Antivirus 2009

1

Antivirus 2009

offline
  • Pridružio: 10 Okt 2008
  • Poruke: 38
  • Gde živiš: Rijeka

Dobar dan!

Molila bih pomoć u vezi Antivirusa 2009 (spyware ili virus), koji mi se uvukao u kmpjuter i nikako se ne da maknuti. Možda zato što ne mogu pokrenuti niti jedan drugi zaštitni program.
Imam Kasperski antivirus, ali se ne pokreće ni u Safe modu. Spyboth isto tako. Baš ništa! Čak i kad u Control panelu pokušavam promjeniti opciju da u kompjuteru nije aktivna antivirusna zaštita, otvara mi se internetska stranica na kojoj traže da se kupi taj Antivirus 2009. U Tray-u mi je ikona - crveni kružić sa bijelim križem u sredini, koja se nikako ne da maknuti i koja svako toliko izbacuje prozor "upozorenja", u smislu da instaliram taj "antivirusni program".
Sve se dogodilo nakon instalacije codecs pack-a za WMP 11 (jer mi nije htio reproducirati MPEG datoteke). Deinstalacija tog codec packa nije pomogla.
Hvala na svakom savjetu! Pozdrav!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...

Trebaće nam HijackTHis logfile:

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 10 Okt 2008
  • Poruke: 38
  • Gde živiš: Rijeka

Evo, sad ću ga pokušati napraviti. Pokušala sam i prije, ali nije se mogao pokrenuti HijackThis. Ali, zahvaljujući ovom forumu i vama u ambulanti (posebno vama u ambulanti), učim po malo... pišem u notes, pamtim...
Nije da radim najispravnije, sigurno pogriješim milijardu puta. Ipak, sada sam skenirala kompjuter sa Trojan Remowerom. POJAVIO se Kasperski, i nema one ikone u tray-u. Pojma nemam šta se dogodilo niti znam objasniti log. Ali, onog čuda nema.
Svejedno bih vam bila jako zahvalna ako bi vi to sve još malo pogledali.
Idem skenirati HijackThis-om...

Dopuna: 09 Nov 2008 14:01

dreamer050 ::Evo, sad ću ga pokušati napraviti. Pokušala sam i prije, ali nije se mogao pokrenuti HijackThis. Ali, zahvaljujući ovom forumu i vama u ambulanti (posebno vama u ambulanti), učim po malo... pišem u notes, pamtim...
Nije da radim najispravnije, sigurno pogriješim milijardu puta. Ipak, sada sam skenirala kompjuter sa Trojan Remowerom. POJAVIO se Kasperski, i nema one ikone u tray-u. Pojma nemam šta se dogodilo niti znam objasniti log. Ali, onog čuda nema.
Svejedno bih vam bila jako zahvalna ako bi vi to sve još malo pogledali.
Idem skenirati HijackThis-om...


***** THE SYSTEM HAS BEEN RESTARTED *****
9.11.2008 13:37:24: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
C:\WINDOWS\system32\drivers\beep.sys has been renamed to C:\WINDOWS\system32\drivers\beep.sys.vir
=======================================================
Deleting the following registry value(s):
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[brastk] - already deleted
=======================================================
9.11.2008 13:37:24: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 13:33:14 09 stu 2008
Using Database v7193
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Natasa\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Natasa\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
13:33:14: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
13:33:14: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
13:33:14: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:33:15: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1033728 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26112 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
514560 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Media Codec Update Service
Value Data: C:\Program Files\Essentials Codec Pack\update.exe -silent
C:\Program Files\Essentials Codec Pack\update.exe [file not found to scan]
--------------------
Value Name: AVP
Value Data: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
227856 bytes
Created: 8.2.2008
Modified: 8.2.2008
Company: Kaspersky Lab
--------------------
Value Name: UnlockerAssistant
Value Data: "C:\Program Files\Unlocker\UnlockerAssistant.exe"
C:\Program Files\Unlocker\UnlockerAssistant.exe
15872 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24.8.2007
Modified: 24.8.2007
Company: Microsoft Corporation
--------------------
Value Name: SoundMan
Value Data: SOUNDMAN.EXE
C:\WINDOWS\SOUNDMAN.EXE
-R- 77824 bytes
Created: 7.11.2008
Modified: 14.6.2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: PWRISOVM.EXE
Value Data: C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
167936 bytes
Created: 2.11.2008
Modified: 2.11.2008
Company: PowerISO Computing, Inc.
--------------------
Value Name: Ulead AutoDetector v2
Value Data: C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
95504 bytes
Created: 2.8.2007
Modified: 2.8.2007
Company: Ulead Systems, Inc.
--------------------
Value Name: Adobe Reader Speed Launcher
Value Data: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
39792 bytes
Created: 15.10.2008
Modified: 15.10.2008
Company: Adobe Systems Incorporated
--------------------
Value Name: UVS11 Preload
Value Data: C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
341232 bytes
Created: 3.3.2007
Modified: 23.7.2007
Company: InterVideo Digital Technology Corporation
--------------------
Value Name: Antivirus Pro 2009
Value Data: "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 9.11.2008
Modified: 9.11.2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
C:\Program Files\MSN Messenger\MsnMsgr.Exe
5674352 bytes
Created: 19.1.2007
Modified: 19.1.2007
Company: Microsoft Corporation
--------------------
Value Name: brastk
Value Data: C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\brastk.exe
9728 bytes
Created: 9.11.2008
Modified: 9.11.2008
Company:
C:\WINDOWS\system32\brastk.exe appears to contain: TROJAN.FAKEALERT
C:\WINDOWS\system32\brastk.exe - this registry value has been removed [no action requested on file]
--------------------

************************************************************
13:33:41: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24.8.2007
Modified: 24.8.2007
Company: Microsoft Corporation
----------

************************************************************
13:33:41: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:33:41: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\System32\logon.scr
C:\WINDOWS\System32\logon.scr
220672 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
--------------------

************************************************************
13:33:41: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2428 bytes
Created: 25.8.2006
Modified: 25.8.2006
Company:
----------

