|
Poslao: 05 Avg 2008 16:55
|
offline
- Pridružio: 05 Avg 2008
- Poruke: 33
|
Logfile of HijackThis v1.99.1
Scan saved at 16:37:30, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\stickies\stickies.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MAKI\Desktop\FG5.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - (no file)
O2 - BHO: (no name) - {5BBA03D0-78FE-43B5-8D23-81EB74934CE7} - C:\WINDOWS\system32\geBqQHAr.dll (file missing)
O2 - BHO: (no name) - {708BA406-930E-40D6-92E5-D29E8E380AAA} - C:\WINDOWS\system32\ljJBsQhe.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O2 - BHO: (no name) - {E203644A-2599-469E-9966-C63C74E38009} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [run] C:\PROGRA~1\Basp_Pro\Basp.exe
O4 - HKLM\..\Run: [582041fb] rundll32.exe "C:\WINDOWS\system32\tkvpxdsf.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O4 - Global Startup: BlueSoleil.lnk = C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - ebank.agrobanka.rs/Retail/Pages/Download/C.....PlugIn.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....3207574781
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....3207390203
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_77.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: geBqQHAr - geBqQHAr.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Start BT in service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
|
|
|
|
|
|
|
|
|
Poslao: 05 Avg 2008 21:38
|
offline
- Pridružio: 05 Avg 2008
- Poruke: 33
|
ComboFix 08-08-04.07 - MAKI 2008-08-05 21:07:44.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.123 [GMT 2:00]
Running from: C:\Documents and Settings\MAKI\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Documents\Adobe PDF\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Extras\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Adobe PDF\Settings\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000CD14F\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\ADSTechnology.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\ADSTechnology\Uninstall.lnk
C:\Documents and Settings\Korisnik\Application Data\DriveCleaner 2006 Free
C:\Documents and Settings\Korisnik\Application Data\DriveCleaner 2006 Free\Logs\update.log
C:\Program Files\ActivationManager
C:\Program Files\ActivationManager\Uninstall.exe
C:\WINDOWS\prefs_bg.dll
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\axefwsqc.ini
C:\WINDOWS\system32\efhkj.bak1
C:\WINDOWS\system32\efhkj.tmp
C:\WINDOWS\system32\ehQsBJjl.ini
C:\WINDOWS\system32\ehQsBJjl.ini2
C:\WINDOWS\system32\fsdxpvkt.ini
C:\WINDOWS\system32\fsdxpvkt.ini2
C:\WINDOWS\system32\fsdxpvkt.tmp
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\winlogon.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-05 19:12 . 2008-08-05 19:12 <DIR> d-------- C:\Program Files\Uniblue
2008-08-05 19:12 . 2008-08-05 19:12 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\Uniblue
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d-------- C:\SIERRA
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d-------- C:\Red Storm Entertainment
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d--hs---- C:\FOUND.000
2008-07-25 10:02 . 2008-07-25 10:02 <DIR> d-------- C:\WINDOWS\_ISTMP1.DIR
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\WINDOWS\Profiles
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\InterTrust
2008-07-24 14:19 . 2008-07-24 14:19 83,968 --a------ C:\WINDOWS\system32\TKVPXDSF.DLL
2008-07-24 14:13 . 2008-07-24 14:13 17,920 --------- C:\WINDOWS\system32\ieext.dll
2008-07-24 13:28 . 2008-07-24 13:28 <DIR> d-------- C:\Program Files\Plus!
