Virusi nova za Helen1 ili Dr Boru

1

Virusi nova za Helen1 ili Dr Boru

offline
  • Pridružio: 29 Jan 2009
  • Poruke: 19

Napisano: 26 Apr 2009 18:31

ComboFix 09-04-25.01 - Obrad Cvijovic 26.04.2009 18:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.767.406 [GMT 2:00]
Running from: c:\documents and settings\Obrad Cvijovic\Desktop\Dr Bora Pack\ComboFix.exe
AV: Norton AntiVirus *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\jestertb.dll

.
((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-25 00:32 . 2009-04-25 00:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Program Files
2009-04-24 23:20 . 2009-04-24 23:20 -------- d-----w c:\windows\system32\Adobe
2009-04-24 21:02 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-24 21:01 . 2009-04-24 21:01 -------- d-----w c:\documents and settings\Administrator
2009-04-24 20:12 . 2009-04-24 20:16 -------- d-----w c:\program files\VS Revo Group
2009-04-16 23:34 . 2009-04-16 23:34 -------- d-sh--r C:\Win
2009-04-15 20:40 . 2009-04-15 20:40 -------- d-----r c:\program files\Norton Support
2009-04-15 11:02 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:02 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:02 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 11:02 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:02 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 07:25 . 2009-04-26 12:03 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-16 17:21 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-12 23:45 -------- d-----w c:\program files\FireTrust
2009-04-10 19:21 . 2009-04-10 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\GARMIN
2009-04-09 21:49 . 2009-04-09 21:49 -------- d-----w c:\documents and settings\Branka Cvijovic\Application Data\GARMIN
2009-04-09 15:16 . 2008-04-13 17:45 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 15:16 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-06 07:41 . 2009-04-06 07:48 -------- d-----w c:\program files\Unlocker
2009-04-06 07:26 . 2009-04-06 07:26 -------- d-sh--w c:\windows\ftpcache
2009-04-06 07:22 . 2009-04-06 07:22 -------- d-----w c:\windows\CreationCentre 2007
2009-04-06 06:27 . 2009-04-06 06:27 15 ----a-w c:\windows\system32\dcsd.ini
2009-04-06 06:24 . 2009-04-06 06:32 -------- d-----w C:\Magacioner
2009-04-04 12:03 . 2009-04-04 12:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 SDK
2009-04-04 11:47 . 2009-04-04 11:47 -------- d-----w c:\program files\Pocket Tanks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 16:21 . 2009-03-09 11:03 -------- d-----w c:\program files\FlashGet
2009-04-26 16:21 . 2009-03-09 10:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DNA
2009-04-26 16:01 . 2009-03-09 10:29 -------- d-----w c:\program files\DNA
2009-04-25 14:34 . 2009-03-11 10:23 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-04-25 14:26 . 2009-03-18 13:12 -------- d-----w c:\program files\Warcraft III
2009-04-24 22:44 . 2009-03-11 10:18 -------- d-----w c:\program files\Virtual Piano
2009-04-24 21:06 . 2009-03-17 16:41 -------- d-----w c:\program files\KONAMI
2009-04-16 21:33 . 2009-03-10 20:45 89560 ----a-w c:\documents and settings\Djordje Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 19:21 . 2009-03-09 11:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\GARMIN
2009-04-09 19:37 . 2009-03-10 21:03 89560 ----a-w c:\documents and settings\Branka Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 16:56 . 2009-03-10 22:08 89560 ----a-w c:\documents and settings\Miso Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:50 . 2009-03-09 10:27 89560 ----a-w c:\documents and settings\Obrad Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 17:16 . 2009-03-18 13:31 -------- d-----w c:\program files\Java
2009-03-24 19:14 . 2009-03-24 19:08 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\BitTorrent
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\ReflexiveArcade
2009-03-24 18:52 . 2009-03-24 18:38 -------- d-----w c:\program files\AXIS Communications
2009-03-22 14:31 . 2009-03-09 10:36 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-22 13:55 . 2009-03-11 00:26 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DivX