************************************************************
13:33:41: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: UxTuneUp
Path: %SystemRoot%\System32\uxtuneup.dll
C:\WINDOWS\System32\uxtuneup.dll
28416 bytes
Created: 7.11.2008
Modified: 29.5.2008
Company: TuneUp Software GmbH
--------------------

************************************************************
13:33:42: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 2.6.2008
Modified: 2.6.2008
Company: Lavasoft
----------
Key: AVP
ImagePath: "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
227856 bytes
Created: 8.2.2008
Modified: 8.2.2008
Company: Kaspersky Lab
----------
Key: Capture Device Service
ImagePath: "C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe"
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
198168 bytes
Created: 6.3.2007
Modified: 6.3.2007
Company: InterVideo Inc.
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
46104 bytes
Created: 29.7.2008
Modified: 29.7.2008
Company: Microsoft Corporation
----------
Key: HSFHWBS2
ImagePath: system32\DRIVERS\HSFBS2S2.sys
C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
220032 bytes
Created: 7.11.2008
Modified: 3.8.2004
Company: Conexant Systems, Inc.
----------
Key: HSF_DP
ImagePath: system32\DRIVERS\HSFDPSP2.sys
C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
1041536 bytes
Created: 7.11.2008
Modified: 3.8.2004
Company: Conexant Systems, Inc.
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
881664 bytes
Created: 29.7.2008
Modified: 29.7.2008
Company: Microsoft Corporation
----------
Key: kl1
ImagePath: system32\drivers\kl1.sys
C:\WINDOWS\system32\drivers\kl1.sys
112144 bytes
Created: 31.10.2007
Modified: 7.11.2008
Company: Kaspersky Lab
----------
Key: klif
ImagePath: \??\C:\WINDOWS\system32\drivers\klif.sys
C:\WINDOWS\system32\drivers\klif.sys
195344 bytes
Created: 28.12.2007
Modified: 28.12.2007
Company: Kaspersky Lab
----------
Key: klim5
ImagePath: system32\DRIVERS\klim5.sys
C:\WINDOWS\system32\DRIVERS\klim5.sys
24592 bytes
Created: 13.12.2007
Modified: 13.12.2007
Company: Kaspersky Lab
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 7.11.2008
Modified: 17.8.2001
Company: Microsoft Corporation
----------
Key: NMSAccessU
ImagePath: C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
71096 bytes
Created: 7.11.2008
Modified: 15.6.2008
Company:
----------
Key: ScsiAccess
ImagePath: C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
181312 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company:
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0D820EE1-D1C0-4A6A-94F0-2C2E67841525}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 4.8.2004
Modified: 14.4.2008
Company: Microsoft Corporation
----------
Key: TuneUp.Defrag
ImagePath: %SystemRoot%\System32\TuneUpDefragService.exe
C:\WINDOWS\System32\TuneUpDefragService.exe
355584 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company: TuneUp Software GmbH
----------
Key: UleadBurningHelper
ImagePath: C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
67056 bytes
Created: 3.3.2007
Modified: 3.3.2007
Company: Ulead Systems, Inc.
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 2.5.2008
Modified: 2.5.2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19.1.2007
Modified: 19.1.2007
Company: Microsoft Corporation
----------
Key: winachsf
ImagePath: system32\DRIVERS\HSFCXTS2.sys
C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
685056 bytes
Created: 7.11.2008
Modified: 3.8.2004
Company: Conexant Systems, Inc.
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25.10.2007
Modified: 25.10.2007
Company: Microsoft Corporation
----------

************************************************************
13:33:45: Scanning -----VXD ENTRIES-----

************************************************************
13:33:45: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : klogon
DLLName: C:\WINDOWS\system32\klogon.dll
C:\WINDOWS\system32\klogon.dll
219664 bytes
Created: 8.2.2008
Modified: 8.2.2008
Company: Kaspersky Lab
----------

************************************************************
13:33:45: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Glary Utilities
CLSID: {72923739-5A47-40A3-9895-25AF0DFBB9E4}
Path: C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
C:\PROGRA~1\GLARYU~1\CONTEX~1.DLL
31744 bytes
Created: 7.11.2008
Modified: 31.1.2008
Company: GlarySoft.com
----------
Key: Kaspersky Anti-Virus
CLSID: {dd230880-495a-11d1-b064-008048ec2fc5}
Path: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll
55824 bytes
Created: 8.2.2008
Modified: 8.2.2008
Company: Kaspersky Lab
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 2.11.2008
Modified: 2.11.2008
Company: PowerISO Computing, Inc.
----------
Key: TuneUp Shredder Shell Extension
CLSID: {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
Path: C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll
27656 bytes
Created: 27.5.2008
Modified: 27.5.2008
Company: TuneUp Software GmbH
----------

************************************************************
13:33:45: Scanning ----- FOLDER\COLUMNHANDLERS -----

************************************************************
13:33:45: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

************************************************************
13:33:45: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18.10.2006
Modified: 18.10.2006
Company: Microsoft Corporation
----------

************************************************************
13:33:45: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:33:45: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:33:45: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [karna.dat]
File: karna.dat
C:\WINDOWS\system32\karna.dat
6144 bytes
Created: 9.11.2008
Modified: 9.11.2008
Company:
C:\WINDOWS\system32\karna.dat appears to contain: TROJAN.FAKEALERT
C:\WINDOWS\system32\karna.dat - this reference will be removed
karna.dat - file renamed to: karna.dat.vir
----------

************************************************************
13:33:57: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:33:57: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
-HS- 84 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company:
--------------------

************************************************************
13:33:58: Scanning ------ USER STARTUP GROUPS ------
--------------------
Checking Startup Group for: Administrator
[C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP]
The Startup Group for Administrator attempts to load the following file(s):
C:\Documents and Settings\Administrator\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 9.11.2008
Modified: 7.11.2008
Company:
----------
--------------------
Checking Startup Group for: Natasa
[C:\Documents and Settings\Natasa\START MENU\PROGRAMS\STARTUP]
The Startup Group for Natasa attempts to load the following file(s):
C:\Documents and Settings\Natasa\START MENU\PROGRAMS\STARTUP\desktop.ini
-HS- 84 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company:
----------

