MyCity » Ambulanta -> Arhiva Ambulante » windows live messenger problem!!

windows live messenger problem!!

Napisano na dan: 10.8.2009
1

windows live messenger problem!!
Sledeća strana Pagination

Idi na vrh

Poslao: 10 Avg 2009 17:30
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 17:11

Zdravo,
Evo ovako, problem je pocheo da se pojavljuje pre 5 minuta..ali tachno kada sam instalirao jedan software(magix music maker)..tada mi je izbacilo prvi put, mislio da je zbog njega (i dalje stojim iza toga) onda sam uninstallirao taj software medjutim i dalje imam isti error koji glasi "windows live messenger has encountered a problem and needs to close"
od antivirusa imam NOD32 .. shto se tiche konekcije..kablovski internet download 1Mb/s a upload 128 Kb/s...rachunar lap top: acer aspire7520...






DDS (Ver_09-07-30.01) - NTFSx86
Run by drummer at 15:55:17,48 on pon 10.08.2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1126 [GMT 2:00]

AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

============== Running Processes ===============

D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\LAUNCH~1\LManager.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
D:\Program Files\LogMeIn\x86\LogMeInSystray.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
E:\Program Files\DAEMON Tools Lite\daemon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\ICQ6Toolbar\ICQ Service.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\Program Files\LogMeIn\x86\RaMaint.exe
D:\Program Files\LogMeIn\x86\LogMeIn.exe
D:\Program Files\LogMeIn\x86\LMIGuardian.exe
D:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
D:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\WINDOWS\Packs\Crystal XP\YzToolbar\YzToolbar.exe
D:\WINDOWS\system32\svchost.exe -k imgsvc
"D:\WINDOWS\system32\svchost.exe" 40706
D:\DOCUME~1\drummer\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Windows Media Player\wmplayer.exe
D:\Documents and Settings\drummer\Application Data\taskeng.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\drummer\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
mWinlogon: Taskman=d:\recycler\s-1-5-21-4456771915-1687149246-966499079-6899\rundll32.exe
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - e:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: UrlHelper Class: {74322bf9-df26-493f-b0da-6d2fc5e6429e} - d:\program files\bearshare applications\bearshare mediabar\BearShareIEHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - d:\program files\bs_player\tbBS_1.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - d:\program files\bs_player\tbBS_1.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - d:\program files\bearshare applications\bearshare mediabar\BearShareMediaBar.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - d:\program files\icq6toolbar\ICQToolBar.dll
uRun: [NVIDIA nTune] "d:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
uRun: [Skype] "d:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] e:\program files\daemon tools lite\daemon.exe -autorun
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [MSMSGS] "d:\program files\messenger\msmsgs.exe" /background
uRun: [Google Update] "d:\documents and settings\drummer\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ICQ] "d:\program files\icq6\ICQ.exe" silent
uRun: [ALLUpdate] "e:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [MicrosoftUpdate] d:\documents and settings\drummer\application data\taskeng.exe
mRun: [LManager] d:\progra~1\launch~1\LManager.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [NeroFilterCheck] d:\windows\system32\NeroCheck.exe
mRun: [H2O] d:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [LogMeIn GUI] "d:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Google Desktop Search] "d:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRunOnce: [GrpConv] grpconv.exe -o
mRunOnce: [WMC_0] d:\windows\system32\regsvr32.exe /s "d:\windows\system32\wmv8dmod.dll"
mRunOnce: [WMC_1] d:\windows\system32\regsvr32.exe /s "d:\windows\system32\mp4sds32.ax"
StartupFolder: d:\docume~1\drummer\startm~1\programs\startup\hamachi.lnk - d:\program files\hamachi\hamachi.exe
StartupFolder: d:\docume~1\drummer\startm~1\programs\startup\y'ztoo~1.lnk - d:\windows\packs\crystal xp\yztoolbar\YzToolbar.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - e:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueso~1.lnk - d:\program files\ivt corporation\bluesoleil\BlueSoleil.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - e:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - e:\program files\microsoft office\office10\OSA.EXE
