller.exe
2008-09-08 12:21 --------- d-----w c:\program files\ESET
2008-09-08 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-06-25 15:42 119 ----a-w c:\program files\uninstall.url
2008-04-18 08:52 49,024 ----a-w c:\windows\inf\gsiata.sys
2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg
2007-04-26 12:37 2,168,069 ----a-w c:\program files\invsecr.exe
1996-12-02 17:44 582,144 ----a-w c:\program files\Common Files\dao350.dll
1996-12-02 11:27 73,184 ----a-w c:\program files\Common Files\dao2535.tlb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt]
@="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}"
[HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}]
2007-12-13 21:02 96552 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 851968]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"ShowDeskFix"="shell32" [X]
"IE7-11"="advpack.dll" [2008-06-23 c:\windows\system32\advpack.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Mpk.exe"="c:\program files\KGB\Mpk.exe" [2007-10-09 930304]

c:\documents and settings\Darko\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-30 3581680]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-05-30 20:03 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2007-09-18 15:16 171464 c:\program files\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan]
--a------ 2008-10-10 18:50 2607616 c:\program files\Internet Download Manager\IDMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2007-12-13 21:02 1082152 c:\program files\Nero\Nero8\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc]
--a------ 2007-12-13 21:02 2048808 c:\program files\Nero\Nero8\InCD\NBHGui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
-ra------ 2008-09-28 17:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-10 13:27 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset]
--a------ 2008-04-28 19:57 208353 c:\windows\fix.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
--a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat]
--a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
-r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"=
"c:\\Program Files\\Net Tools\\nettools5.exe"=
"c:\\Program Files\\KGB\\Mpk.exe"=
"c:\\Program Files\\KGB\\MpkView.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"i:\\Program Files\\TmNationsForever\\TmForever.exe"=
"i:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"i:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 enport;enport;c:\windows\system32\drivers\enport.sys [2008-04-18 4992]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560]
R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672]
R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 50984]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-16 355584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}]
\Shell\AutoOpen\command - e:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}]
\Shell\AutoRun\command - E:\dwg3gngs.exe
\Shell\explore\Command - E:\dwg3gngs.exe
\Shell\open\Command - E:\dwg3gngs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}]
\Shell\Auto\command - J:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}]
\Shell\Auto\command - G:\UFO.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe
.
Contents of the 'Scheduled Tasks' folder

2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe
MSConfigStartUp-AdVantage Setup - c:\program files\DAEMON Tools Lite\AdVantageSetup.exe
MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-Invisible Secrets 4 - c:\progra~1\INVISI~1\invtray.exe
MSConfigStartUp-kxva - c:\windows\system32\kxvo.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Darko\Application Data\Mozilla\Firefox\Profiles\cbcvrs3p.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-11-06 21:54:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DUMeterSvc]
"ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\system32\winlogon.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: c:\windows\system32\lsass.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: c:\windows\explorer.exe
-> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
-> c:\program files\Stardock\ObjectDock\DockShellHook.dll
-> c:\program files\KGB\MPK.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Nero\Nero8\InCD\InCDsrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-06 21:58:27 - machine was rebooted [Darko]
ComboFix-quarantined-files.txt 2008-11-06 20:58:23

Pre-Run: 8.667.115.520 bytes free
Post-Run: 8,776,036,352 bytes free

361 --- E O F --- 2008-09-17 14:47:47

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini na čekanju...

Da li si ti instalirao KGB Keylogger?

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\fix.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Bilo bi poželjno da preko opcije Prikači fajl priložiš i ostale logove koje je napravio ComboFix...