************************************************************
13:33:58: Scanning ----- SCHEDULED TASKS -----
Taskname: 1-Click Maintenance.job
File: C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
903936 bytes
Created: 20.6.2008
Modified: 20.6.2008
Company: TuneUp Software GmbH
Parameters: /schedulestart
Next Run Time: 9.11.2008 14:00:00
Status: The task is ready to run at its next scheduled time
Creator: Natasa
Comments: Runs 1-Click Maintenance at specified times
----------
Taskname: GlaryInitialize.job
File: C:\Program Files\Glary Utilities\initialize.exe
C:\Program Files\Glary Utilities\initialize.exe
79360 bytes
Created: 7.11.2008
Modified: 18.7.2008
Company: GlarySoft.com
Parameters: [blank]
Next Run Time: Never
Status: The task is ready to run at its next scheduled time
Creator: Natasa
Comments: Glary Utilities Initialization
----------

************************************************************
13:33:58: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
13:33:58: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Checking for specific malicious files:
C:\WINDOWS\system32\brastk.exe - Trojan.FakeAlert
C:\WINDOWS\system32\brastk.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\brastk.exe - file renamed to: C:\WINDOWS\system32\brastk.exe.vir
C:\WINDOWS\brastk.exe - Trojan.FakeAlert
C:\WINDOWS\brastk.exe - process is either not running or could not be terminated
C:\WINDOWS\brastk.exe - file renamed to: C:\WINDOWS\brastk.exe.vir
----------
Desktop Wallpaper: C:\Documents and Settings\Natasa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Natasa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Natasa\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 7.11.2008
Modified: 7.11.2008
Company:
----------
C:\WINDOWS\system32\drivers\BEEP.SYS appears to be maliciously patched
C:\WINDOWS\system32\dllcache\beep.sys - this driver copy has been maliciously patched
C:\WINDOWS\system32\dllcache\beep.sys - file renamed to: C:\WINDOWS\system32\dllcache\beep.sys.vir
C:\WINDOWS\system32\drivers\beep.sys - file backed up to C:\WINDOWS\system32\drivers\beep.sys.vir
C:\WINDOWS\system32\drivers\beep.sys - file has been neutralised
----------
Additional checks completed

************************************************************
13:34:48: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[11 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[61 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[47 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[38 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[167 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[44 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[145 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[56 loaded modules in total]
--------------------
C:\Program Files\Unlocker\UnlockerAssistant.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe - file already scanned
[45 loaded modules in total]
--------------------
C:\WINDOWS\SOUNDMAN.EXE - file already scanned
[25 loaded modules in total]
--------------------
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe - file already scanned
[68 loaded modules in total]
--------------------
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\Program Files\CDBurnerXP\NMSAccessU.exe - file already scanned
[13 loaded modules in total]
--------------------
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe - file already scanned
[5 loaded modules in total]
--------------------
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe - file already scanned
[5 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[90 loaded modules in total]
--------------------
C:\Documents and Settings\Natasa\Application Data\Simply Super Software\Trojan Remover\ssv2D.exe
FileSize: 2618232
[This is a Trojan Remover component]
[25 loaded modules in total]
--------------------

************************************************************
13:35:09: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
13:35:09: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
13:35:09: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
13:35:09: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Natasa\LOCALS~1\Temp\etilqs_XPGGeeWBpesSeeRNabNC appears to be in-use/locked
************************************************************
13:36:14: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
************************************************************
13:36:16: Scanning ------ ROOT DIRECTORY ------

************************************************************
13:36:17: ------ Scan for other files to remove ------
No malware-related files found to remove

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
google.com
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
google.com
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
google.com

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 13:36:17 09 stu 2008
Total Scan time: 00:03:02
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
9.11.2008 13:36:23: restart commenced
************************************************************

Dopuna: 09 Nov 2008 14:11

Evo loga od HijackThisa...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:06:39, on 9.11.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Natasa\Desktop\New Folder\Nt1.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UVS11 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [Antivirus Pro 2009] "C:\Program Files\AntivirusPro2009\AntivirusPro2009.exe" /hide
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A12DD17-448A-4348-BCC6-867949128432}: NameServer = 195.29.149.197 195.29.149.196
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 5526 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Yup, Trojan Remover je odradio jedan deo posla. Hajde da vidimo šta je preostalo.



* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.


Takođe, isključi i Trojan Remover.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 10 Okt 2008
  • Poruke: 38
  • Gde živiš: Rijeka

Žao mi je... potrajalo je s isključivanjem onog Trojan Removera. Ne znam je li u redu, ali ja ga drugačije nisam znala isključiti (osim deinstalacije), pa sam ga isključila TuneUp-om... (ne znam kako se miču programi u Start up-u iz Windowsa. Čisto me sramota priznati, ali moram valjda, da bi log bio u redu).
Osim toga, instalirala se ona Consola. Iako ni s njom ne znam što ću, negdje ste nekom napisali da je dobro da je instalira, pa eto... Neće smetati...

Hvala Vam na strpljenju! Evo loga:


ComboFix 08-11-07.01 - Natasa 2008-11-09 15:11:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.619 [GMT 1:00]
Running from: c:\documents and settings\Natasa\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Natasa\Application Data\Adobe\crc.dat
c:\documents and settings\Natasa\Application Data\Rapid Antivirus
c:\documents and settings\Natasa\Application Data\Rapid Antivirus\base.dat
c:\documents and settings\Natasa\Application Data\Rapid Antivirus\base2.dat
c:\documents and settings\Natasa\Application Data\Rapid Antivirus\Desc.dat
c:\documents and settings\Natasa\Application Data\Rapid Antivirus\Rapid Antivirus.ini
c:\documents and settings\Natasa\Application Data\Rapid Antivirus\spline.dat
c:\program files\PCHealthCenter
c:\program files\PCHealthCenter\0.gif
c:\program files\PCHealthCenter\1.gif
c:\program files\PCHealthCenter\1.ico
c:\program files\PCHealthCenter\2.gif
c:\program files\PCHealthCenter\2.ico
c:\program files\PCHealthCenter\3.exe
c:\program files\PCHealthCenter\3.gif
c:\program files\PCHealthCenter\foo.txt
c:\program files\PCHealthCenter\sc.html
c:\windows\karna.dat
c:\windows\MS_VXD_Ext.DLL
c:\windows\system32\_scui.cpl
c:\windows\system32\1.ico
c:\windows\system32\2.ico
c:\windows\system32\wini1087100.exe

