Mislim da mi je neko usao u sistem

Mislim da mi je neko usao u sistem

offline
  • Pridružio: 25 Apr 2008
  • Poruke: 27

Cesto mi se cuje kao da neko ide po mojim folderima jer se cuje onaj zvuk kada se predje iz jednog foldera u drugi a takodje se ponekad cuje kao da neko gleda nesto po internetu a meni nista nije ukljuceno niti radi u tom trenutku.To se obicno desava kada duze ne koristim komp a ostane ukljucen.

Marko

Logfile of HijackThis v1.99.1
Scan saved at 5:47:17 PM, on 5/1/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Cyberlink\Shared Files\brs.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Windows Live\Family Safety\fsui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Target Web ADS\TargetWebADSb.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Target Web ADS\TargetWebADSh.exe
D:\Temp\Intalacija\Sredjivanje kompa preko neta\New Folder\tr3.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = bancaintesabeograd.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favorites
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: TargetWebADS module - {8152A0B9-DEB6-476e-BC67-175B19080A8A} - C:\Program Files\Target Web ADS\TargetWebADS.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UVS12 Preload] C:\Program Files\Corel\Corel VideoStudio 12\uvPL.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [fssui] "C:\Program Files\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HBlock] C:\Program Files\Target Web ADS\TargetWebADSh.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O11 - Options group: [TABS] Tabbed Browsing
O16 - DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} (NetSeTManager Class) - secure.bancaintesabeograd.com/Pages/Downlo.....PlugIn.cab
O16 - DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} (SetPinManager Class) - secure.bancaintesabeograd.com/Pages/Downlo.....Plugin.cab
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} (FileInterface Class) - online.bancaintesabeograd.com/RetailDLL/FSINT.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} (PINManager Class) - secure.bancaintesabeograd.com/Pages/Downlo.....Plugin.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\wpdshserviceobj.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c999066ea1c4de) (gupdate1c999066ea1c4de) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Zdravo.

* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.

---------------------------

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 25 Apr 2008
  • Poruke: 27

ComboFix 09-05-01.1 - Margo 05/01/2009 19:34.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2433 [GMT 2:00]
Running from: c:\documents and settings\Margo\Local Settings\Application Data\Opera\Opera\profile\cache4\temporary_download\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msvcsv60.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-01 to 2009-05-01 )))))))))))))))))))))))))))))))
.