IE: E&xport to Microsoft Excel - e:\progra~1\micros~1\office10\EXCEL.EXE/3000
IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - e:\program files\icqlite\ICQLite.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - d:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - d:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - d:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: d:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\drummer\applic~1\mozilla\firefox\profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - plugin: d:\documents and settings\drummer\application data\mozilla\firefox\profiles\v28llpsn.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: e:\program files\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\divx\divx web player\npdivx32.dll
FF - plugin: e:\program files\google\picasa3\npPicasa3.dll
FF - plugin: e:\program files\itunes\mozilla plugins\npitunes.dll
FF - HiddenExtension: Java Console: No Registry Reference - d:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800]
R2 ekrn;Eset Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224]
R2 ICQ Service;ICQ Service;d:\program files\icq6toolbar\ICQ Service.exe [2009-6-26 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-18 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [2009-4-27 33792]
S2 RPCHGM;Remote Procedure Call (HGM);d:\program files\netmeeting\secedit.exe [2009-7-9 22863560]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-5 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [2009-7-19 30336]
S3 NPF;NetGroup Packet Filter Driver;d:\windows\system32\drivers\npf.sys [2003-4-4 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-08-10 15:34 28 a------- d:\windows\Robota.INI
2009-08-10 15:34 <DIR> --d----- d:\docume~1\drummer\applic~1\MAGIX
2009-08-10 15:34 420,240 a------- d:\windows\system32\mpg4c32.dll
2009-08-10 15:34 309,616 a------- d:\windows\system32\wmv8dmod.dll
2009-08-10 15:34 245,760 a------- d:\windows\system32\mp4sds32.ax
2009-08-10 15:33 <DIR> --d----- d:\docume~1\alluse~1\applic~1\MAGIX
2009-08-10 15:32 55,296 a------- d:\docume~1\drummer\applic~1\taskeng.exe
2009-08-10 15:32 120,200 a------- d:\windows\system32\DLLDEV32i.dll
2009-08-10 15:31 700,416 a------- d:\windows\system32\mgxoschk.dll
2009-08-10 15:31 5,937 a------- d:\windows\mgxoschk.ini
2009-08-10 15:31 <DIR> --d----- d:\windows\system32\MAGIX
2009-08-06 22:48 <DIR> --d----- d:\docume~1\drummer\applic~1\pokerth
2009-08-04 15:41 <DIR> --d----- d:\docume~1\alluse~1\applic~1\Messenger Plus!
2009-08-04 15:25 <DIR> --d----- d:\program files\Messenger Plus! Live
2009-07-28 03:19 10 a------- d:\windows\system32\810429tv4-test.jun
2009-07-27 12:26 90,624 a------- d:\windows\system32\drivers\kswdmcap.ax
2009-07-27 12:26 61,952 a------- d:\windows\system32\drivers\kstvtune.ax
2009-07-27 12:26 28,672 a------- d:\windows\system32\drivers\vidcap.ax
2009-07-27 12:26 53,760 a------- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-27 12:26 43,008 a------- d:\windows\system32\drivers\ksxbar.ax
2009-07-27 12:25 <DIR> --d----- d:\program files\IVT Corporation
2009-07-23 17:57 73,728 a------- d:\windows\system32\np_plugin.dll
2009-07-23 15:06 <DIR> --d----- d:\program files\Hamachi
2009-07-21 14:15 978 a------- d:\windows\eReg.dat
2009-07-19 17:23 38,400 a------- d:\windows\system32\CoInst.dll
2009-07-19 17:23 30,336 a------- d:\windows\system32\drivers\glauiad.sys
2009-07-19 17:23 <DIR> --d----- d:\program files\MT882
2009-07-19 17:23 19,220 -------- d:\windows\wwdslcfg.ini
2009-07-19 13:03 356,352 a------- d:\windows\system32\nvunrm.exe
2009-07-19 13:03 3,903 a------- d:\windows\system32\nvnrm.nvu
2009-07-19 13:02 110,592 a------- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 13:02 927,616 a------- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 13:02 261,632 a------- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 13:02 196,096 a------- d:\windows\system32\fdco1.dll
2009-07-19 13:02 46,720 a------- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 13:02 37,888 a------- d:\windows\system32\nvconrm.dll
2009-07-19 13:02 19,968 a------- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 13:02 9,216 a------- d:\windows\system32\bdco1.dll
2009-07-18 13:57 <DIR> --d----- d:\program files\Windows Journal Viewer
2009-07-14 20:00 287 a------- d:\windows\game.ini