----- BITS: Possible infected sites -----

hxxp://78.157.143.163
.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 13:44 . 2008-11-09 13:44 <DIR> d-------- c:\windows\LastGood
2008-11-09 13:42 . 2004-08-04 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-09 13:42 . 2004-08-04 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-09 13:34 . 2008-11-09 13:34 27,648 --a------ c:\windows\system32\drivers\beep.sys.vir
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\program files\Trojan Remover
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Simply Super Software
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-09 13:32 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-09 13:32 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-09 13:32 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-09 13:32 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-09 13:32 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-09 13:10 . 2008-11-09 13:12 <DIR> d-------- c:\program files\AntivirusPro2009
2008-11-09 12:51 . 2008-11-09 12:51 <DIR> d-------- c:\documents and settings\Administrator
2008-11-09 12:35 . 2008-11-09 12:35 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-09 12:07 . 2008-11-09 13:06 9,728 --a------ c:\windows\brastk.exe.vir
2008-11-09 12:07 . 2008-11-09 13:06 6,144 --a------ c:\windows\system32\karna.dat.vir
2008-11-09 12:06 . 2008-11-09 12:06 133,120 --a------ C:\oskkofa.exe
2008-11-09 12:06 . 2008-11-09 13:06 9,728 --a------ c:\windows\system32\brastk.exe.vir
2008-11-09 12:06 . 2008-11-09 12:06 7,680 --a------ C:\oiecbhm.exe
2008-11-09 12:05 . 2008-11-09 12:05 5,314,010 --a------ c:\windows\system32\ALL CODECS For Windows Media Player - Will Play ALL Movies.exe
2008-11-09 06:25 . 2008-11-09 06:25 <DIR> d-------- c:\program files\Windows Media Bonus Pack for Windows XP
2008-11-09 06:25 . 2001-11-30 19:05 131,072 --a------ c:\windows\system32\dzip32.dll
2008-11-09 06:25 . 2001-11-30 19:05 110,592 --a------ c:\windows\system32\dunzip32.dll
2008-11-09 06:18 . 2008-11-09 12:35 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-09 06:16 . 2008-11-09 12:35 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-09 05:20 . 2008-11-09 05:43 67 --a------ c:\windows\#1 Video Converter.INI
2008-11-09 04:43 . 2008-11-09 04:43 <DIR> d-------- c:\documents and settings\Natasa\Application Data\GRETECH
2008-11-09 04:42 . 2008-11-09 04:42 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Media Player Classic
2008-11-09 01:51 . 2008-11-09 11:04 38 --a------ c:\windows\AviSplitter.INI
2008-11-08 21:45 . 2008-11-08 21:45 <DIR> d-------- c:\program files\Mpeg2Decoder
2008-11-08 19:50 . 2008-11-08 19:50 356,352 --a------ c:\windows\eSellerateEngine.dll
2008-11-08 18:10 . 2008-11-08 18:10 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Canneverbe_Limited
2008-11-08 14:18 . 2008-11-08 14:18 0 --a------ c:\windows\system32\QuickTime.qtp
2008-11-08 14:10 . 2008-11-08 14:58 13 --a------ c:\windows\system32\WinSys16.crc
2008-11-08 14:08 . 2008-11-08 14:08 <DIR> d-------- c:\program files\CoffeeCup Software
2008-11-08 13:31 . 2003-12-14 09:20 5,557,248 --------- c:\windows\system32\QuickTime.qts
2008-11-08 13:31 . 2005-07-20 19:05 75,264 --------- c:\windows\system32\zlib1.dll
2008-11-08 01:28 . 2008-11-08 01:28 <DIR> d-------- c:\documents and settings\Natasa\Application Data\MOVAVI
2008-11-08 01:00 . 2008-11-08 01:00 4,808 --a------ c:\windows\system32\gaeffect.sti
2008-11-08 01:00 . 2008-11-08 01:00 3,176 --a------ c:\windows\system32\gafilter.sti
2008-11-08 00:57 . 1999-10-15 12:50 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2008-11-08 00:57 . 1999-01-28 15:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2008-11-08 00:57 . 2008-11-08 14:57 528 --a------ c:\windows\ULEAD32.INI
2008-11-08 00:47 . 2008-11-09 12:39 97 --ah----- c:\windows\winshell.dat
2008-11-08 00:43 . 2008-11-09 12:53 <DIR> d-------- c:\program files\Dachshund Software
2008-11-08 00:43 . 2008-11-08 00:44 92 --ah----- c:\windows\wininf.dat
2008-11-08 00:41 . 2008-11-08 13:31 <DIR> d-------- c:\windows\system32\QuickTime
2008-11-08 00:41 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\windows\system32\Flash
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\program files\TechSmith
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-11-08 00:32 . 2008-11-08 00:34 <DIR> d-------- c:\program files\Registry Genius
2008-11-08 00:32 . 2008-11-08 00:32 42 --a------ c:\windows\system32\RegistryGenius.lie
2008-11-08 00:29 . 2008-11-08 00:29 <DIR> d-------- c:\program files\VSTplugins
2008-11-08 00:29 . 2008-11-09 03:06 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Sony
2008-11-08 00:29 . 2008-11-09 03:43 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Publish Providers
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\program files\Sony Setup
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\program files\Sony
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:12 . 2008-11-08 00:12 <DIR> d-------- c:\documents and settings\Natasa\Application Data\GlarySoft
2008-11-07 23:07 . 2008-11-07 23:07 <DIR> d-------- c:\program files\Deskshare
2008-11-07 23:07 . 2008-11-07 23:07 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-11-07 23:07 . 2004-12-07 10:11 258,352 --a------ c:\windows\system32\Unicows.dll
2008-11-07 21:40 . 2008-11-07 21:58 <DIR> d-------- c:\program files\Batch Watermark Creator
2008-11-07 17:59 . 2008-11-07 19:25 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Ulead Systems
2008-11-07 17:52 . 2008-11-07 17:52 <DIR> d-------- c:\documents and settings\Natasa\Application Data\InstallShield
2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\program files\Common Files\InterVideo
2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\InterVideo
2008-11-07 17:51 . 2007-03-06 11:58 210,456 --a------ c:\windows\system32\IVIresizeW7.dll
2008-11-07 17:51 . 2007-03-06 11:58 206,360 --a------ c:\windows\system32\IVIresizeA6.dll
2008-11-07 17:51 . 2007-03-06 11:58 198,168 --a------ c:\windows\system32\IVIresizeP6.dll
2008-11-07 17:51 . 2007-03-06 11:58 198,168 --a------ c:\windows\system32\IVIresizeM6.dll
2008-11-07 17:51 . 2007-03-06 11:58 194,072 --a------ c:\windows\system32\IVIresizePX.dll
2008-11-07 17:51 . 2007-03-06 11:58 26,136 --a------ c:\windows\system32\IVIresize.dll
2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Windows Media Components
2008-11-07 17:48 . 2008-11-08 00:57 <DIR> d-------- c:\program files\Ulead Systems
2008-11-07 17:39 . 2008-11-07 17:40 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-07 17:09 . 2008-11-07 17:09 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-07 17:09 . 2008-11-07 17:11 <DIR> d-------- c:\documents and settings\Natasa\Contacts
2008-11-07 17:08 . 2008-11-07 17:08 <DIR> d-------- c:\program files\MSN Messenger
2008-11-07 16:27 . 2008-11-07 16:29 <DIR> d-------- c:\program files\Video Watermark Factory
2008-11-07 16:27 . 2002-10-06 20:37 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-07 16:10 . 2008-11-07 16:10 21 --a------ c:\windows\system32\lsautoe
2008-11-07 16:09 . 2008-11-07 16:09 <DIR> d-------- c:\program files\Longtion
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_FILES_CFX2.INI
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_FILES_CFX1.INI
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_DIR_CFX1.INI
2008-11-07 15:09 . 2004-03-09 00:00 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2008-11-07 15:09 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2008-11-07 15:02 . 2008-11-07 15:02 <DIR> d-------- c:\program files\GetDiz
2008-11-07 15:02 . 2008-11-07 15:02 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Outertech
2008-11-07 14:55 . 2008-11-07 14:56 <DIR> d-------- c:\program files\EH Rjecnik
2008-11-07 14:48 . 2008-11-07 14:48 <DIR> d-------- c:\program files\Privacy Mantra 2.02
2008-11-07 14:47 . 2008-11-07 14:47 <DIR> d-------- c:\program files\CCleaner
2008-11-07 14:43 . 2008-11-07 14:43 <DIR> d-------- c:\program files\CDBurnerXP
2008-11-07 14:37 . 2008-11-07 14:37 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-07 14:37 . 2008-11-07 14:37 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-07 14:33 . 2008-11-07 14:37 <DIR> d-------- C:\f6b27c2ff8c3b01cba450e2a2140cc
2008-11-07 14:33 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-07 14:33 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-07 14:33 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-07 14:33 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-07 14:33 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-07 14:33 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-07 14:33 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-07 14:21 . 2008-11-07 14:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-07 14:21 . 2008-11-07 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 14:14 . 2008-11-07 14:14 <DIR> d-------- c:\program files\Corel
2008-11-07 14:14 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-07 14:14 . 2008-11-07 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-07 14:13 . 2008-11-07 14:13 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-07 13:51 . 2008-11-07 13:51 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 13:51 . 2008-11-07 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 13:47 . 2008-11-07 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Movavi VideoSuite 5
2008-11-07 13:39 . 2008-11-07 13:39 0 --a------ C:\Setup_ver1.1697.2.exe
2008-11-07 13:30 . 2008-11-07 13:30 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 13:30 . 2008-11-07 13:30 <DIR> d-------- c:\program files\AC3Filter
2008-11-07 13:30 . 2007-06-07 20:11 380,928 --a------ c:\windows\system32\ac3filter.acm
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\program files\Photodex Presenter
2008-11-07 13:22 . 2008-11-07 23:10 <DIR> d-------- c:\program files\Photodex
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Photodex
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Netscape
2008-11-07 12:54 . 2008-11-07 12:54 <DIR> d--h----- c:\windows\Icons