2009-04-30 22:47 . 2009-05-01 17:29 -------- d-----w c:\program files\Virtual Piano
2009-04-30 22:38 . 2009-04-30 22:38 -------- d-----w c:\program files\Target Web ADS
2009-04-28 15:32 . 2009-04-28 15:32 3320 ----a-w c:\windows\desctemp.dat
2009-04-20 19:38 . 2009-04-22 14:52 -------- d-----w c:\program files\Soulseek
2009-04-18 16:22 . 2009-04-18 16:30 16 ----a-w c:\windows\msocreg32.dat
2009-04-18 16:19 . 2009-04-18 16:19 -------- d-----w c:\program files\Common Files\DigiDesign
2009-04-18 16:18 . 2009-04-18 16:18 -------- d-----w c:\program files\IK Multimedia
2009-04-18 15:57 . 2009-04-18 15:57 -------- d-----w c:\documents and settings\All Users\Application Data\IK Multimedia
2009-04-18 13:57 . 2009-04-18 13:57 -------- d-----w c:\documents and settings\Margo\Local Settings\Application Data\F4
2009-04-18 13:52 . 2009-04-18 13:55 -------- d-----w c:\documents and settings\Margo\Application Data\F4
2009-04-18 13:52 . 2009-04-25 12:51 -------- d-----w c:\program files\Empire of Sports
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\documents and settings\Margo\IGC
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\program files\IGC
2009-04-09 16:23 . 2009-04-09 16:23 -------- d-----w c:\documents and settings\Margo\Application Data\AutoDWG
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\windows\system32\shxfont
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\program files\AutoDWG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 15:31 . 2008-12-23 21:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-29 20:14 . 2008-11-02 18:16 2828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-29 09:31 . 2008-11-27 20:12 -------- d-----w c:\program files\Planplus
2009-04-25 19:47 . 2009-01-16 17:34 16 ----a-w c:\windows\popcinfo.dat
2009-04-25 19:37 . 2008-12-10 16:37 139280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 19:37 . 2008-12-10 16:37 202000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-18 16:19 . 2008-11-28 17:23 -------- d-----w c:\program files\Vst
2009-04-18 16:19 . 2008-10-31 21:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 13:52 . 2009-02-20 07:02 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-18 13:52 . 2004-03-16 02:40 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-18 12:16 . 2009-03-23 20:04 -------- d-----w c:\program files\Audio Recorder Titanium
2009-04-10 08:24 . 2009-03-06 12:39 -------- d-----w c:\program files\Java
2009-03-30 00:30 . 2008-11-29 00:59 -------- d-----w c:\program files\TrackMania Nations ESWC
2009-03-24 20:36 . 2008-11-26 17:29 8 ----a-w c:\windows\system32\nvModes.dat
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\Yahoo!
2009-03-17 21:50 . 2009-01-01 11:01 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\ACD Systems
2009-03-09 03:19 . 2008-12-29 01:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 20:06 . 2009-03-06 20:06 -------- d-----w c:\program files\Pixarra
2009-03-05 14:34 . 2009-03-05 10:33 -------- d-----w c:\program files\Counter-Strike Source
2009-03-05 11:14 . 2008-10-31 22:03 -------- d-----w c:\program files\Opera
2009-03-03 19:32 . 2009-03-03 19:31 -------- d-----w c:\program files\Hamachi
2009-03-03 19:31 . 2008-11-01 20:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-03-02 19:12 . 2009-03-02 19:12 -------- d-----w c:\program files\ASIO4ALL v2
2009-03-02 19:12 . 2008-11-28 17:23 -------- d-----w c:\program files\Image-Line
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-01 15:42 . 2009-02-01 15:43 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-02-01 15:42 . 2003-03-18 19:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-01-18 07:32 . 2009-01-18 07:32 56 --sh--r c:\windows\system32\5C16CB789B.sys
2008-12-27 23:06 . 2008-12-27 22:52 88 --sh--r c:\windows\system32\7DB7931597.sys
2009-01-18 07:32 . 2009-01-18 07:32 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll

[-] 2008-04-28 09:25 920064 88348F8C92C28BA99FE49BD392100CE0 c:\windows\system32\wininet.dll

[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe

[-] 2008-04-26 03:58 2185216 E184A0CF10CADD2B4F5AF0A31E8627D6 c:\windows\system32\ntkrnlpa.exe

[-] 2008-04-26 03:44 2306560 0F733106A818383806060ABC29FE0F3A c:\windows\system32\ntoskrnl.exe

[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe

[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe

[-] 2008-03-20 18:36 989696 9A8D604748D9FE73B66021E5782A4A3C c:\windows\system32\kernel32.dll

[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
2009-01-22 14:41 408448 ----a-w c:\program files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
2009-03-25 18:04 668656 ----a-w c:\program files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2009-03-09 03:18 35840 ----a-w c:\program files\Java\jre6\bin\jp2ssv.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
2009-02-06 17:17 1068904 ----a-w c:\program files\Windows Live\Toolbar\wltcore.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2009-03-09 03:18 73728 ----a-w c:\program files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}"= "c:\program files\Yahoo!\Companion\Installs\cpn\yt.dll" [2008-05-15 817936]