2008-07-24 13:18 . 2008-07-24 13:18 <DIR> d-------- C:\Program Files\FolderShine
2008-07-24 13:03 . 2008-07-24 13:03 <DIR> d-------- C:\Program Files\stickies
2008-07-24 13:03 . 2008-07-24 13:03 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\stickies
2008-07-24 13:03 . 2001-07-01 17:30 112,640 --a------ C:\WINDOWS\lsb_un20.exe
2008-07-24 12:39 . 2008-07-24 12:39 <DIR> d-------- C:\Program Files\Exact Audio Copy
2008-07-22 21:52 . 2008-07-22 21:52 <DIR> d-------- C:\Program Files\Avatar Sizer
2008-07-19 16:52 . 2008-07-19 16:52 <DIR> d--hs---- C:\FOUND.032
2008-07-16 22:37 . 2008-07-16 22:37 <DIR> d-------- C:\Program Files\Windows Live
2008-07-16 22:37 . 2008-07-16 22:37 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-16 22:30 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-16 22:30 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-16 22:30 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-14 23:25 . 2008-07-26 16:18 43 --a------ C:\WINDOWS\FFS20ChtReg.ini
2008-07-14 23:24 . 2008-07-14 23:24 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\Reallusion
2008-07-14 23:23 . 2008-07-14 23:23 <DIR> d-------- C:\Program Files\Reallusion
2008-07-14 21:18 . 2008-07-14 21:18 <DIR> dr------- C:\Program Files\Basp_Pro
2008-07-11 09:10 . 2008-07-11 09:10 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-11 09:08 . 2008-07-11 09:08 <DIR> d-------- C:\Program Files\Maxis
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:48 311,128 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-06-29 18:48 1,526,468 ----a-w C:\WINDOWS\system32\libeay32.dll
2008-06-19 07:12 --------- d-----w C:\Program Files\EA SPORTS
2008-06-17 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-06-17 14:04 --------- d-----w C:\Program Files\IVT Corporation
2008-06-16 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 07:07 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 14:29 --------- d-----w C:\Program Files\TVUPlayer
2008-06-12 14:29 --------- d-----w C:\Documents and Settings\MAKI\Application Data\TVU Networks
2008-06-12 14:28 --------- d-----w C:\Program Files\TVAnts
2008-06-12 14:28 --------- d-----w C:\Program Files\Satellite TV for PC
2008-06-05 18:07 --------- d-----w C:\Program Files\Fusion Labs Ltd
2008-05-19 19:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-02 15:02 21,144 ----a-w C:\Documents and Settings\MAKI\Application Data\GDIPFONTCACHEV1.DAT
2007-03-03 06:03 128 ----a-w C:\Program Files\pdel.bat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-24 14:30 1506544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-03-13 11:10 19543592]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 14:05 1927448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"582041fb"="C:\WINDOWS\system32\tkvpxdsf.dll" [2008-07-24 14:19 83968]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]
C:\Documents and Settings\MAKI\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-06-16 19:37:40 225280]
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2008-07-24 13:03:52 204800]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2006-01-19 09:17:13 430080]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-21 14:54:16 1441792]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-24 14:30 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-24 14:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.xvid"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk]
backup=C:\WINDOWS\pss\Media Key.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^SpamButcher.lnk]
backup=C:\WINDOWS\pss\SpamButcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk]
backup=C:\WINDOWS\pss\DesktopEarth AutoStart.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\MAKI\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mini-YuRecnik
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Stupid Data Dart Wave
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-11-13 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
--a------ 2007-04-18 15:49 7116352 C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2002-05-24 14:54 357376 C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-01-04 14:17 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
--a------ 2007-12-07 11:05 8090912 C:\Program Files\PoivY.com\PoivY\PoivY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-13 11:10 19543592 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-07-24 14:30 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-23 18:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2005-10-20 19:32 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-06-10 12:12 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\STICKIES\\stickies.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\TechniSat DVB\\BIN\\Server4PC.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-01-05 23:42]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 Faste0dku;Faste0dku;C:\WINDOWS\system32\drivers\vga.sys [2004-08-03 21:07]
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 14:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{29b4cde2-0872-11dc-866c-00d0d7093ec6}]
\Shell\Auto\command - I:\auto.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
.
- - - - ORPHANS REMOVED - - - -
Notify-geBqQHAr - geBqQHAr.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\MAKI\Application Data\Mozilla\Firefox\Profiles\ty8icbpl.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www2.firesearch.com/
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-05 21:14:30
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\LAVASOFT\AD-AWARE\AAWSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE
C:\PROGRAM FILES\GOOGLE\COMMON\GOOGLE UPDATER\GOOGLEUPDATERSERVICE.EXE
C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHDISP.EXE
C:\WINDOWS\system32\rundll32.exe
D:\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\SYSTEM32\PASTISVC.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-08-05 21:19:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-05 19:19:10
Pre-Run: 522,436,608 bytes free
Post-Run: 854,065,152 bytes free
263
Dopuna: 05 Avg 2008 21:38
Kad ponovo uklj. comp pojavljuje mi se upozorenje : rundll32.exe-Bad Image i pise "The application or DLL C:\WINDOWS\system32\tkvpxdsf.dll is not a valid Windows image. Please check this against your installation diskette. I kad na to upozorenje pritisnem OK onda se pojavi sledece RUNDLL sa natpisom .....izgubio sam natpis , nadam se da si razumeo. Hvala!!!
|
|
|
|
|
|
|
|
|
Poslao: 05 Avg 2008 22:36
|
offline
- Pridružio: 05 Avg 2008
- Poruke: 33
|
ComboFix 08-08-04.07 - MAKI 2008-08-05 22:10:43.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.166 [GMT 2:00]
Running from: C:\Documents and Settings\MAKI\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\MAKI\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
C:\WINDOWS\system32\ieext.dll
C:\WINDOWS\system32\TKVPXDSF.DLL
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\ieext.dll
C:\WINDOWS\system32\TKVPXDSF.DLL
.
((((((((((((((((((((((((( Files Created from 2008-07-05 to 2008-08-05 )))))))))))))))))))))))))))))))
.