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 14:17 3,836,704 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-09 14:17 274,208 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-09 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-09 12:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-09 12:36 57,596 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-09 12:36 29,360 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-09 11:35 --------- d-----w c:\documents and settings\Natasa\Application Data\uTorrent
2008-11-08 12:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 16:57 --------- d-----w c:\program files\Unlocker
2008-11-07 16:51 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-07 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-07 12:28 --------- d-----w c:\program files\uTorrent
2008-11-07 04:48 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-07 04:48 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-07 04:48 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-07 04:44 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-07 04:42 --------- d-----w c:\documents and settings\Natasa\Application Data\URSoft
2008-11-07 04:41 --------- d-----w c:\documents and settings\Natasa\Application Data\Desktopicon
2008-11-07 04:35 --------- d-----w c:\program files\Kaspersky Lab
2008-11-07 04:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-07 04:28 --------- d-----w c:\documents and settings\Natasa\Application Data\0000005738
2008-11-07 04:23 --------- d-----w c:\program files\Elecard
2008-11-07 04:23 --------- d-----w c:\program files\Common Files\Elecard
2008-11-07 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-07 04:18 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-07 04:14 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-07 04:14 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-07 04:14 --------- d-----w c:\documents and settings\Natasa\Application Data\TuneUp Software
2008-11-07 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-07 04:02 --------- d-----w c:\program files\microsoft frontpage
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 NMSAccessU;NMSAccessU;c:\program files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-07 355584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-11-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Media Codec Update Service - c:\program files\Essentials Codec Pack\update.exe
HKLM-Run-Antivirus Pro 2009 - c:\program files\AntivirusPro2009\AntivirusPro2009.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Natasa\Application Data\Mozilla\Firefox\Profiles\al4xcypj.default\
FF -: plugin - c:\documents and settings\Natasa\Application Data\Mozilla\plugins\npPxPlay.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-09 15:17:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-09 15:19:38
ComboFix-quarantined-files.txt 2008-11-09 14:19:35