==================== Find3M ====================

2009-07-23 15:06 25,280 a------- d:\windows\system32\drivers\hamachi.sys
2009-07-14 20:01 163,644 a------- d:\windows\system32\drivers\secdrv.sys
2009-07-09 13:24 4,224 a------- d:\windows\system32\drivers\beep.sys
2009-06-30 15:44 410,984 a------- d:\windows\system32\deploytk.dll
2009-04-20 23:15 321,144 ---sh--- d:\windows\system\taksmgr.exe

============= FINISH: 15:55:32,28 ===============



mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

Dopuna: 10 Avg 2009 17:30

btw..evo sad mi je nod32 nashao "agent trojan"

Poslao: 10 Avg 2009 17:56
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav


Možeš li da mi napišeš tačan naziv toga što je Nod pronašao ili da postaviš screenshot.

Poslao: 10 Avg 2009 17:58
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

naravno da mogu..evo =)

Poslao: 10 Avg 2009 19:34
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 10 Avg 2009 21:30
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 20:40

ComboFix 09-08-10.01 - drummer 10.08.2009 20:25.3.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1199 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?
d:\program files\WinPCap
d:\recycler\S-1-5-21-0056532458-2609463537-714068108-3946
d:\recycler\S-1-5-21-0590401594-6593298714-219960741-7251
d:\recycler\S-1-5-21-2197395233-5248240419-077525495-4148
d:\recycler\S-1-5-21-3822486133-5703383009-008114228-9295
d:\recycler\S-1-5-21-4456771915-1687149246-966499079-6899
d:\recycler\S-1-5-21-5291197734-9644642997-082478803-0022
d:\recycler\S-1-5-21-5415480734-9121397537-086191643-2756
d:\recycler\S-1-5-21-9840785061-2071684429-652846412-1914

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2009-08-10 13:32 55296 ----a-w- d:\documents and settings\drummer\Application Data\taskeng.exe
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-04 13:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 18:35 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-10 18:35 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-10 00:08 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-09 23:37 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-09 15:36 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-08 16:54 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
2009-04-20 21:15 . 2009-04-20 21:15 321144 --sh--w- d:\windows\system\taksmgr.exe
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S2 RPCHGM;Remote Procedure Call (HGM);d:\program files\NetMeeting\secedit.exe [9.7.2009 13:00 22863560]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ICQ - d:\program files\ICQ6\ICQ.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-10 20:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(3544)
d:\windows\system32\CRYPT32.dll
d:\windows\system32\MSASN1.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
d:\windows\system32\nvcpl.dll
d:\windows\system32\OLEACC.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\nvapi.dll
d:\windows\system32\nvshell.dll
d:\windows\system32\browselc.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
e:\progra~1\SPYBOT~1\SDHelper.dll
d:\windows\system32\LMIRfsClientNP.dll
e:\program files\Microsoft Office\Office10\msohev.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\rundll32.exe
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\LogMeIn\x86\ramaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-08-10 20:38 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 18:38
ComboFix2.txt 2009-04-26 20:50

Pre-Run: 2.256.793.600 bytes free
Post-Run: 2.181.730.304 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
multi(0)disk(0)rdisk(0)partition(4)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

291

Dopuna: 10 Avg 2009 21:30

ej Smile
sad sam otvorio msn..i josh mi nije izbacio error...
ali ne znam da li je ochishceno .. Very Happy

Poslao: 10 Avg 2009 22:44
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:

File::
d:\documents and settings\drummer\Application Data\taskeng.exe
d:\windows\system\taksmgr.exe
d:\program files\NetMeeting\secedit.exe

Driver::
RPCHGM


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 11 Avg 2009 00:30
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 10 Avg 2009 23:38

ComboFix 09-08-10.01 - drummer 10.08.2009 23:28.4.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1129 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drummer\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"d:\documents and settings\drummer\Application Data\taskeng.exe"
"d:\program files\NetMeeting\secedit.exe"
"d:\windows\system\taksmgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

?