2008-08-05 19:12 . 2008-08-05 19:12 <DIR> d-------- C:\Program Files\Uniblue
2008-08-05 19:12 . 2008-08-05 19:12 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\Uniblue
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d-------- C:\SIERRA
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d-------- C:\Red Storm Entertainment
2008-08-05 18:59 . 2008-08-05 18:59 <DIR> d--hs---- C:\FOUND.000
2008-07-25 10:02 . 2008-07-25 10:02 <DIR> d-------- C:\WINDOWS\_ISTMP1.DIR
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\WINDOWS\Profiles
2008-07-24 21:02 . 2008-07-24 21:02 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\InterTrust
2008-07-24 13:28 . 2008-07-24 13:28 <DIR> d-------- C:\Program Files\Plus!
2008-07-24 13:18 . 2008-07-24 13:18 <DIR> d-------- C:\Program Files\FolderShine
2008-07-24 13:03 . 2008-07-24 13:03 <DIR> d-------- C:\Program Files\stickies
2008-07-24 13:03 . 2008-07-24 13:03 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\stickies
2008-07-24 13:03 . 2001-07-01 17:30 112,640 --a------ C:\WINDOWS\lsb_un20.exe
2008-07-24 12:39 . 2008-07-24 12:39 <DIR> d-------- C:\Program Files\Exact Audio Copy
2008-07-22 21:52 . 2008-07-22 21:52 <DIR> d-------- C:\Program Files\Avatar Sizer
2008-07-19 16:52 . 2008-07-19 16:52 <DIR> d--hs---- C:\FOUND.032
2008-07-16 22:37 . 2008-07-16 22:37 <DIR> d-------- C:\Program Files\Windows Live
2008-07-16 22:37 . 2008-07-16 22:37 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-16 22:30 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-16 22:30 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-16 22:30 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-16 22:30 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-14 23:25 . 2008-07-26 16:18 43 --a------ C:\WINDOWS\FFS20ChtReg.ini
2008-07-14 23:24 . 2008-07-14 23:24 <DIR> d-------- C:\Documents and Settings\MAKI\Application Data\Reallusion
2008-07-14 23:23 . 2008-07-14 23:23 <DIR> d-------- C:\Program Files\Reallusion
2008-07-14 21:18 . 2008-07-14 21:18 <DIR> dr------- C:\Program Files\Basp_Pro
2008-07-11 09:10 . 2008-07-11 09:10 <DIR> d-------- C:\Program Files\Electronic Arts
2008-07-11 09:08 . 2008-07-11 09:08 <DIR> d-------- C:\Program Files\Maxis
2008-07-08 21:11 . 2008-07-08 21:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-29 18:48 311,128 ----a-w C:\WINDOWS\system32\libssl32.dll
2008-06-29 18:48 1,526,468 ----a-w C:\WINDOWS\system32\libeay32.dll
2008-06-19 07:12 --------- d-----w C:\Program Files\EA SPORTS
2008-06-17 14:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Bluetooth
2008-06-17 14:04 --------- d-----w C:\Program Files\IVT Corporation
2008-06-16 15:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-15 07:07 685,816 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-06-12 14:29 --------- d-----w C:\Program Files\TVUPlayer
2008-06-12 14:29 --------- d-----w C:\Documents and Settings\MAKI\Application Data\TVU Networks
2008-06-12 14:28 --------- d-----w C:\Program Files\TVAnts
2008-06-12 14:28 --------- d-----w C:\Program Files\Satellite TV for PC
2008-06-05 18:07 --------- d-----w C:\Program Files\Fusion Labs Ltd
2008-05-19 19:03 720,896 ----a-w C:\WINDOWS\iun6002.exe
2008-05-16 09:58 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-02-02 15:02 21,144 ----a-w C:\Documents and Settings\MAKI\Application Data\GDIPFONTCACHEV1.DAT
2007-03-03 06:03 128 ----a-w C:\Program Files\pdel.bat
.