Pre-Run: 21.552.132.096 bytes free
Post-Run: 21,674,172,416 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

298 --- E O F --- 2008-11-08 01:31:07

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Obriši ovaj file: c:\windows\system32\ALL CODECS For Windows Media Player - Will Play ALL Movies.exe




Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\beep.sys.vir
c:\windows\brastk.exe.vir
c:\windows\system32\karna.dat.vir
C:\oskkofa.exe
c:\windows\system32\brastk.exe.vir
C:\oiecbhm.exe
C:\Setup_ver1.1697.2.exe

Folder::
c:\program files\AntivirusPro2009


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 10 Okt 2008
  • Poruke: 38
  • Gde živiš: Rijeka

Uh... Pogriješila sam. Nisam isključila Kaspersky. Žo mi je... Evo loga:


ComboFix 08-11-07.01 - Natasa 2008-11-09 16:01:16.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.514 [GMT 1:00]
Running from: c:\documents and settings\Natasa\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Natasa\My Documents\CFScript
* Created a new restore point

FILE ::
C:\oiecbhm.exe
C:\oskkofa.exe
C:\Setup_ver1.1697.2.exe
c:\windows\brastk.exe.vir
c:\windows\system32\brastk.exe.vir
c:\windows\system32\drivers\beep.sys.vir
c:\windows\system32\karna.dat.vir
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\oiecbhm.exe
C:\oskkofa.exe
c:\program files\AntivirusPro2009
C:\Setup_ver1.1697.2.exe
c:\windows\brastk.exe.vir
c:\windows\system32\brastk.exe.vir
c:\windows\system32\drivers\beep.sys.vir
c:\windows\system32\karna.dat.vir