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCHGM
-------\Service_RPCHGM


((((((((((((((((((((((((( Files Created from 2009-07-10 to 2009-08-10 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2009-08-10 21:28 55296 ----a-w- d:\documents and settings\drummer\Application Data\taskeng.exe
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-04 13:41 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 21:33 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-10 21:27 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-10 19:27 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-10 00:08 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-09 23:37 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-08 16:54 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_18.35.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_ca8.dat
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_80.dat
+ 2009-08-10 21:33 . 2009-08-10 21:33 16384 d:\windows\Temp\Perflib_Perfdata_668.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 66778 d:\windows\system32\perfc009.dat
+ 2001-08-23 19:00 . 2009-08-10 18:39 66778 d:\windows\system32\perfc009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-08-23 19:00 . 2009-08-10 18:39 428160 d:\windows\system32\perfh009.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 428160 d:\windows\system32\perfh009.dat
- 2009-04-20 21:15 . 2009-04-20 21:15 321144 d:\windows\system\taksmgr.exe
+ 2009-04-20 21:15 . 2009-08-10 21:28 321144 d:\windows\system\taksmgr.exe
+ 2009-08-10 21:31 . 2009-08-10 21:31 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-10 23:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(900)
d:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2768-)
d:\windows\system32\CRYPT32.dll
d:\windows\system32\MSASN1.dll
d:\windows\System32\cscui.dll
d:\windows\system32\ntshrui.dll
d:\windows\system32\SETUPAPI.dll
d:\windows\system32\NETSHELL.dll
d:\windows\system32\credui.dll
e:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
d:\windows\system32\nvcpl.dll
d:\windows\system32\MSVCP60.dll
d:\windows\system32\nvapi.dll
d:\windows\system32\nvshell.dll
d:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
d:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\LogMeIn\x86\ramaint.exe
d:\program files\LogMeIn\x86\LogMeIn.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\program files\NVIDIA Corporation\nTune\nTuneService.exe
d:\windows\system32\nvsvc32.exe
d:\windows\system32\wdfmgr.exe
d:\windows\system32\rundll32.exe
d:\program files\LogMeIn\x86\LMIGuardian.exe
d:\docume~1\drummer\LOCALS~1\temp\RtkBtMnt.exe
d:\program files\Skype\Plugin Manager\skypePM.exe
d:\windows\system32\wscntfy.exe
d:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2009-08-10 23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-10 21:36
ComboFix2.txt 2009-08-10 18:38
ComboFix3.txt 2009-04-26 20:50

Pre-Run: 2.250.158.080 bytes free
Post-Run: 2.182.615.040 bytes free

299

Dopuna: 11 Avg 2009 0:30

??? Very Happy imal' shta Smile

Poslao: 11 Avg 2009 16:29
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ima Smile

Obriši taj ComboFix.

Preuzmi novu verziju sa linka gore i ponovi postupak sa CFScript koju sam ti napisao.


Napomena: Nemoj deinstalirati ComboFix već ga samo obriši sa desktopa.