[HKEY_CLASSES_ROOT\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YToolbarBand]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"HBlock"="c:\program files\Target Web ADS\TargetWebADSh.exe" [2009-04-30 95748]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-28 3504128]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]

c:\documents and settings\Margo\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-1 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WebCheck"= {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - c:\windows\system32\webcheck.dll [2008-04-28 390144]
"WPDShServiceObj"= {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll [2008-04-28 133632]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^Margo^Start Menu^Programs^Startup^YzDock.lnk]
path=c:\documents and settings\Margo\Start Menu\Programs\Startup\YzDock.lnk
backup=c:\windows\pss\YzDock.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Temp\\Igrice\\Sega rally\\segarally\\{app}\\SEGA Rally.exe"=
"d:\\Temp\\Igrice\\Fletout\\{app}\\FlatOut2.exe"=
"c:\\team17\\worms world party\\wwp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Documents and Settings\\Margo\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; [x]
R2 gupdate1c999066ea1c4de;Google Update Service (gupdate1c999066ea1c4de);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-04-28 25600]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-01 18:04]

2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 18:08]

2009-05-01 c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
- c:\program files\Target Web ADS\TargetWebADSb.exe [2009-04-30 22:38]
.
- - - - ORPHANS REMOVED - - - -

SSODL-CDBurn-{fbeb8a05-beee-4442-804e-409d6c4515e9} - %SystemRoot%\system32\SHELL32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bancaintesabeograd.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
IE: {{92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\MICROS~2\Office12\REFIEBAR.DLL
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - c:\windows\system32\urlmon.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\HP\hpcoretech\comp\hpuiprot.dll
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - c:\progra~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - c:\windows\system32\msvidctl.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\windows\system32\itss.dll
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-01 19:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD5C859F-C0BF-913C-7636-F3BC908B9710}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajfeegflafbkmjgninp"=hex:62,61,6e,64,00,00
"jajfeegflafbkmjgnijp"=hex:62,61,6a,64,00,00
"iajochcmhndgheoeha"=hex:6b,61,6f,64,62,68,65,6e,62,63,66,61,6c,70,61,63,63,62,
6a,6a,64,67,00,00

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,d1,c1,00,f2,3b,f7,50,48,37,81,6b,a6,97,c2,70,54,47,8b,4e,00,e3,d3,
84,08,82,d8,dd,37,ab,3b,ff,00,bd,1a,d0,eb,23,c1,25,e0,d4,df,a8,b8,e1,98,ac,\
"??"=hex:87,91,54,da,89,a3,11,01,38,6f,60,3d,4c,20,cd,b6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,93,ec,47,50,
a4,45,42,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7a,c7,bb,2c,bf,
e1,c7,27,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,58,52,b6,ec,0f,
64,87,fd,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,66,9a,76,dc,2c,
3d,cb,29,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,da,53,e4,ea,49,
b5,a0,90,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a5,64,6c,fc,01,
56,41,9b,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f8,96,1d,8a,7e,
93,46,de,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,81,fd,13,66,b2,
e4,52,ea,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,4e,bf,9c,31,ab,
6a,3c,76,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,07,e3,0f,f3,3d,
e3,84,e3,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,50,7f,18,0a,8b,
36,41,81,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,f3,31,18,cd,
35,45,3a,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-05-01 19:37
ComboFix-quarantined-files.txt 2009-05-01 17:37
ComboFix2.txt 2008-12-25 09:50

Pre-Run: 13,087,948,800 bytes free
Post-Run: 13,146,697,728 bytes free

320

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

Folder::
c:\program files\Target Web ADS

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HBlock"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 25 Apr 2008
  • Poruke: 27