.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-09 13:44 . 2008-11-09 13:44 <DIR> d-------- c:\windows\LastGood.Tmp
2008-11-09 13:42 . 2004-08-04 13:00 4,224 --a------ c:\windows\system32\drivers\beep.sys
2008-11-09 13:42 . 2004-08-04 13:00 4,224 --a--c--- c:\windows\system32\dllcache\beep.sys
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\program files\Trojan Remover
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Simply Super Software
2008-11-09 13:32 . 2008-11-09 13:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-09 13:32 . 2006-05-25 14:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-09 13:32 . 2003-02-02 19:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-09 13:32 . 2005-08-26 00:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-09 13:32 . 2002-03-06 00:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-09 13:32 . 2006-06-19 12:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-09 12:51 . 2008-11-09 12:51 <DIR> d-------- c:\documents and settings\Administrator
2008-11-09 12:35 . 2008-11-09 12:35 <DIR> d-------- c:\windows\system32\LogFiles
2008-11-09 06:25 . 2008-11-09 06:25 <DIR> d-------- c:\program files\Windows Media Bonus Pack for Windows XP
2008-11-09 06:25 . 2001-11-30 19:05 131,072 --a------ c:\windows\system32\dzip32.dll
2008-11-09 06:25 . 2001-11-30 19:05 110,592 --a------ c:\windows\system32\dunzip32.dll
2008-11-09 06:18 . 2008-11-09 12:35 <DIR> d-------- c:\program files\Windows Media Connect 2
2008-11-09 06:16 . 2008-11-09 12:35 <DIR> d-------- c:\windows\system32\drivers\UMDF
2008-11-09 05:20 . 2008-11-09 05:43 67 --a------ c:\windows\#1 Video Converter.INI
2008-11-09 04:43 . 2008-11-09 04:43 <DIR> d-------- c:\documents and settings\Natasa\Application Data\GRETECH
2008-11-09 04:42 . 2008-11-09 04:42 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Media Player Classic
2008-11-09 01:51 . 2008-11-09 11:04 38 --a------ c:\windows\AviSplitter.INI
2008-11-08 21:45 . 2008-11-08 21:45 <DIR> d-------- c:\program files\Mpeg2Decoder
2008-11-08 19:50 . 2008-11-08 19:50 356,352 --a------ c:\windows\eSellerateEngine.dll
2008-11-08 18:10 . 2008-11-08 18:10 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Canneverbe_Limited
2008-11-08 14:18 . 2008-11-08 14:18 0 --a------ c:\windows\system32\QuickTime.qtp
2008-11-08 14:10 . 2008-11-08 14:58 13 --a------ c:\windows\system32\WinSys16.crc
2008-11-08 14:08 . 2008-11-08 14:08 <DIR> d-------- c:\program files\CoffeeCup Software
2008-11-08 13:31 . 2003-12-14 09:20 5,557,248 --------- c:\windows\system32\QuickTime.qts
2008-11-08 13:31 . 2005-07-20 19:05 75,264 --------- c:\windows\system32\zlib1.dll
2008-11-08 01:28 . 2008-11-08 01:28 <DIR> d-------- c:\documents and settings\Natasa\Application Data\MOVAVI
2008-11-08 01:00 . 2008-11-08 01:00 4,808 --a------ c:\windows\system32\gaeffect.sti
2008-11-08 01:00 . 2008-11-08 01:00 3,176 --a------ c:\windows\system32\gafilter.sti
2008-11-08 00:57 . 1999-10-15 12:50 1,056,768 --a------ c:\windows\system32\ROBOEX32.DLL
2008-11-08 00:57 . 1999-01-28 15:44 49,152 --a------ c:\windows\system32\INETWH32.dll
2008-11-08 00:57 . 2008-11-08 14:57 528 --a------ c:\windows\ULEAD32.INI
2008-11-08 00:47 . 2008-11-09 12:39 97 --ah----- c:\windows\winshell.dat
2008-11-08 00:43 . 2008-11-09 12:53 <DIR> d-------- c:\program files\Dachshund Software
2008-11-08 00:43 . 2008-11-08 00:44 92 --ah----- c:\windows\wininf.dat
2008-11-08 00:41 . 2008-11-08 13:31 <DIR> d-------- c:\windows\system32\QuickTime
2008-11-08 00:41 . 2008-07-10 14:56 107,864 --a------ c:\windows\system32\tsccvid.dll
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\windows\system32\Flash
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\program files\TechSmith
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\program files\Common Files\TechSmith Shared
2008-11-08 00:40 . 2008-11-08 00:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\TechSmith
2008-11-08 00:32 . 2008-11-08 00:34 <DIR> d-------- c:\program files\Registry Genius
2008-11-08 00:32 . 2008-11-08 00:32 42 --a------ c:\windows\system32\RegistryGenius.lie
2008-11-08 00:29 . 2008-11-08 00:29 <DIR> d-------- c:\program files\VSTplugins
2008-11-08 00:29 . 2008-11-09 03:06 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Sony
2008-11-08 00:29 . 2008-11-09 03:43 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Publish Providers
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\program files\Sony Setup
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\program files\Sony
2008-11-08 00:23 . 2008-11-08 00:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony
2008-11-08 00:12 . 2008-11-08 00:12 <DIR> d-------- c:\documents and settings\Natasa\Application Data\GlarySoft
2008-11-07 23:07 . 2008-11-07 23:07 <DIR> d-------- c:\program files\Deskshare
2008-11-07 23:07 . 2008-11-07 23:07 <DIR> d-------- c:\program files\Common Files\DeskShare Shared
2008-11-07 23:07 . 2004-12-07 10:11 258,352 --a------ c:\windows\system32\Unicows.dll
2008-11-07 21:40 . 2008-11-07 21:58 <DIR> d-------- c:\program files\Batch Watermark Creator
2008-11-07 17:59 . 2008-11-07 19:25 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Ulead Systems
2008-11-07 17:52 . 2008-11-07 17:52 <DIR> d-------- c:\documents and settings\Natasa\Application Data\InstallShield
2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\program files\Common Files\InterVideo
2008-11-07 17:51 . 2008-11-07 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\InterVideo
2008-11-07 17:51 . 2007-03-06 11:58 210,456 --a------ c:\windows\system32\IVIresizeW7.dll
2008-11-07 17:51 . 2007-03-06 11:58 206,360 --a------ c:\windows\system32\IVIresizeA6.dll
2008-11-07 17:51 . 2007-03-06 11:58 198,168 --a------ c:\windows\system32\IVIresizeP6.dll
2008-11-07 17:51 . 2007-03-06 11:58 198,168 --a------ c:\windows\system32\IVIresizeM6.dll
2008-11-07 17:51 . 2007-03-06 11:58 194,072 --a------ c:\windows\system32\IVIresizePX.dll
2008-11-07 17:51 . 2007-03-06 11:58 26,136 --a------ c:\windows\system32\IVIresize.dll
2008-11-07 17:50 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Windows Media Components
2008-11-07 17:48 . 2008-11-08 00:57 <DIR> d-------- c:\program files\Ulead Systems
2008-11-07 17:39 . 2008-11-07 17:40 <DIR> d-------- c:\program files\Common Files\Adobe
2008-11-07 17:09 . 2008-11-07 17:09 <DIR> d----c--- c:\windows\system32\DRVSTORE
2008-11-07 17:09 . 2008-11-07 17:11 <DIR> d-------- c:\documents and settings\Natasa\Contacts
2008-11-07 17:08 . 2008-11-07 17:08 <DIR> d-------- c:\program files\MSN Messenger
2008-11-07 16:27 . 2008-11-07 16:29 <DIR> d-------- c:\program files\Video Watermark Factory
2008-11-07 16:27 . 2002-10-06 20:37 487,424 --a------ c:\windows\system32\msvcp70.dll
2008-11-07 16:10 . 2008-11-07 16:10 21 --a------ c:\windows\system32\lsautoe
2008-11-07 16:09 . 2008-11-07 16:09 <DIR> d-------- c:\program files\Longtion
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_FILES_CFX2.INI
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_FILES_CFX1.INI
2008-11-07 15:10 . 2008-11-07 15:10 817 --a------ c:\windows\WDD_COMPARE_DIR_CFX1.INI
2008-11-07 15:09 . 2004-03-09 00:00 224,016 --a------ c:\windows\system32\TABCTL32.OCX
2008-11-07 15:09 . 2000-05-22 01:00 203,976 --a------ c:\windows\system32\RICHTX32.OCX
2008-11-07 15:02 . 2008-11-07 15:02 <DIR> d-------- c:\program files\GetDiz
2008-11-07 15:02 . 2008-11-07 15:02 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Outertech
2008-11-07 14:55 . 2008-11-07 14:56 <DIR> d-------- c:\program files\EH Rjecnik
2008-11-07 14:48 . 2008-11-07 14:48 <DIR> d-------- c:\program files\Privacy Mantra 2.02
2008-11-07 14:47 . 2008-11-07 14:47 <DIR> d-------- c:\program files\CCleaner
2008-11-07 14:43 . 2008-11-07 14:43 <DIR> d-------- c:\program files\CDBurnerXP
2008-11-07 14:37 . 2008-11-07 14:37 <DIR> d-------- c:\windows\system32\XPSViewer
2008-11-07 14:37 . 2008-11-07 14:37 <DIR> d-------- c:\program files\Reference Assemblies
2008-11-07 14:33 . 2008-11-07 14:37 <DIR> d-------- C:\f6b27c2ff8c3b01cba450e2a2140cc
2008-11-07 14:33 . 2008-07-06 13:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2008-11-07 14:33 . 2008-07-06 13:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2008-11-07 14:33 . 2008-07-06 11:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2008-11-07 14:33 . 2008-07-06 13:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2008-11-07 14:33 . 2008-07-06 13:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2008-11-07 14:33 . 2008-07-06 13:06 117,760 --------- c:\windows\system32\prntvpt.dll
2008-11-07 14:33 . 2008-07-06 13:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2008-11-07 14:21 . 2008-11-07 14:22 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-11-07 14:21 . 2008-11-07 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-11-07 14:14 . 2008-11-07 14:14 <DIR> d-------- c:\program files\Corel
2008-11-07 14:14 . 2008-11-07 17:50 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2008-11-07 14:14 . 2008-11-07 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems
2008-11-07 14:13 . 2008-11-07 14:13 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-07 13:51 . 2008-11-07 13:51 <DIR> d-------- c:\program files\Lavasoft
2008-11-07 13:51 . 2008-11-07 13:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-11-07 13:47 . 2008-11-07 13:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Movavi VideoSuite 5
2008-11-07 13:30 . 2008-11-07 13:30 <DIR> d-------- c:\program files\Trend Micro
2008-11-07 13:30 . 2008-11-07 13:30 <DIR> d-------- c:\program files\AC3Filter
2008-11-07 13:30 . 2007-06-07 20:11 380,928 --a------ c:\windows\system32\ac3filter.acm
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\program files\Photodex Presenter
2008-11-07 13:22 . 2008-11-07 23:10 <DIR> d-------- c:\program files\Photodex
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Photodex
2008-11-07 13:22 . 2008-11-07 13:22 <DIR> d-------- c:\documents and settings\Natasa\Application Data\Netscape
2008-11-07 12:54 . 2008-11-07 12:54 <DIR> d--h----- c:\windows\Icons
2008-11-07 12:39 . 2008-11-07 12:39 <DIR> d-------- c:\windows\system32\scripting
2008-11-07 12:39 . 2008-11-07 12:39 <DIR> d-------- c:\windows\system32\en
2008-11-07 12:39 . 2008-11-07 12:39 <DIR> d-------- c:\windows\system32\bits
2008-11-07 12:39 . 2008-11-07 12:39 <DIR> d-------- c:\windows\l2schemas
2008-11-07 12:36 . 2008-11-07 12:36 <DIR> d-------- c:\windows\ServicePackFiles
2008-11-07 12:17 . 2008-10-03 18:41 6,066,176 -----c--- c:\windows\system32\dllcache\ieframe.dll
2008-11-07 12:17 . 2007-04-17 10:32 2,455,488 -----c--- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-07 12:17 . 2007-03-08 06:10 991,232 -----c--- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-07 12:17 . 2008-08-26 08:24 459,264 -----c--- c:\windows\system32\dllcache\msfeeds.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 15:09 3,963,936 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-09 15:09 278,304 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-09 15:08 60,356 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-09 15:08 30,248 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-09 12:38 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-09 12:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-09 11:35 --------- d-----w c:\documents and settings\Natasa\Application Data\uTorrent
2008-11-08 12:56 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-07 16:57 --------- d-----w c:\program files\Unlocker
2008-11-07 16:51 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-07 12:50 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-07 12:28 --------- d-----w c:\program files\uTorrent
2008-11-07 04:48 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-07 04:48 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-07 04:48 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-07 04:44 --------- d-----w c:\program files\Your Uninstaller 2008
2008-11-07 04:42 --------- d-----w c:\documents and settings\Natasa\Application Data\URSoft
2008-11-07 04:41 --------- d-----w c:\documents and settings\Natasa\Application Data\Desktopicon
2008-11-07 04:35 --------- d-----w c:\program files\Kaspersky Lab
2008-11-07 04:34 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-07 04:28 --------- d-----w c:\documents and settings\Natasa\Application Data\0000005738
2008-11-07 04:23 --------- d-----w c:\program files\Elecard
2008-11-07 04:23 --------- d-----w c:\program files\Common Files\Elecard
2008-11-07 04:20 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-11-07 04:18 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-07 04:14 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe
2008-11-07 04:14 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-11-07 04:14 --------- d-----w c:\documents and settings\Natasa\Application Data\TuneUp Software
2008-11-07 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-11-07 04:02 --------- d-----w c:\program files\microsoft frontpage
2008-11-02 08:44 56,572 ----a-w c:\windows\system32\drivers\scdemu.sys
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( snapshot@2008-11-09_15.18.52,64 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-14 00:12:05 221,696 ----a-w c:\windows\LastGood.Tmp\system32\inetsrv\seo.dll
+ 2008-04-14 00:12:06 189,440 ----a-w c:\windows\LastGood.Tmp\system32\inetsrv\smtpadm.dll
+ 2008-04-14 00:12:04 9,728 ----a-w c:\windows\LastGood.Tmp\system32\rwnh.dll
+ 2008-04-14 00:12:06 10,752 ----a-w c:\windows\LastGood.Tmp\system32\smtpapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-07-23 341232]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"msacm.ac3filter"= ac3filter.acm
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"RegistryMechanic"=c:\program files\Registry Mechanic\RegMech.exe /H