Poslao: 11 Avg 2009 21:17
Idi na vrh
offline
  • Pridružio: 26 Apr 2009
  • Poruke: 42
  • Gde živiš: Bijeljina

Napisano: 11 Avg 2009 20:51

ComboFix 09-08-10.06 - drummer 11.08.2009 20:40.5.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1791.1134 [GMT 2:00]
Running from: d:\documents and settings\drummer\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\drummer\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"d:\documents and settings\drummer\Application Data\taskeng.exe"
"d:\program files\NetMeeting\secedit.exe"
"d:\windows\system\taksmgr.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\documents and settings\drummer\Application Data\taskeng.exe
d:\program files\Internet Explorer\ods.exe
d:\program files\NetMeeting\secedit.exe
d:\windows\system\taksmgr.exe
d:\windows\system32\drivers\npf.sys
d:\windows\system32\Packet.dll
d:\windows\system32\pthreadVC.dll
d:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-10 13:34 . 2009-08-10 13:34 -------- d-----w- d:\documents and settings\drummer\Application Data\MAGIX
2009-08-10 13:34 . 2001-05-16 15:54 309616 ----a-w- d:\windows\system32\wmv8dmod.dll
2009-08-10 13:34 . 2001-05-11 11:18 420240 ----a-w- d:\windows\system32\mpg4c32.dll
2009-08-10 13:32 . 2007-04-27 08:43 120200 ----a-w- d:\windows\system32\DLLDEV32i.dll
2009-08-10 13:31 . 2009-08-10 13:40 -------- d-----w- d:\windows\system32\MAGIX
2009-08-10 13:31 . 2008-04-15 14:14 700416 ----a-w- d:\windows\system32\mgxoschk.dll
2009-08-06 20:48 . 2009-08-06 20:48 -------- d-----w- d:\documents and settings\drummer\Application Data\pokerth
2009-08-04 13:41 . 2009-08-11 18:14 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-08-04 13:25 . 2009-08-04 13:25 -------- d-----w- d:\program files\Messenger Plus! Live
2009-07-27 10:43 . 2009-07-27 10:43 -------- d-----w- d:\documents and settings\All Users\Application Data\Bluetooth
2009-07-27 10:26 . 2004-08-03 22:56 53760 ----a-w- d:\windows\system32\drivers\vfwwdm32.dll
2009-07-23 15:57 . 2009-07-23 15:57 73728 ----a-w- d:\windows\system32\np_plugin.dll
2009-07-23 13:06 . 2009-07-23 13:07 -------- d-----w- d:\program files\Hamachi
2009-07-23 11:41 . 2009-07-23 11:41 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Ahead
2009-07-21 12:15 . 2009-07-21 12:28 978 ----a-w- d:\windows\eReg.dat
2009-07-19 15:23 . 2006-03-20 07:32 30336 ----a-w- d:\windows\system32\drivers\glauiad.sys
2009-07-19 15:23 . 2005-08-22 09:22 38400 ----a-w- d:\windows\system32\CoInst.dll
2009-07-19 15:23 . 2009-07-19 15:23 -------- d-----w- d:\program files\MT882
2009-07-19 11:03 . 2007-07-23 21:11 356352 ----a-w- d:\windows\system32\nvunrm.exe
2009-07-19 11:02 . 2007-07-23 21:11 110592 ----a-w- d:\windows\system32\drivers\nvtcp.sys
2009-07-19 11:02 . 2007-07-23 21:11 927616 ----a-w- d:\windows\system32\drivers\nvnrm.sys
2009-07-19 11:02 . 2007-07-23 21:11 9216 ----a-w- d:\windows\system32\bdco1.dll
2009-07-19 11:02 . 2007-07-23 21:11 46720 ----a-w- d:\windows\system32\drivers\NVENETFD.sys
2009-07-19 11:02 . 2007-07-23 21:11 37888 ----a-w- d:\windows\system32\nvconrm.dll
2009-07-19 11:02 . 2007-07-23 21:11 261632 ----a-w- d:\windows\system32\drivers\nvsnpu.sys
2009-07-19 11:02 . 2007-07-23 21:11 19968 ----a-w- d:\windows\system32\drivers\nvnetbus.sys
2009-07-19 11:02 . 2007-07-23 21:11 196096 ----a-w- d:\windows\system32\fdco1.dll
2009-07-18 11:57 . 2009-07-18 11:57 -------- d-----w- d:\program files\Windows Journal Viewer
2009-07-17 15:18 . 2009-08-02 10:20 -------- d-----w- d:\documents and settings\drummer\Local Settings\Application Data\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-11 18:44 . 2009-04-18 10:07 -------- d-----w- d:\documents and settings\drummer\Application Data\Skype
2009-08-11 14:03 . 2009-04-18 10:08 -------- d-----w- d:\documents and settings\drummer\Application Data\skypePM