Napisano: 02 Maj 2009 9:33

ComboFix 09-05-02.4 - Margo 05/02/2009 9:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2445 [GMT 2:00]
Running from: c:\documents and settings\Margo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Margo\Desktop\CFScript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Target Web ADS
c:\program files\Target Web ADS\TargetWebADS.dll
c:\program files\Target Web ADS\TargetWebADSb.exe
c:\program files\Target Web ADS\TargetWebADSh.exe
c:\program files\Target Web ADS\Uninstall.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-30 22:47 . 2009-05-01 17:48 -------- d-----w c:\program files\Virtual Piano
2009-04-28 15:32 . 2009-04-28 15:32 3320 ----a-w c:\windows\desctemp.dat
2009-04-20 19:38 . 2009-04-22 14:52 -------- d-----w c:\program files\Soulseek
2009-04-18 16:22 . 2009-04-18 16:30 16 ----a-w c:\windows\msocreg32.dat
2009-04-18 16:19 . 2009-04-18 16:19 -------- d-----w c:\program files\Common Files\DigiDesign
2009-04-18 16:18 . 2009-04-18 16:18 -------- d-----w c:\program files\IK Multimedia
2009-04-18 15:57 . 2009-04-18 15:57 -------- d-----w c:\documents and settings\All Users\Application Data\IK Multimedia
2009-04-18 13:57 . 2009-04-18 13:57 -------- d-----w c:\documents and settings\Margo\Local Settings\Application Data\F4
2009-04-18 13:52 . 2009-04-18 13:55 -------- d-----w c:\documents and settings\Margo\Application Data\F4
2009-04-18 13:52 . 2009-04-25 12:51 -------- d-----w c:\program files\Empire of Sports
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\documents and settings\Margo\IGC
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\program files\IGC
2009-04-09 16:23 . 2009-04-09 16:23 -------- d-----w c:\documents and settings\Margo\Application Data\AutoDWG
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\windows\system32\shxfont
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\program files\AutoDWG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 07:26 . 2008-10-31 14:23 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 21:14 . 2009-03-25 18:04 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-01 21:14 . 2009-02-27 18:08 880 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-01 15:31 . 2008-12-23 21:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-29 20:14 . 2008-11-02 18:16 2828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-29 09:31 . 2008-11-27 20:12 -------- d-----w c:\program files\Planplus
2009-04-25 19:47 . 2009-01-16 17:34 16 ----a-w c:\windows\popcinfo.dat
2009-04-25 19:37 . 2008-12-10 16:37 139280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 19:37 . 2008-12-10 16:37 202000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-18 16:19 . 2008-11-28 17:23 -------- d-----w c:\program files\Vst
2009-04-18 16:19 . 2008-10-31 21:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 13:52 . 2009-02-20 07:02 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-18 13:52 . 2004-03-16 02:40 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-18 12:16 . 2009-03-23 20:04 -------- d-----w c:\program files\Audio Recorder Titanium
2009-04-10 08:24 . 2009-03-06 12:39 -------- d-----w c:\program files\Java
2009-03-30 00:30 . 2008-11-29 00:59 -------- d-----w c:\program files\TrackMania Nations ESWC
2009-03-24 20:36 . 2008-11-26 17:29 8 ----a-w c:\windows\system32\nvModes.dat
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\Yahoo!
2009-03-17 21:50 . 2009-01-01 11:01 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\ACD Systems
2009-03-09 03:19 . 2008-12-29 01:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 20:06 . 2009-03-06 20:06 -------- d-----w c:\program files\Pixarra
2009-03-05 14:34 . 2009-03-05 10:33 -------- d-----w c:\program files\Counter-Strike Source
2009-03-05 11:14 . 2008-10-31 22:03 -------- d-----w c:\program files\Opera
2009-03-03 19:32 . 2009-03-03 19:31 -------- d-----w c:\program files\Hamachi
2009-03-03 19:31 . 2008-11-01 20:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-01 15:42 . 2009-02-01 15:43 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-02-01 15:42 . 2003-03-18 19:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-01-18 07:32 . 2009-01-18 07:32 56 --sh--r c:\windows\system32\5C16CB789B.sys
2008-12-27 23:06 . 2008-12-27 22:52 88 --sh--r c:\windows\system32\7DB7931597.sys
2009-01-18 07:32 . 2009-01-18 07:32 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll

[-] 2008-04-28 09:25 920064 88348F8C92C28BA99FE49BD392100CE0 c:\windows\system32\wininet.dll

[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe

[-] 2008-04-26 03:58 2185216 E184A0CF10CADD2B4F5AF0A31E8627D6 c:\windows\system32\ntkrnlpa.exe

[-] 2008-04-26 03:44 2306560 0F733106A818383806060ABC29FE0F3A c:\windows\system32\ntoskrnl.exe

[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe

[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe

[-] 2008-03-20 18:36 989696 9A8D604748D9FE73B66021E5782A4A3C c:\windows\system32\kernel32.dll

[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-01_17.36.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 21:14 . 2009-05-01 21:14 16384 c:\windows\temp\Perflib_Perfdata_2c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-28 3504128]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]

c:\documents and settings\Margo\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-1 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^Margo^Start Menu^Programs^Startup^YzDock.lnk]
path=c:\documents and settings\Margo\Start Menu\Programs\Startup\YzDock.lnk
backup=c:\windows\pss\YzDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Temp\\Igrice\\Sega rally\\segarally\\{app}\\SEGA Rally.exe"=
"d:\\Temp\\Igrice\\Fletout\\{app}\\FlatOut2.exe"=
"c:\\team17\\worms world party\\wwp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Documents and Settings\\Margo\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; [x]
R2 gupdate1c999066ea1c4de;Google Update Service (gupdate1c999066ea1c4de);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-04-28 25600]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-01 18:04]

2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bancaintesabeograd.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-02 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD5C859F-C0BF-913C-7636-F3BC908B9710}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajfeegflafbkmjgninp"=hex:62,61,6e,64,00,00
"jajfeegflafbkmjgnijp"=hex:62,61,6a,64,00,00
"iajochcmhndgheoeha"=hex:6b,61,6f,64,62,68,65,6e,62,63,66,61,6c,70,61,63,63,62,
6a,6a,64,67,00,00

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,d1,c1,00,f2,3b,f7,50,48,37,81,6b,a6,97,c2,70,54,47,8b,4e,00,e3,d3,
84,08,82,d8,dd,37,ab,3b,ff,00,bd,1a,d0,eb,23,c1,25,e0,d4,df,a8,b8,e1,98,ac,\
"??"=hex:87,91,54,da,89,a3,11,01,38,6f,60,3d,4c,20,cd,b6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,93,ec,47,50,
a4,45,42,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7a,c7,bb,2c,bf,
e1,c7,27,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,58,52,b6,ec,0f,
64,87,fd,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,66,9a,76,dc,2c,
3d,cb,29,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,da,53,e4,ea,49,
b5,a0,90,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a5,64,6c,fc,01,
56,41,9b,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f8,96,1d,8a,7e,
93,46,de,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,81,fd,13,66,b2,
e4,52,ea,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,4e,bf,9c,31,ab,
6a,3c,76,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,07,e3,0f,f3,3d,
e3,84,e3,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,50,7f,18,0a,8b,
36,41,81,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,f3,31,18,cd,
35,45,3a,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-05-02 9:30
ComboFix-quarantined-files.txt 2009-05-02 07:30
ComboFix2.txt 2009-05-01 17:37
ComboFix3.txt 2008-12-25 09:50

Pre-Run: 13,004,480,512 bytes free
Post-Run: 13,047,529,472 bytes free

290

Dopuna: 02 Maj 2009 9:34

ComboFix 09-05-02.4 - Margo 05/02/2009 9:27.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2445 [GMT 2:00]
Running from: c:\documents and settings\Margo\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Margo\Desktop\CFScript.txt
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Target Web ADS
c:\program files\Target Web ADS\TargetWebADS.dll
c:\program files\Target Web ADS\TargetWebADSb.exe
c:\program files\Target Web ADS\TargetWebADSh.exe
c:\program files\Target Web ADS\Uninstall.exe
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((( Files Created from 2009-04-02 to 2009-05-02 )))))))))))))))))))))))))))))))
.

2009-04-30 22:47 . 2009-05-01 17:48 -------- d-----w c:\program files\Virtual Piano
2009-04-28 15:32 . 2009-04-28 15:32 3320 ----a-w c:\windows\desctemp.dat
2009-04-20 19:38 . 2009-04-22 14:52 -------- d-----w c:\program files\Soulseek
2009-04-18 16:22 . 2009-04-18 16:30 16 ----a-w c:\windows\msocreg32.dat
2009-04-18 16:19 . 2009-04-18 16:19 -------- d-----w c:\program files\Common Files\DigiDesign
2009-04-18 16:18 . 2009-04-18 16:18 -------- d-----w c:\program files\IK Multimedia
2009-04-18 15:57 . 2009-04-18 15:57 -------- d-----w c:\documents and settings\All Users\Application Data\IK Multimedia
2009-04-18 13:57 . 2009-04-18 13:57 -------- d-----w c:\documents and settings\Margo\Local Settings\Application Data\F4
2009-04-18 13:52 . 2009-04-18 13:55 -------- d-----w c:\documents and settings\Margo\Application Data\F4
2009-04-18 13:52 . 2009-04-25 12:51 -------- d-----w c:\program files\Empire of Sports
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\documents and settings\Margo\IGC
2009-04-09 17:13 . 2009-04-09 17:13 -------- d-----w c:\program files\IGC
2009-04-09 16:23 . 2009-04-09 16:23 -------- d-----w c:\documents and settings\Margo\Application Data\AutoDWG
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\windows\system32\shxfont
2009-04-09 16:22 . 2009-04-09 16:22 -------- d-----w c:\program files\AutoDWG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-02 07:26 . 2008-10-31 14:23 6 ---ha-w c:\windows\Tasks\SA.DAT
2009-05-01 21:14 . 2009-03-25 18:04 868 ----a-w c:\windows\Tasks\Google Software Updater.job
2009-05-01 21:14 . 2009-02-27 18:08 880 ----a-w c:\windows\Tasks\GoogleUpdateTaskMachine.job
2009-05-01 15:31 . 2008-12-23 21:05 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-29 20:14 . 2008-11-02 18:16 2828 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-04-29 09:31 . 2008-11-27 20:12 -------- d-----w c:\program files\Planplus
2009-04-25 19:47 . 2009-01-16 17:34 16 ----a-w c:\windows\popcinfo.dat
2009-04-25 19:37 . 2008-12-10 16:37 139280 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-04-25 19:37 . 2008-12-10 16:37 202000 ----a-w c:\windows\system32\PnkBstrB.exe
2009-04-18 16:19 . 2008-11-28 17:23 -------- d-----w c:\program files\Vst
2009-04-18 16:19 . 2008-10-31 21:36 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-18 13:52 . 2009-02-20 07:02 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-04-18 13:52 . 2004-03-16 02:40 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-04-18 12:16 . 2009-03-23 20:04 -------- d-----w c:\program files\Audio Recorder Titanium
2009-04-10 08:24 . 2009-03-06 12:39 -------- d-----w c:\program files\Java
2009-03-30 00:30 . 2008-11-29 00:59 -------- d-----w c:\program files\TrackMania Nations ESWC
2009-03-24 20:36 . 2008-11-26 17:29 8 ----a-w c:\windows\system32\nvModes.dat
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\Yahoo!
2009-03-17 21:50 . 2009-01-01 11:01 -------- d-----w c:\program files\Common Files\ACD Systems
2009-03-17 21:50 . 2009-03-17 21:50 -------- d-----w c:\program files\ACD Systems
2009-03-09 03:19 . 2008-12-29 01:21 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 20:06 . 2009-03-06 20:06 -------- d-----w c:\program files\Pixarra
2009-03-05 14:34 . 2009-03-05 10:33 -------- d-----w c:\program files\Counter-Strike Source
2009-03-05 11:14 . 2008-10-31 22:03 -------- d-----w c:\program files\Opera
2009-03-03 19:32 . 2009-03-03 19:31 -------- d-----w c:\program files\Hamachi
2009-03-03 19:31 . 2008-11-01 20:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-02-06 18:03 . 2009-02-06 18:03 307576 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:52 . 2009-02-06 17:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-01 15:42 . 2009-02-01 15:43 29480 ----a-w c:\windows\system32\msxml3a.dll
2009-02-01 15:42 . 2003-03-18 19:14 505128 ----a-w c:\windows\system32\msvcp71.dll
2009-01-18 07:32 . 2009-01-18 07:32 56 --sh--r c:\windows\system32\5C16CB789B.sys
2008-12-27 23:06 . 2008-12-27 22:52 88 --sh--r c:\windows\system32\7DB7931597.sys
2009-01-18 07:32 . 2009-01-18 07:32 1890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

------- Sigcheck -------

[-] 2008-03-20 18:36 578560 F92D8964B5286DE225BD2B6BF89764BE c:\windows\system32\user32.dll

[-] 2008-04-28 09:25 920064 88348F8C92C28BA99FE49BD392100CE0 c:\windows\system32\wininet.dll

[-] 2008-04-28 09:24 547328 A55B8899D2EA2E800061BCFD456E34DC c:\windows\system32\winlogon.exe

[-] 2008-04-26 03:58 2185216 E184A0CF10CADD2B4F5AF0A31E8627D6 c:\windows\system32\ntkrnlpa.exe

[-] 2008-04-26 03:44 2306560 0F733106A818383806060ABC29FE0F3A c:\windows\system32\ntoskrnl.exe

[-] 2008-08-18 18:17 1616384 4A90F51B778FA0157F60D206E8B37D2A c:\windows\explorer.exe

[-] 2008-04-28 09:22 25088 B5E8782D4AF1B3756F38E11E7C157BBE c:\windows\system32\ctfmon.exe

[-] 2008-03-20 18:36 989696 9A8D604748D9FE73B66021E5782A4A3C c:\windows\system32\kernel32.dll

[-] 2008-04-26 03:58 1614848 BC298B78B311397B421D4D52B44B49EC c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-01_17.36.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-01 21:14 . 2009-05-01 21:14 16384 c:\windows\temp\Perflib_Perfdata_2c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"Creative MediaSource Go"="c:\program files\Creative\MediaSource\Go\CTCMSGo.exe" [2003-08-12 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-28 3504128]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-25 13680640]
"UVS12 Preload"="c:\program files\Corel\Corel VideoStudio 12\uvPL.exe" [2008-06-09 397456]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-25 86016]
"REGSHAVE"="c:\program files\REGSHAVE\REGSHAVE.EXE" [2002-02-04 53248]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2008-03-21 91432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 233472]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2005-07-23 176128]
"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-12-25 1657376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-28 25088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-26 123904]

c:\documents and settings\Margo\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-11-1 3450608]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKLM\~\startupfolder\C:^Documents and Settings^Margo^Start Menu^Programs^Startup^YzDock.lnk]
path=c:\documents and settings\Margo\Start Menu\Programs\Startup\YzDock.lnk
backup=c:\windows\pss\YzDock.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\English\\setup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"c:\\Program Files\\TmUnitedForever\\TmForever.exe"=
"c:\\Program Files\\Disney Interactive Studios\\Pure\\Pure.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Temp\\Igrice\\Sega rally\\segarally\\{app}\\SEGA Rally.exe"=
"d:\\Temp\\Igrice\\Fletout\\{app}\\FlatOut2.exe"=
"c:\\team17\\worms world party\\wwp.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Empire of Sports\\NetworkDiagnostic.exe"=
"c:\\Program Files\\Empire of Sports\\EmpireOfSports.exe"=
"c:\\Documents and Settings\\Margo\\Local Settings\\Application Data\\F4\\ClientUpdater\\ClientUpdater.exe"=

R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; [x]
R2 gupdate1c999066ea1c4de;Google Update Service (gupdate1c999066ea1c4de);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2008-04-28 25600]
R3 MOUSEWDFilter;MOUSEWDFilter;c:\windows\System32\Drivers\MOUSEWD.SYS [2006-07-17 6528]
S2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-08-18 468224]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2008-12-08 55136]
S2 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]

.
Contents of the 'Scheduled Tasks' folder

2009-05-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-01 18:04]

2009-05-01 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-27 18:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bancaintesabeograd.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\Messenger\msmsgs.exe
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\COMMON~1\Skype\SKYPE4~1.DLL
DPF: {62CF4D10-EBA7-45DA-ACA0-4B002E8B3A85} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiNetSetPlugIn.cab
DPF: {7136C6F0-DE59-4AD5-B4A3-CA8B779D035E} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiSetPinPlugin.cab
DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} - hxxps://online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
DPF: {A7C346A3-B076-46B3-97F0-D00F6B479451} - hxxps://online.bancaintesabeograd.com/RetailDLL/FSINT.dll
DPF: {DC01983E-2FD5-4200-9C3A-755E86413172} - hxxps://secure.bancaintesabeograd.com/Pages/Download/CABS/DigitrustApiPKCS11Plugin.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-02 09:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD5C859F-C0BF-913C-7636-F3BC908B9710}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"jajfeegflafbkmjgninp"=hex:62,61,6e,64,00,00
"jajfeegflafbkmjgnijp"=hex:62,61,6a,64,00,00
"iajochcmhndgheoeha"=hex:6b,61,6f,64,62,68,65,6e,62,63,66,61,6c,70,61,63,63,62,
6a,6a,64,67,00,00

[HKEY_USERS\S-1-5-21-2000478354-2111687655-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:a2,d1,c1,00,f2,3b,f7,50,48,37,81,6b,a6,97,c2,70,54,47,8b,4e,00,e3,d3,
84,08,82,d8,dd,37,ab,3b,ff,00,bd,1a,d0,eb,23,c1,25,e0,d4,df,a8,b8,e1,98,ac,\
"??"=hex:87,91,54,da,89,a3,11,01,38,6f,60,3d,4c,20,cd,b6

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,c8,93,ec,47,50,
a4,45,42,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,7a,c7,bb,2c,bf,
e1,c7,27,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,58,52,b6,ec,0f,
64,87,fd,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,66,9a,76,dc,2c,
3d,cb,29,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,da,53,e4,ea,49,
b5,a0,90,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:df,20,58,62,78,6b,cf,c8,a5,64,6c,fc,01,
56,41,9b,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,f8,96,1d,8a,7e,
93,46,de,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,81,fd,13,66,b2,
e4,52,ea,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,4e,bf,9c,31,ab,
6a,3c,76,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,07,e3,0f,f3,3d,
e3,84,e3,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,50,7f,18,0a,8b,
36,41,81,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,53,f3,31,18,cd,
35,45,3a,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1204)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(1260)
c:\windows\system32\setupapi.dll
.
Completion time: 2009-05-02 9:30
ComboFix-quarantined-files.txt 2009-05-02 07:30
ComboFix2.txt 2009-05-01 17:37
ComboFix3.txt 2008-12-25 09:50

Pre-Run: 13,004,480,512 bytes free
Post-Run: 13,047,529,472 bytes free

290

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kakvo je stanje ?

offline
  • Pridružio: 25 Apr 2008
  • Poruke: 27

Napisano: 02 Maj 2009 9:59

ekstra.Ne cuje se vise.Tacno kada ste mi rekli sta da uradim u tom trenutku je pocelo da se cuje i onda posle skeniranja i ciscenja vise se ne cuje.
Hvala

Dopuna: 02 Maj 2009 10:00

Ne pitah, da li je to zapravo moguce da je neko gledao po mojim folderima i da li je mogao da uzme neki fajl a da ja to ne primetim?Takodje me zanima i da li je on stvarno isao na net preko mog kompijutera i da li to moze da mi naskodi?

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

U svakom slucaju imao si malware-a, a sad kako se ispoljavaju problemi nisam googlao pa da ti kazem tacno.

Odradi jos ovo:

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

offline
  • Pridružio: 25 Apr 2008
  • Poruke: 27

ok.
gotovo.
hvala!

Ko je trenutno na forumu
 

Ukupno su 786 korisnika na forumu :: 28 registrovanih, 6 sakrivenih i 752 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, amaterSRB, bojank, Boris90, danilopu, Drug pukovnik, Georgius, goran.babic5, goxin, havoc995, helen1, HrcAk47, ibssa, janezek67, Konda, Marko Marković, miodrag, moldway, nebkv, rovac, sakota79, shadower78, sombrero, sovanova95, ssekir75, Tas011, Toni, vlvl