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=

R2 NMSAccessU;NMSAccessU;c:\program files\CDBurnerXP\NMSAccessU.exe [2008-06-15 71096]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-12-13 24592]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-11-07 355584]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]

2008-11-09 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-07-18 11:08]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-09 16:09:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Photodex\ProShowProducer\scsiaccess.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-11-09 16:12:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 15:12:09
ComboFix2.txt 2008-11-09 14:19:41

Pre-Run: 21.629.976.576 bytes free
Post-Run: 21,660,438,528 bytes free

287 --- E O F --- 2008-11-08 01:31:07

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje?

offline
  • Pridružio: 10 Okt 2008
  • Poruke: 38
  • Gde živiš: Rijeka

Pa, meni se čini da je dobro. PUNO Vam hvala! Srdačan pozdrav!

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Još samo ovo uradi:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



poz

Ko je trenutno na forumu
 

Ukupno su 707 korisnika na forumu :: 48 registrovanih, 9 sakrivenih i 650 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, A.R.Chafee.Jr., aljosa7, aramis s, branko7, Brok, cenejac111, crnitrn, danilopu, dragon986, flash12, gile58, havoc995, ivan1973, ivica976, Koca Popovic, Krusarac, laki_bb, LeGrandCharles, Leonardo, liman, Mercury, Milan A. Nikolic, Mirage 2000N, Misirac, mushroom, nenad81, Oluj2.1, RJ, roka79, ruger357, sakota79, saputnik plavetnila, sevenino, shaja1, Srki94, stegonosa, StepskiVuk, Toni, VaRvArI 85, VJ, vlvl, voja64, VP6919, Wlade, yrraf, zixo