((((((((((((((((((((((((((((( snapshot@2008-08-05_21.18.20.28 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-05 20:32:28 75,706 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-05 19:19:20 75,706 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-05 20:32:28 430,374 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-05 19:19:22 430,374 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-05 19:27:40 16,384 ----a-w C:\WINDOWS\Temp\Perflib_Perfdata_27c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 22:56 15360]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 21:49 4662776]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 12:54 5674352]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-07-24 14:30 1506544]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-03-13 11:10 19543592]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-07-23 14:05 1927448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 22:56 15360]
C:\Documents and Settings\MAKI\Start Menu\Programs\Startup\
PowerReg Scheduler V3.exe [2008-06-16 19:37:40 225280]
Stickies.lnk - C:\Program Files\stickies\stickies.exe [2008-07-24 13:03:52 204800]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Server4PC.lnk - C:\Program Files\TechniSat DVB\bin\Server4PC.exe [2006-01-19 09:17:13 430080]
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2007-04-21 14:54:16 1441792]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-07-24 14:30 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-24 14:30 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll
"VIDC.i263"= i263_32.drv
"msacm.imc"= imc32.acm
"VIDC.VP31"= vp31vfw.dll
"vidc.xvid"= xvid.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Media Key.lnk]
backup=C:\WINDOWS\pss\Media Key.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^SpamButcher.lnk]
backup=C:\WINDOWS\pss\SpamButcher.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^DesktopEarth AutoStart.lnk]
backup=C:\WINDOWS\pss\DesktopEarth AutoStart.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\MAKI\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^MAKI^Start Menu^Programs^Startup^Webshots.lnk]
backup=C:\WINDOWS\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mini-YuRecnik
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spyware Doctor
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2003-11-13 21:10 335872 C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-03 22:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InternetCalls]
--a------ 2007-04-18 15:49 7116352 C:\Program Files\InternetCalls.com\InternetCalls\InternetCalls.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LWBMOUSE]
--a------ 2002-05-24 14:54 357376 C:\Program Files\iWare\iWare Mouse\3.2\Mouse32A.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-01-04 14:17 1937408 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PoivY]
--a------ 2007-12-07 11:05 8090912 C:\Program Files\PoivY.com\PoivY\PoivY.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
--a------ 2006-03-13 11:10 19543592 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-03-25 04:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2008-07-24 14:30 1506544 C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-05-23 18:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--------- 2005-10-20 19:32 33792 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2006-11-30 21:49 4662776 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2003-06-10 12:12 55296 C:\WINDOWS\SOUNDMAN.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\STICKIES\\stickies.exe"=
"C:\\Program Files\\TechniSat DVB\\BIN\\Server4PC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys [2002-07-11 12:00]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2004-01-05 23:42]
S1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\cinemsup.sys []
S3 CoachUsb;Coach Digital Camera on USB;C:\WINDOWS\system32\DRIVERS\CoachUsb.sys [2004-01-22 12:41]
S3 Faste0dku;Faste0dku;C:\WINDOWS\system32\drivers\vga.sys [2004-08-03 21:07]
S3 PAC207;VideoCAM GF112;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-04-08 10:46]
S3 SetupNTGLM7X;SetupNTGLM7X;E:\NTGLM7X.sys []
S3 Start BT in service;Start BT in service;C:\Program Files\IVT Corporation\BlueSoleil\StartSkysolSvc.exe [2007-04-21 14:54]
.
Contents of the 'Scheduled Tasks' folder
2008-08-05 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-07-07 17:26]
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-05 22:13:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-05 22:14:11
ComboFix-quarantined-files.txt 2008-08-05 20:14:08
ComboFix2.txt 2008-08-05 19:19:30
Pre-Run: 806,207,488 bytes free
Post-Run: 795,344,896 bytes free
214
Dopuna: 05 Avg 2008 22:29
Sad mi se nije pojavila ona poruka , puno ti hvala!!! Zaboravio sam ono isto da uradim sa Avast-om, nadam se da nece biti problema. Sta da uradim da se windows brze podigne? Dali da isklj. start up programe? Jos jednom ti hvala!!!!
Dopuna: 05 Avg 2008 22:36
Jao i nisam video da treba druga verzija CoboFixa , nego sam skenirao preko istog?
Valjda ce biti sve u redu.
|
|
|
|
|
|
|
Poslao: 05 Avg 2008 22:41
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Postojala je mogućnost da neće obrisati file-ove, samo to (ništa katastrofalno se nije moglo dogoditi, bez brige).
Da li si ti instalirao ovaj program:
C:\PROGRA~1\Basp_Pro\Basp.exe
|
|
|
|
|
|
|
Poslao: 05 Avg 2008 22:47
|
offline
- Pridružio: 05 Avg 2008
- Poruke: 33
|
Da imama ga, ali posle skeniranja ComboFixa nestartuje se kao aktivni prozor, ali ga imam i dalje u Program filesu.
|
|
|
|
|
|
|
Poslao: 06 Avg 2008 16:49
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Skini file sa [url=https://www.mycity.rs/must-login.png linka[/url] na Desktop.
Dvoklikni na njega - iskopiraj u temu na forumu tekst koji će biti prikazan u Notepad-u.
-------------------------------------------------------------------------------------
Preuzmi Dr.Web CureIt (~10 MB).
Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode)
Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start
Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK
Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju
Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK
U glavnom prozoru obeleži opciju Complete scan a zatim klikni  i Dr.Web CureIt će započeti skeniranje
Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju
Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:
Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu
Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.
|
|
|
|
|
|
) u donjem, desnom uglu ekrana i izaberi 
Skini ComboFix sa jedne od sledecih adresa na Desktop:
