Veliki problem

1

Veliki problem

offline
  • Pridružio: 01 Maj 2008
  • Poruke: 9

Surfam netom bezze po forumima (domaćim) msn uključen kad odjednom kaspersky javlja trojani nekakvi,pali se spybot nekakve registri promjene i sj*ba mi se sistem evo vidite

i35.tinypic.com/2guinh1.jpg
i38.tinypic.com/30tt47d.jpg
i33.tinypic.com/z0k8x.jpg

nestao je start meni i desktop i skenirao sam sa spybotom i sada radi taskmanager i kada kliknem na start ima programi ali nema control panela



Stalno mi se palio cmd.exe kaspersky skenira našao je silu nekakvih trojan.win32.vapsup.izj i .izm

U task manageru sam vidio proces wscntfy.exe kada ga ugasim pojavi se deskto ali se proces opet pokrene.

Pišem sa rodjakovog kompa kod mene firefox i ie stalno blokiraju

Ima li rješenja sem reinstalacije sistema

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Poz...

http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

Isprati uputstvo za postavljanje HijackThis loga dato na gornjem linku.

offline
  • Pridružio: 01 Maj 2008
  • Poruke: 9

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:34, on 4.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\RunOnce: [SpybotDeletingA7261] command /c del "C:\WINDOWS\system32\ddcCvurR.dll"
O4 - HKLM\..\RunOnce: [SpybotDeletingC9732] cmd /c del "C:\WINDOWS\system32\ddcCvurR.dll"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: VisualTaskTips.lnk = C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.11\AMVConverter\grab.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Download with Xilisoft Download YouTube Video - C:\Program Files\Xilisoft\Download YouTube Video\upod_link.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.11\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\OFFICE~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Quick Login rs-mp3.com - {ECC5777A-6E88-BFCE-13CE-81F134789E7B} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) -
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{2449530F-6FEB-4E9A-8276-5E88391FDA2D}: NameServer = 80.71.144.1,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Unknown owner - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (file missing)
O23 - Service: ABBYY FineReader 9.0 Licensing Service (ABBYY.Licensing.FineReader.Professional.9.0) - ABBYY (BIT Software) - C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (file missing)
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
O23 - Service: Bandoo Coordinator - Unknown owner - C:\PROGRA~1\Bandoo\Bandoo.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Unknown owner - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Unknown owner - C:\WINDOWS\system32\IoctlSvc.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service: SolidNetWork License Manager - GLOBEtrotter Software Inc. - C:\Program Files\SolidNetWork License Manager\lmgrd.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing)

--
End of file - 11075 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Potrebno je privremeno isključiti TeaTimer i KAV.

Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.

- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.



-------------------------------------------------------------------------------------



* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------------------------------------------------



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 01 Maj 2008
  • Poruke: 9

ComboFix 08-10-03.05 - Korisnik 2008-10-04 12:21:11.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1540 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
grep: (standard input): Not enough space
grep: (standard input): Not enough space
grep: (standard input): Not enough space

/wow section - STAGE 47
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\UUSEE~1.LNK
C:\Documents and Settings\All Users\Start Menu\UUSEE~1.LNK
C:\Documents and Settings\Korisnik\Application Data\inst.exe
C:\Program Files\Adzgalore Games Collection
C:\Program Files\Adzgalore Games Collection\BattlesOfHelicopters.exe
C:\Program Files\Adzgalore Games Collection\BobAndBill.exe
C:\Program Files\Adzgalore Games Collection\CrazyBlocks.exe
C:\Program Files\Adzgalore Games Collection\Lines.exe
C:\Program Files\Adzgalore Games Collection\VideoPool.exe
C:\Program Files\uusee
C:\Program Files\uusee\AD\UUAD_Banner.html
C:\Program Files\uusee\AD\UUAD_Banner.swf
C:\Program Files\uusee\AD\UUAD_Buffering.html
C:\Program Files\uusee\AD\UUAD_Buffering.swf
C:\Program Files\uusee\AD\UUAD_TextLink_0.xml
C:\Program Files\uusee\AD\UUTV.xml
C:\Program Files\uusee\ARMP.ocx
C:\Program Files\uusee\in_psp.dll
C:\Program Files\uusee\MultiVMR9.dll
C:\Program Files\uusee\out_mmshttp.dll
C:\Program Files\uusee\patch_cmd.exe
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Button_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x1.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x2.bmp
C:\Program Files\uusee\skins\UUPlayer\Sidebar_Group_x3.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_Compact_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Toolbar_Button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play1.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Record_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Toolbar_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\u264Dec.ax
C:\Program Files\uusee\UFDeMux.ax
C:\Program Files\uusee\uninst.exe
C:\Program Files\uusee\updateC2.ocx
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer.exe
C:\Program Files\uusee\UUPlayer.ocx
C:\Program Files\uusee\UUPlayer.skn
C:\Program Files\uusee\UUPlayer_bak.exe
C:\Program Files\uusee\UURecorder.exe
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\uusee_video.dll
C:\Program Files\uusee\UUSEEAudioDec.ax
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUTV.xml
C:\Program Files\uusee\uutv_my.xml
C:\Program Files\uusee\vermini.ini
C:\Program Files\uusee\vermini_x.ini
C:\Program Files\uusee\vermini_x1.ini
C:\WINDOWS\dkwqgnbe.dll
C:\WINDOWS\emdg.exe
C:\WINDOWS\fkebanrw.exe
C:\WINDOWS\msnimport.exe
C:\WINDOWS\neksolda.dll
C:\WINDOWS\nkefbltdltv.dll
C:\WINDOWS\system32\ddcCvurR.dll
C:\WINDOWS\system32\fccbCusT.dll
C:\WINDOWS\system32\tmp87.tmp
C:\WINDOWS\system32\tmp88.tmp
C:\WINDOWS\system32\TsuCbccf.ini
C:\WINDOWS\system32\TsuCbccf.ini2

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-04 11:33 . 2008-10-04 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-01 21:03 . 2008-10-01 21:03 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Thunderbird
2008-09-30 11:41 . 2008-09-30 11:41 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-29 13:59 . 2008-09-29 13:59 <DIR> d-------- C:\Program Files\P2P_Energy
2008-09-29 13:59 . 2008-09-29 14:08 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\LimeWireTurbo
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Disney Interactive Studios
2008-09-27 00:19 . 2008-09-27 00:20 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-27 00:19 . 2008-09-28 11:22 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\IDM
2008-09-22 21:53 . 2008-08-20 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-09-22 21:50 . 2008-09-22 21:50 <DIR> d-------- C:\ATI
2008-09-22 21:48 . 2008-09-22 21:48 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-09-22 01:15 . 2008-09-22 01:15 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-22 01:13 . 2008-09-22 01:13 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\DAEMON Tools
2008-09-21 23:33 . 2008-09-22 22:11 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-21 12:12 . 2008-09-21 12:12 <DIR> d-------- C:\ProgramData
2008-09-21 10:57 . 2008-09-21 10:57 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-18 00:11 . 2008-09-18 00:11 <DIR> d-------- C:\Program Files\GordianKnot
2008-09-18 00:11 . 2008-09-18 00:11 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-09-16 14:48 . 2008-09-16 14:51 <DIR> d-------- C:\FIFA 09 Demo
2008-09-15 13:45 . 2008-09-15 13:45 <DIR> d-------- C:\Program Files\URUSoft
2008-09-15 13:44 . 2008-09-15 13:58 <DIR> d-------- C:\Program Files\PC Satellite TV
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\SET17.tmp
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-15 12:22 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-15 12:22 . 2008-04-14 00:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-15 12:17 . 2008-09-15 12:17 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2008-09-14 20:12 . 2008-09-29 14:10 <DIR> d-------- C:\My Downloads
2008-09-14 17:37 . 2008-09-14 17:37 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-14 17:37 . 2008-09-14 17:37 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe
2008-09-11 10:10 . 2008-09-12 12:44 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-09-05 20:58 . 2008-09-05 20:58 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\SPORE
2008-09-05 20:55 . 2008-09-21 21:38 2,126 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 10:31 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DMCache
2008-10-04 10:30 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 10:30 --------- d-----w C:\Program Files\SolidNetWork License Manager
2008-10-04 10:11 6,963,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-04 10:11 56,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-04 10:11 5,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-04 10:11 1,130,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-04 10:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-04 07:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 18:41 --------- d-----w C:\Program Files\Desktop Mechanic
2008-09-29 12:15 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-09-29 12:13 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\iMesh
2008-09-28 20:44 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\skypePM
2008-09-28 20:44 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Skype
2008-09-27 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:47 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Vidalia
2008-09-25 20:47 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\tor
2008-09-23 23:22 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-23 23:18 --------- d-----w C:\Program Files\MSN Messenger
2008-09-22 19:39 --------- d-----w C:\Program Files\ATI Technologies
2008-09-21 23:13 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-21 22:56 --------- d-----w C:\Program Files\Electronic Arts
2008-09-21 10:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 18:01 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Vso
2008-09-17 22:11 196,608 ----a-w C:\WINDOWS\system32\avisynth.dll
2008-09-09 18:53 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-09-02 23:12 --------- d-----w C:\Program Files\Microsoft Works
2008-08-31 15:35 --------- d-----w C:\Program Files\Xilisoft
2008-08-30 21:05 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DivX
2008-08-30 20:59 --------- d-----w C:\Program Files\DivX
2008-08-30 20:36 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-08-30 20:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 20:33 --------- d-----w C:\Program Files\Gabest
2008-08-30 20:31 --------- d-----w C:\Program Files\Xvid
2008-08-29 22:03 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dvdcss
2008-08-29 20:48 --------- d-----w C:\Program Files\EarthView
2008-08-29 20:48 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DeskSoft
2008-08-29 06:52 --------- d-----w C:\Program Files\SubDownloader2
2008-08-26 22:06 --------- d-----w C:\Program Files\KGB Archiver
2008-08-25 19:34 --------- d-----w C:\Program Files\Common Files\Scanner
2008-08-25 19:33 --------- d-----w C:\Program Files\CA
2008-08-23 15:25 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Touchstone
2008-08-23 15:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 15:16 --------- d-----w C:\Program Files\AGEIA Technologies
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-18 15:31 --------- d-----w C:\Program Files\DVDVideoSoft
2008-08-18 15:31 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-08-18 08:54 --------- d-----w C:\Program Files\Desktop Maestro
2008-08-18 08:44 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-17 21:10 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Maestro
2008-08-16 23:27 --------- d-----w C:\Program Files\Nexus Radio
2008-08-15 15:17 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-08-14 13:52 26,920 ----a-w C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-08-14 13:52 --------- d-----w C:\Program Files\BWMeter
2008-08-14 13:45 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\FileZilla
2008-08-13 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 21:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\PCToolsFirewallPlus
2008-08-12 21:29 --------- d-----w C:\Program Files\COMODO
2008-08-12 21:29 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Comodo
2008-08-12 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-10 13:11 --------- d-----w C:\Program Files\Kladionica
2008-08-06 19:01 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 19:00 --------- d-----w C:\Program Files\Agnitum
2008-08-06 14:17 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agnitum
2008-08-06 11:49 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 07:38 23,016 ----a-w C:\WINDOWS\system32\drivers\bc_tdi_f.sys
2008-08-06 07:08 --------- d-----w C:\Program Files\DVDFab 5
2008-08-06 06:58 --------- d-----w C:\Program Files\AutorunRemover
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-24 20:53 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
.

------- Sigcheck -------

2004-08-04 03:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\system32\winlogon.exe
2008-04-14 05:42 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-10-30 04:27 2059264 972df9bc435b2f077b02c5e8a09acf83 C:\WINDOWS\$hf_mig$\KB896256\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 10:38 2179072 e59f47dfbcb315760203a9ccf84acd5d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 04:05 2178560 98bc2dc6cfc30b7a3501bcf884fa5dc3 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 02:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2006-10-30 11:50 2015744 076d6532e995110709497a8c3ee53d15 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 00:01 2187264 19d240eb61b40de278162c1ee8411aeb C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01 2187264 19d240eb61b40de278162c1ee8411aeb C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 00:01 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 03:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-10-30 14:13 2182016 29664b5a66f187790006014f87adccdf C:\WINDOWS\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 11:08 2299392 9491b807c22cf10f80126fa2f7c913e3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 02:18 2311680 70b7388bddb9fa71b1e29a051ab78627 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 02:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2006-10-30 12:25 2136064 e8217a37c19b39ff04b635cce6a137f2 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 00:54 2308608 f17af8a19c7da15fba3ff2caec2eefe3 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:54 2308608 f17af8a19c7da15fba3ff2caec2eefe3 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 00:54 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 05:42 1551872 4ae23c4628bda0c0aef4ad36b30c54f5 C:\WINDOWS\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-09 15:36 1551360 9c232f23aabb1a362f4ecda2486c2c45 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56 1550336 b708561748cea933f50f4dd5c1951755 C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2005-04-07 11:33 1550336 9ab7214aa86f350043963a03f64a0b75 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1551872 4ae23c4628bda0c0aef4ad36b30c54f5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 03:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 25088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-27 2606512]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-11 1481968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"CaISSDT"="C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe" [2006-04-21 165416]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= pvmjpg21.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"SENTINEL"= snti386.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 C:\WINDOWS\system32\fccbCusT

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe"
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"Iusage"=C:\PROGRA~1\INTERN~3\netdet.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"Grid Service"="C:\Program Files\GridService\peer.exe" -n Grid
"hffsrv"=c:\windows\hffext\hffsrv.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Nexus Radio"=C:\Program Files\Nexus Radio\Nexus Radio.exe -0
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe"
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\PES2008\\PES2008.exe"=
"D:\\FlatOut-Ultimate Carnage\\FlatOut Ultimate Carnage\\Fouc.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"D:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-14 2915944]
R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2005-06-02 47662]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-25 566560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 28416]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S2 Bandoo Coordinator;Bandoo Coordinator;C:\PROGRA~1\Bandoo\Bandoo.exe [ ]
S2 SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files\SolidNetWork License Manager\lmgrd.exe [2001-03-13 487936]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [ ]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [ ]
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [ ]
S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [2007-08-13 2816]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-24 306432]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e2be74-ac99-11dc-86b1-001bfc7085db}]
\Shell\AutoOpen\command - G:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

BHO-{01492EF6-5972-420B-B8BD-7666E9AC1D7B} - C:\WINDOWS\system32\fccbCusT.dll
BHO-{1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\ddcCvurR.dll
BHO-{4C2C60DC-2DF7-4D7C-8F46-B97930F6C47E} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
ShellExecuteHooks-{1ED8C6DA-6421-4C89-A772-B757F96CA697} - C:\WINDOWS\system32\ddcCvurR.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\08slb0u9.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.ba/
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF -: plugin - C:\Program Files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-04 12:30:53
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\VisualTaskTips\VttHooks.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Windows Live\Messenger\Device Manager\msgrdvmn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-10-04 12:36:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-04 10:36:01

Pre-Run: 89.040.011.264 bytes free
Post-Run: 88,869,617,664 bytes free

593 --- E O F --- 2008-09-04 12:36:34

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Program Files\MessengerDiscovery

DirLook::
C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
C:\ProgramData

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22e2be74-ac99-11dc-86b1-001bfc7085db}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 01 Maj 2008
  • Poruke: 9

evo me grmilo pa gasio kompić

ComboFix 08-10-03.05 - Korisnik 2008-10-04 13:31:52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1471 [GMT 2:00]
Running from: C:\Documents and Settings\Korisnik\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Korisnik\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
grep: (standard input): Not enough space

/wow section - STAGE 47
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\MessengerDiscovery
C:\Program Files\MessengerDiscovery\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\AutoReply.mdl
C:\Program Files\MessengerDiscovery\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\Languages\Albanian.ini
C:\Program Files\MessengerDiscovery\Languages\Deutsch.ini
C:\Program Files\MessengerDiscovery\Languages\Dutch.ini
C:\Program Files\MessengerDiscovery\Languages\Eesti.ini
C:\Program Files\MessengerDiscovery\Languages\English.ini
C:\Program Files\MessengerDiscovery\Languages\Espańol (Latino).ini
C:\Program Files\MessengerDiscovery\Languages\Francais.ini
C:\Program Files\MessengerDiscovery\Languages\Italiano.ini
C:\Program Files\MessengerDiscovery\Languages\Norsk.ini
C:\Program Files\MessengerDiscovery\Languages\Portugues (Brasil).ini
C:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini
C:\Program Files\MessengerDiscovery\Languages\Turkish.ini
C:\Program Files\MessengerDiscovery\Loader.exe
C:\Program Files\MessengerDiscovery\mali.marko@live.com.nkh
C:\Program Files\MessengerDiscovery\mali.marko@live.com.psh
C:\Program Files\MessengerDiscovery\mali.marko@live.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest
C:\Program Files\MessengerDiscovery\MessengerDiscovery.dll
C:\Program Files\MessengerDiscovery\MessengerDiscoveryToday.exe
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com.nkh
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com.psh
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\AutoReply.mdl
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\metallac666@hotmail.com\NoAlert.mdl
C:\Program Files\MessengerDiscovery\NoAlert.mdl
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_0.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_1.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_2.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_3.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_4.png
C:\Program Files\MessengerDiscovery\Resources\SettingsMenu_5.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_0.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_1.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_2.png
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Left.ico
C:\Program Files\MessengerDiscovery\Resources\SettingsSubMenu_Right.ico
C:\Program Files\MessengerDiscovery\Sounds\Alert.wav
C:\Program Files\MessengerDiscovery\Sounds\Sounds Copyright.txt
C:\Program Files\MessengerDiscovery\SpellCHK.exe
C:\Program Files\MessengerDiscovery\unins000.dat
C:\Program Files\MessengerDiscovery\unins000.exe

.
((((((((((((((((((((((((( Files Created from 2008-09-04 to 2008-10-04 )))))))))))))))))))))))))))))))
.

2008-10-04 11:33 . 2008-10-04 11:33 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-01 21:03 . 2008-10-01 21:03 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Thunderbird
2008-09-30 11:41 . 2008-09-30 11:41 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-09-29 13:59 . 2008-09-29 13:59 <DIR> d-------- C:\Program Files\P2P_Energy
2008-09-29 13:59 . 2008-09-29 14:08 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\LimeWireTurbo
2008-09-27 12:07 . 2008-09-27 12:07 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\Disney Interactive Studios
2008-09-27 00:19 . 2008-09-27 00:20 <DIR> d-------- C:\Program Files\Internet Download Manager
2008-09-27 00:19 . 2008-09-28 11:22 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\IDM
2008-09-22 21:53 . 2008-08-20 21:05 593,920 --a------ C:\WINDOWS\system32\ati2sgag.exe
2008-09-22 21:50 . 2008-09-22 21:50 <DIR> d-------- C:\ATI
2008-09-22 21:48 . 2008-09-22 21:48 <DIR> d-------- C:\Program Files\Driver Cleaner Pro
2008-09-22 01:15 . 2008-09-22 01:15 <DIR> d-------- C:\Program Files\DAEMON Tools Lite
2008-09-22 01:13 . 2008-09-22 01:13 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\DAEMON Tools
2008-09-21 23:33 . 2008-09-22 22:11 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
2008-09-21 12:12 . 2008-09-21 12:12 <DIR> d-------- C:\ProgramData
2008-09-21 10:57 . 2008-09-21 10:57 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-18 00:11 . 2008-09-18 00:11 <DIR> d-------- C:\Program Files\GordianKnot
2008-09-18 00:11 . 2008-09-18 00:11 33,280 --a------ C:\WINDOWS\system32\HUFFYUV.DLL
2008-09-16 14:48 . 2008-09-16 14:51 <DIR> d-------- C:\FIFA 09 Demo
2008-09-15 13:45 . 2008-09-15 13:45 <DIR> d-------- C:\Program Files\URUSoft
2008-09-15 13:44 . 2008-09-15 13:58 <DIR> d-------- C:\Program Files\PC Satellite TV
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\SET17.tmp
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-09-15 12:23 . 2008-04-14 05:41 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-09-15 12:22 . 2008-04-14 00:15 60,032 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-09-15 12:22 . 2008-04-14 00:15 60,032 --a--c--- C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-09-15 12:17 . 2008-09-15 12:17 <DIR> d-------- C:\Program Files\Microsoft LifeChat
2008-09-14 20:12 . 2008-09-29 14:10 <DIR> d-------- C:\My Downloads
2008-09-14 17:37 . 2008-09-14 17:37 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-14 17:37 . 2008-09-14 17:37 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe
2008-09-11 10:10 . 2008-09-12 12:44 206,256 --a------ C:\WINDOWS\system32\idmmbc.dll
2008-09-05 20:58 . 2008-09-05 20:58 <DIR> d-------- C:\Documents and Settings\Korisnik\Application Data\SPORE
2008-09-05 20:55 . 2008-09-21 21:38 2,126 --a------ C:\WINDOWS\system32\ealregsnapshot1.reg

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-04 11:34 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DMCache
2008-10-04 11:23 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-04 11:23 --------- d-----w C:\Program Files\SolidNetWork License Manager
2008-10-04 11:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-04 10:54 6,963,744 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-04 10:54 56,532 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-04 10:54 5,992 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-04 10:54 1,130,528 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-04 07:50 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-10-02 18:41 --------- d-----w C:\Program Files\Desktop Mechanic
2008-09-29 12:15 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\LimeWire
2008-09-29 12:13 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\iMesh
2008-09-28 20:44 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\skypePM
2008-09-28 20:44 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Skype
2008-09-27 09:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-25 20:47 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Vidalia
2008-09-25 20:47 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\tor
2008-09-23 23:18 --------- d-----w C:\Program Files\MSN Messenger
2008-09-22 19:39 --------- d-----w C:\Program Files\ATI Technologies
2008-09-21 23:13 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-21 22:56 --------- d-----w C:\Program Files\Electronic Arts
2008-09-21 10:40 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-09-21 09:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-18 18:01 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Vso
2008-09-17 22:11 196,608 ----a-w C:\WINDOWS\system32\avisynth.dll
2008-09-09 18:53 --------- d-----w C:\Program Files\Counter-Strike 1.6
2008-09-02 23:12 --------- d-----w C:\Program Files\Microsoft Works
2008-08-31 15:35 --------- d-----w C:\Program Files\Xilisoft
2008-08-30 21:05 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DivX
2008-08-30 20:59 --------- d-----w C:\Program Files\DivX
2008-08-30 20:36 43,698 ----a-w C:\WINDOWS\system32\xvid-uninstall.exe
2008-08-30 20:35 --------- d-----w C:\Program Files\AviSynth 2.5
2008-08-30 20:33 --------- d-----w C:\Program Files\Gabest
2008-08-30 20:31 --------- d-----w C:\Program Files\Xvid
2008-08-29 22:03 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\dvdcss
2008-08-29 20:48 --------- d-----w C:\Program Files\EarthView
2008-08-29 20:48 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\DeskSoft
2008-08-29 06:52 --------- d-----w C:\Program Files\SubDownloader2
2008-08-26 22:06 --------- d-----w C:\Program Files\KGB Archiver
2008-08-23 15:25 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Touchstone
2008-08-23 15:16 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-23 15:16 --------- d-----w C:\Program Files\AGEIA Technologies
2008-08-21 04:52 3,299,840 ----a-w C:\WINDOWS\system32\drivers\ati2mtag.sys
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
2008-08-21 01:17 53,248 ----a-w C:\WINDOWS\system32\drivers\ati2erec.dll
2008-08-21 01:17 253,952 ----a-w C:\WINDOWS\system32\atiok3x2.dll
2008-08-21 01:11 561,152 ----a-w C:\WINDOWS\system32\ati2cqag.dll
2008-08-18 15:31 --------- d-----w C:\Program Files\DVDVideoSoft
2008-08-18 15:31 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-08-18 08:54 --------- d-----w C:\Program Files\Desktop Maestro
2008-08-18 08:44 25,992 ----a-w C:\WINDOWS\system32\pgdfgsvc.exe
2008-08-17 21:10 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Desktop Maestro
2008-08-16 23:27 --------- d-----w C:\Program Files\Nexus Radio
2008-08-15 15:17 --------- d-----w C:\Program Files\Diskeeper Corporation
2008-08-14 13:52 26,920 ----a-w C:\WINDOWS\system32\drivers\dsnpfd.sys
2008-08-14 13:52 --------- d-----w C:\Program Files\BWMeter
2008-08-14 13:45 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\FileZilla
2008-08-13 23:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 21:54 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\PCToolsFirewallPlus
2008-08-12 21:29 --------- d-----w C:\Program Files\COMODO
2008-08-12 21:29 --------- d-----w C:\Documents and Settings\Korisnik\Application Data\Comodo
2008-08-12 20:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\comodo
2008-08-10 13:11 --------- d-----w C:\Program Files\Kladionica
2008-08-06 19:01 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-06 19:00 --------- d-----w C:\Program Files\Agnitum
2008-08-06 14:17 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-06 12:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Agnitum
2008-08-06 11:49 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-06 11:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-06 07:38 23,016 ----a-w C:\WINDOWS\system32\drivers\bc_tdi_f.sys
2008-08-06 07:08 --------- d-----w C:\Program Files\DVDFab 5
2008-08-06 06:58 --------- d-----w C:\Program Files\AutorunRemover
2008-08-05 21:14 90,112 ----a-w C:\WINDOWS\system32\ATIBRTMON.EXE
2008-07-31 08:41 68,616 ----a-w C:\WINDOWS\system32\XAPOFX1_1.dll
2008-07-31 08:41 238,088 ----a-w C:\WINDOWS\system32\xactengine3_2.dll
2008-07-31 08:40 509,448 ----a-w C:\WINDOWS\system32\XAudio2_2.dll
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-24 20:53 65,536 ----a-w C:\WINDOWS\IFinst27.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-19 11:01 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-07-12 06:18 467,984 ----a-w C:\WINDOWS\system32\d3dx10_39.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6} ----

2008-08-20 16:24 598164 -----c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\mia.lib
2008-08-20 16:24 2925576 -----c--- C:\Documents and Settings\All Users\Application Data\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}\setup.exe

---- Directory of C:\ProgramData ----

2008-09-22 02:24 3186 --a------ C:\ProgramData\Electronic Arts\EADM\cache\Prefs.ead
2008-09-22 02:24 14915 --a------ C:\ProgramData\Electronic Arts\EADM\cache\logs\Core.html
2008-09-21 18:49 86 --a------ C:\ProgramData\Electronic Arts\EADM\cache\{ Anonymous }\OffLineContents.xml
2008-03-20 12:55 57382 -ra------ C:\ProgramData\Electronic Arts\EADM\cache\logs\LogReader.html


------- Sigcheck -------

2004-08-04 03:56 541696 55aca85eb80e2155e20211aaaddd711a C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
2008-04-14 05:42 547328 a55b8899d2ea2e800061bcfd456e34dc C:\WINDOWS\system32\winlogon.exe
2008-04-14 05:42 507904 ed0ef0a136dec83df69f04118870003e C:\WINDOWS\VistaMizer\old\winlogon.exe

2005-03-01 17:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-10-30 04:27 2059264 972df9bc435b2f077b02c5e8a09acf83 C:\WINDOWS\$hf_mig$\KB896256\SP2QFE\ntkrnlpa.exe
2007-02-28 02:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 10:38 2179072 e59f47dfbcb315760203a9ccf84acd5d C:\WINDOWS\$NtServicePackUninstall$\ntkrnlpa.exe
2004-08-04 04:05 2178560 98bc2dc6cfc30b7a3501bcf884fa5dc3 C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
2005-03-02 02:34 2015232 3cd941e472ddf3534e53038535719771 C:\WINDOWS\$NtUninstallKB896256$\ntkrnlpa.exe
2006-10-30 11:50 2015744 076d6532e995110709497a8c3ee53d15 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2008-04-14 00:01 2187264 19d240eb61b40de278162c1ee8411aeb C:\WINDOWS\ServicePackFiles\i386\ntkrnlpa.exe
2008-04-14 00:01 2187264 19d240eb61b40de278162c1ee8411aeb C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 00:01 2023936 7f653a89f6e89e3ae0d49830eece35d4 C:\WINDOWS\VistaMizer\old\ntkrnlpa.exe

2005-03-02 03:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-10-30 14:13 2182016 29664b5a66f187790006014f87adccdf C:\WINDOWS\$hf_mig$\KB896256\SP2QFE\ntoskrnl.exe
2007-02-28 11:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 11:08 2299392 9491b807c22cf10f80126fa2f7c913e3 C:\WINDOWS\$NtServicePackUninstall$\ntoskrnl.exe
2004-08-04 02:18 2311680 70b7388bddb9fa71b1e29a051ab78627 C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
2005-03-02 02:57 2135552 48b3e89af7074cee0314a3e0c7faffdb C:\WINDOWS\$NtUninstallKB896256$\ntoskrnl.exe
2006-10-30 12:25 2136064 e8217a37c19b39ff04b635cce6a137f2 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2008-04-14 00:54 2308608 f17af8a19c7da15fba3ff2caec2eefe3 C:\WINDOWS\ServicePackFiles\i386\ntoskrnl.exe
2008-04-14 00:54 2308608 f17af8a19c7da15fba3ff2caec2eefe3 C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 00:54 2145280 40f8880122a030a7e9e1fedea833b33d C:\WINDOWS\VistaMizer\old\ntoskrnl.exe

2008-04-14 05:42 1551872 4ae23c4628bda0c0aef4ad36b30c54f5 C:\WINDOWS\explorer.exe
2007-06-13 13:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2008-04-09 15:36 1551360 9c232f23aabb1a362f4ecda2486c2c45 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
2004-08-04 03:56 1550336 b708561748cea933f50f4dd5c1951755 C:\WINDOWS\$NtUninstallKB884883$\explorer.exe
2005-04-07 11:33 1550336 9ab7214aa86f350043963a03f64a0b75 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2008-04-14 05:42 1551872 4ae23c4628bda0c0aef4ad36b30c54f5 C:\WINDOWS\ServicePackFiles\i386\explorer.exe
2008-04-14 05:42 1033728 12896823fb95bfb3dc9b46bcaedc9923 C:\WINDOWS\VistaMizer\old\explorer.exe

2004-08-04 03:56 25088 5f1724d0e11eb88c95a3b73a6dd72779 C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 05:42 25088 b5e8782d4af1b3756f38e11e7c157bbe C:\WINDOWS\system32\ctfmon.exe
2008-04-14 05:42 15360 5f1d5f88303d4a4dbc8e5f97ba967cc3 C:\WINDOWS\VistaMizer\old\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}]
2008-04-03 10:40 1523736 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-04-03 1523736]

[HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 25088]
"IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-09-27 2606512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\point32.exe" [2005-06-10 217088]
"LifeChat"="C:\Program Files\Microsoft LifeChat\LifeChat.exe" [2008-08-21 267296]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2008-04-25 201992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2008-06-23 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
VisualTaskTips.lnk - C:\Program Files\VisualTaskTips\VisualTaskTips.exe [2006-07-31 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 12:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.MJPG"= pvmjpg21.dll
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"SENTINEL"= snti386.dll
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FDCENT.SYS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HideFilesAndFolders_S]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
"Steam"="C:\Program Files\Steam\Steam.exe" -silent
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe /onboot
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
"AdobeUpdater"=C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"Vidalia"="C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe"
"WeatherWatcher"="C:\Program Files\Weather Watcher\ww.exe"
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
"EA Core"=C:\Program Files\Electronic Arts\EADM\Core.exe -silent
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"RTHDCPL"=RTHDCPL.EXE
"Alcmtr"=ALCMTR.EXE
"SkyTel"=SkyTel.EXE
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
"UVS10 Preload"=C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe
"Iusage"=C:\PROGRA~1\INTERN~3\netdet.exe
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"NeroFilterCheck"=C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
"Grid Service"="C:\Program Files\GridService\peer.exe" -n Grid
"hffsrv"=c:\windows\hffext\hffsrv.exe
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"Nexus Radio"=C:\Program Files\Nexus Radio\Nexus Radio.exe -0
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe"
"eTrustPPAP"="C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\PES2008\\PES2008.exe"=
"D:\\FlatOut-Ultimate Carnage\\FlatOut Ultimate Carnage\\Fouc.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Anti-Virus 2009\\english\\setup.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"D:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\xrEngine.exe"=
"D:\\S.T.A.L.K.E.R. - Clear Sky\\bin\\dedicated\\xrEngine.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"C:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Java\\jre1.6.0_07\\bin\\javaw.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-14 2915944]
R1 FDCENT;FDCENT;C:\WINDOWS\system32\drivers\FDCENT.SYS [2005-06-02 47662]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 Licensing Service;C:\Program Files\ABBYY FineReader 9.0\NetworkLicenseServer.exe [2007-09-25 566560]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R3 AtcL002;NDIS Miniport Driver for Attansic L2 Fast Ethernet Controller;C:\WINDOWS\system32\DRIVERS\atl02_xp.sys [2006-10-31 28416]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S2 Bandoo Coordinator;Bandoo Coordinator;C:\PROGRA~1\Bandoo\Bandoo.exe [ ]
S2 SolidNetWork License Manager;SolidNetWork License Manager;C:\Program Files\SolidNetWork License Manager\lmgrd.exe [2001-03-13 487936]
S3 ATE_PROCMON;ATE_PROCMON;C:\Program Files\Anti Trojan Elite\ATEPMon.sys [ ]
S3 Bcfilter;Jetico Personal Firewall Network Monitor;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [ ]
S3 BcfilterMP;BcfilterMP;C:\WINDOWS\system32\DRIVERS\bcfilter.sys [ ]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [ ]
S3 mpr_freader;MPR FileReader Driver;C:\Program Files\Multi Password Recovery\mpr_freader.sys [2007-08-13 2816]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-24 306432]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-04 13:34:15
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-10-04 13:35:41
ComboFix-quarantined-files.txt 2008-10-04 11:35:20
ComboFix2.txt 2008-10-04 10:36:06

Pre-Run: 93.036.191.744 bytes free
Post-Run: 93,014,822,912 bytes free

413 --- E O F --- 2008-09-04 12:36:34

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Kakvo je sada stanje?

offline
  • Pridružio: 01 Maj 2008
  • Poruke: 9

dr_Bora ::Kakvo je sada stanje?

Sve je ok HVALA ti puno.

Nego mi još nije jasno od kud se pojavio bio sam na jednom sportskom blogu i odjednom.Imam kaspersky antivirus nemam firewall isprobavao sam ih mnogo nikako se nisam mogao odlučiti.
Samo mi sada nema (dole kod sata) one ikone za konekciju (2 monitora) ja bih tu gledao koliko je mb otišlo pošto nemam flat

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Teško je sa sigurnošću reći kako je došlo do infekcije.

metallac ::Samo mi sada nema (dole kod sata) one ikone za konekciju (2 monitora) ja bih tu gledao koliko je mb otišlo pošto nemam flat

Control Panel > Network Connections > desni klik na tvoju konekciju i Properties: čekiraj Show icon in notification area when connected.



Uradi i sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.

Ko je trenutno na forumu
 

Ukupno su 1005 korisnika na forumu :: 70 registrovanih, 10 sakrivenih i 925 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, 357magnum, _Rade, A.R.Chafee.Jr., Acaks88, Alibaba1981, alzir86, amstel, babaroga, bbelic, Boris90, BORUTUS, burevesnik, cavatina, cikadeda, darkangel, ddjxxi, DejanSt, Denaya, doklevise, ekozelj, Georgius, Gibli, Jovan Nenad, Klecaviks, kokodakalo, Kotorac82, Lazarus, Leonardo, m0nstrum_, maiden6657, mačković, mgolub, mikki jons, MilosKop, Miskohd, Mixelotti, mustangkg, Nadla, naki011, nemkea71, Niske, Nobunaga, novator, pein, pvoman, rajkoplje, raptorsi, RobinHood12, Rocker, S2M, sakota79, Shinobi, slonic_tonic, Smiljke, Snorks, sovanova95, ssekir75, stankolich, Steeeefan, tmanda323, torlak 1, trundle, upitnik, Van, vathra, Vatrogasaccc, VladaNS1978, wolf431, Wrangler