2009-08-11 11:53 . 2009-04-22 20:23 -------- d-----w- d:\documents and settings\drummer\Application Data\Hamachi
2009-08-11 02:18 . 2009-06-18 15:44 -------- d-----w- d:\program files\LogMeIn
2009-08-11 01:40 . 2009-06-18 13:30 -------- d-----w- d:\program files\SpeedFan
2009-08-11 00:45 . 2009-05-08 07:33 -------- d-----w- d:\documents and settings\drummer\Application Data\Audacity
2009-08-10 13:39 . 2009-08-10 13:33 -------- d-----w- d:\documents and settings\All Users\Application Data\MAGIX
2009-08-10 13:35 . 2009-04-18 09:53 36424 ----a-w- d:\documents and settings\drummer\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-10 13:30 . 2009-04-18 17:21 -------- d-----w- d:\documents and settings\drummer\Application Data\uTorrent
2009-08-01 17:40 . 2009-05-13 20:41 -------- d-----w- d:\documents and settings\drummer\Application Data\gtk-2.0
2009-07-30 20:54 . 2009-04-18 09:40 -------- d-----w- d:\program files\Launch Manager
2009-07-27 18:31 . 2009-06-30 13:45 -------- d-----w- d:\documents and settings\drummer\Application Data\LimeWire
2009-07-27 10:25 . 2009-07-27 10:25 -------- d-----w- d:\program files\IVT Corporation
2009-07-27 10:25 . 2009-04-18 09:34 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-07-23 13:06 . 2009-04-22 20:23 25280 ----a-w- d:\windows\system32\drivers\hamachi.sys
2009-07-20 12:33 . 2009-04-18 22:15 -------- d-----w- d:\documents and settings\drummer\Application Data\BSplayer
2009-07-14 18:01 . 2004-07-17 09:36 163644 ----a-w- d:\windows\system32\drivers\secdrv.sys
2009-07-09 14:50 . 2009-04-18 22:15 -------- d-----w- d:\program files\BS_Player
2009-07-09 12:50 . 2009-07-09 12:50 -------- d-----w- d:\documents and settings\All Users\Application Data\Blizzard
2009-07-09 11:24 . 2001-08-23 19:00 4224 ----a-w- d:\windows\system32\drivers\beep.sys
2009-07-05 11:20 . 2009-04-26 13:38 -------- d-----w- d:\program files\Google
2009-07-02 10:20 . 2009-06-27 14:54 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQ
2009-06-30 13:44 . 2009-06-30 13:44 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-06-30 13:44 . 2009-06-30 13:44 -------- d-----w- d:\program files\Java
2009-06-30 13:44 . 2009-06-30 13:44 152576 ----a-w- d:\documents and settings\drummer\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-28 01:22 . 2009-06-26 17:58 -------- d-----w- d:\program files\ICQ6Toolbar
2009-06-27 17:42 . 2009-06-27 17:42 -------- d-----w- d:\documents and settings\drummer\Application Data\DivX
2009-06-27 15:35 . 2009-06-27 15:32 -------- d-----w- d:\program files\ICQ6.5
2009-06-27 15:34 . 2009-06-26 17:58 -------- d-----w- d:\documents and settings\All Users\Application Data\ICQ
2009-06-27 15:33 . 2009-06-27 14:53 -------- d-----w- d:\program files\ICQ6
2009-06-27 14:39 . 2009-06-26 23:17 -------- d-----w- d:\documents and settings\drummer\Application Data\ICQLite
2009-06-18 15:44 . 2009-06-18 15:44 -------- d-----w- d:\documents and settings\All Users\Application Data\LogMeIn
2009-06-17 20:57 . 2009-06-17 20:57 -------- d-----w- d:\program files\Atheros
2009-06-17 20:57 . 2009-04-25 14:16 -------- d-----w- d:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 19:12 . 2009-05-21 19:12 78376 ----a-w- d:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-21 19:02 . 2009-05-21 18:55 52770576 ----a-w- d:\documents and settings\drummer\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-07-05 11:20 . 2009-07-05 11:20 122880 ----a-w- d:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-04-15 20:24 . 2009-04-15 20:24 1044480 ----a-w- d:\program files\mozilla firefox\plugins\libdivx.dll
2009-04-15 20:24 . 2009-04-15 20:24 200704 ----a-w- d:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\WININET.DLL
[-] 2004-08-03 22:56 1134080 0657A5B234A9ABB3F0B63E2F422220B5 d:\windows\system32\dllcache\wininet.dll

[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\explorer.exe
[-] 2004-08-03 22:56 2710528 8A5CD5A66652EF0C3A1DA80E1BBD13AA d:\windows\system32\dllcache\explorer.exe

[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\wuauclt.exe
[-] 2004-08-03 22:56 247808 90F22357BDE642442720A09BBCF8031E d:\windows\system32\dllcache\wuauclt.exe

[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\MSHTML.DLL
[-] 2004-08-03 22:56 5198336 A2793E050FE486677885C3F27CCC0C9E d:\windows\system32\dllcache\mshtml.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-08-10_18.35.57 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 11:52 . 2009-08-11 11:52 16384 d:\windows\Temp\Perflib_Perfdata_780.dat
+ 2009-08-11 11:52 . 2009-08-11 11:52 16384 d:\windows\Temp\Perflib_Perfdata_2ec.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 66778 d:\windows\system32\perfc009.dat
+ 2001-08-23 19:00 . 2009-08-11 11:56 66778 d:\windows\system32\perfc009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000004\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 8192 d:\windows\ERDNT\subs\Users\00000002\UsrClass.dat
+ 2001-08-23 19:00 . 2009-08-11 11:56 428160 d:\windows\system32\perfh009.dat
- 2001-08-23 19:00 . 2009-08-09 17:12 428160 d:\windows\system32\perfh009.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
+ 2009-08-10 21:31 . 2009-08-10 21:31 294912 d:\windows\ERDNT\subs\Users\00000006\UsrClass.dat
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000003\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 225280 d:\windows\ERDNT\subs\Users\00000001\NTUSER.DAT
+ 2009-08-10 21:31 . 2009-08-10 21:31 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
- 2009-08-10 18:33 . 2009-08-10 18:33 5373952 d:\windows\ERDNT\subs\Users\00000005\NTUSER.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- d:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2009-05-21 06:25 2094616 ----a-w- d:\program files\BS_Player\tbBS_1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "d:\program files\BS_Player\tbBS_1.dll" [2009-05-21 2094616]

[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIDIA nTune"="d:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-20 81920]
"Skype"="d:\program files\Skype\Phone\Skype.exe" [2008-11-18 21633320]
"msnmsgr"="d:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Lite"="e:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
"Google Update"="d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-11 133104]
"ALLUpdate"="e:\program files\ALLPlayer\ALLUpdate.exe" [2008-11-24 869888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LManager"="d:\progra~1\LAUNCH~1\LManager.exe" [2007-07-23 752136]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2009-02-20 8433664]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2009-02-20 81920]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"H2O"="d:\program files\SyncroSoft\Pos\H2O\cledx.exe" [2007-12-11 307200]
"LogMeIn GUI"="d:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-07-24 63048]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-06-30 148888]
"Google Desktop Search"="d:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-05 30192]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2008-09-30 16864768]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2009-02-20 1626112]

d:\documents and settings\drummer\Start Menu\Programs\Startup\
hamachi.lnk - d:\program files\Hamachi\hamachi.exe [2009-7-23 625952]
Y'z Toolbar.lnk - d:\windows\Packs\Crystal XP\YzToolbar\YzToolbar.exe [2009-4-20 90112]

d:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - e:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
BlueSoleil.lnk - d:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-7-27 1183744]
InterVideo WinCinema Manager.lnk - e:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-5-17 114688]
Microsoft Office.lnk - e:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-7 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-16 18:35 87352 ----a-w- d:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"e:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"d:\\Program Files\\ICQ6.5\\ICQ.exe"=
"e:\\Program Files\\iTunes\\iTunes.exe"=
"e:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"e:\\Worms 4 Mayhem\\Worms 4 - Mayhem\\WORMS 4 MAYHEM.EXE"=
"e:\\worms\\WWP\\wwp.exe"=
"e:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [21.12.2007 8:21 33800]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21.12.2007 8:21 468224]
R2 ICQ Service;ICQ Service;d:\program files\ICQ6Toolbar\ICQ Service.exe [26.6.2009 19:58 222968]
R2 LMIInfo;LogMeIn Kernel Information Provider;d:\program files\LogMeIn\x86\rainfo.sys [24.7.2008 18:46 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;d:\windows\system32\drivers\LMIRfsDriver.sys [18.6.2009 17:44 47640]
R3 CLEDX;Team H2O CLEDX service;d:\windows\system32\drivers\cledx.sys [27.4.2009 18:38 33792]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;d:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5.7.2009 13:20 30192]
S3 iadusb;MT882;d:\windows\system32\drivers\glauiad.sys [19.7.2009 17:23 30336]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-08-08 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2009-08-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003Core.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]

2009-08-11 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1644491937-1979792683-725345543-1003UA.job
- d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-11 18:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
uInternet Connection Wizard,ShellNext = login.live.com/ppsecure/sha1auth.srf?lc=1033
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - e:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
TCP: {512B50B8-37F8-4254-AA4E-70F697A51494} = 77.239.64.19,77.239.64.20
FF - ProfilePath - d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll
FF - component: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: d:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - component: d:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: d:\documents and settings\drummer\Application Data\Mozilla\Firefox\Profiles\v28llpsn.default\extensions\LogMeInClient@logmein.com\plugins\npRACtrl.dll
FF - plugin: d:\documents and settings\drummer\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: e:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: e:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll
FF - plugin: e:\program files\DivX\DivX Web Player\npdivx32.dll
FF - plugin: e:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: e:\program files\iTunes\Mozilla Plugins\npitunes.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-08-11 20:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1979792683-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0D652261-5448-9EDE-3CCB-097AABB7C6BF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"hanffdagmghdhjno"=hex:61,61,00,7c
"janffdagmghdhjnoamen"=hex:63,61,6d,70,64,67,00,7c
"pafhiebijaefgmnlkidbdklaeknimjij"=hex:64,61,65,6a,61,69,6e,64,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
d:\windows\system32\LMIinit.dll
.
Completion time: 2009-08-11 20:45
ComboFix-quarantined-files.txt 2009-08-11 18:45
ComboFix2.txt 2009-08-10 21:36
ComboFix3.txt 2009-08-10 18:38
ComboFix4.txt 2009-04-26 20:50

Pre-Run: 2.086.400.000 bytes free
Post-Run: 2.027.507.712 bytes free

265

Dopuna: 11 Avg 2009 21:17

Jel' sad valja?? Very Happy

Poslao: 11 Avg 2009 21:42
Idi na vrh
offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Kakvo je sada stanje?

MyCity » Ambulanta -> Arhiva Ambulante » windows live messenger problem!!

Ko je trenutno na forumu
 

Ukupno su 1071 korisnika na forumu :: 29 registrovanih, 3 sakrivenih i 1039 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., anbeast, ccoogg123, DejanSt, DonRumataEstorski, esx66, galerija, GandorCC, HrcAk47, Ilija Cvorovic, Još malo pa deda, kolle.the.kid, krkalon, Leonov, mercedesamg, Mercury, Metanoja, mnn2, Nikolaa11, raptorsi, ruger357, Shinobi, vathra, vlajkox, vukovi, zeo, zixmix, |_MeD_|, žeks62