2009-03-22 11:56 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Nokia
2009-03-22 11:52 . 2009-03-11 11:08 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-21 08:14 . 2009-03-21 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 -------- d-----w c:\program files\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-20 20:21 . 2009-03-09 01:32 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 20:21 . 2009-03-09 01:32 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-20 20:21 . 2009-03-09 01:32 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-18 20:07 . 2009-03-18 20:07 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Media Player Classic
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\program files\Learn2.com
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Learn2.com
2009-03-18 20:01 . 2009-03-18 20:00 -------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-18 19:59 . 2009-03-09 01:32 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-18 19:52 . 2009-03-18 19:52 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-18 19:47 . 2009-03-10 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 14:24 . 2009-03-18 14:24 -------- d-----w c:\program files\Xvid
2009-03-18 14:09 . 2009-03-11 11:38 -------- d-----w c:\program files\Igre
2009-03-18 14:05 . 2009-03-18 13:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\LimeWire
2009-03-18 13:48 . 2009-03-18 13:16 77298 ----a-w c:\windows\War3Unin.dat
2009-03-18 13:32 . 2009-03-18 13:16 2829 ----a-w c:\windows\War3Unin.pif
2009-03-18 13:32 . 2009-03-18 13:16 139264 ----a-w c:\windows\War3Unin.exe
2009-03-18 13:32 . 2009-03-18 13:29 -------- d-----w c:\program files\LimeWire
2009-03-18 13:20 . 2009-03-18 13:20 -------- d-----w c:\program files\Gabest
2009-03-16 15:06 . 2009-03-09 10:37 -------- d-----w c:\program files\Magic Video Converter
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\TechSmith
2009-03-12 11:58 . 2009-03-12 11:58 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 11:50 . 2009-03-12 11:50 -------- d-----w c:\program files\IrfanView
2009-03-12 11:35 . 2009-03-12 11:35 -------- d-----w c:\program files\Intracom S.A
2009-03-12 11:15 . 2009-03-09 10:42 -------- d-----w c:\program files\Corel
2009-03-12 11:12 . 2009-03-10 16:40 6578 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-12 00:36 . 2009-03-12 00:36 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sports Interactive
2009-03-12 00:31 . 2009-03-12 00:31 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-12 00:29 . 2009-03-12 00:27 -------- d--h--w c:\program files\Zero G Registry
2009-03-11 21:12 . 2009-03-09 00:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 21:10 . 2009-03-11 21:10 -------- d-----w c:\program files\Sonic
2009-03-11 21:03 . 2009-03-11 21:03 -------- d-----w c:\program files\Sony
2009-03-11 21:02 . 2009-03-11 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\MSBuild
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\Reference Assemblies
2009-03-11 19:52 . 2009-03-11 19:52 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\AdobeUM
2009-03-11 19:45 . 2009-03-11 19:45 -------- d-----w c:\documents and settings\All Users\Application Data\Cadsoft
2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\program files\Common Files\Cadsoft
2009-03-11 19:43 . 2009-03-11 19:43 -------- d-----w c:\program files\3D Home Architect
2009-03-11 19:07 . 2009-03-11 19:07 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 18:16 . 2009-03-11 18:16 -------- d-----w c:\program files\Readiris
2009-03-11 18:16 . 2009-03-11 18:07 -------- d-----w c:\program files\Samsung
2009-03-11 11:42 . 2009-03-11 11:42 -------- d-----w c:\program files\CartmansAuthoritah
2009-03-11 11:07 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\Nokia
2009-03-11 11:06 . 2009-03-11 10:48 -------- d-----w c:\program files\Nokia
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\DIFX
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-11 11:04 . 2009-03-11 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-11 10:28 . 2009-03-11 10:28 -------- d-----w c:\program files\Real Alternative
2009-03-11 10:22 . 2009-03-11 10:20 -------- d-----w c:\program files\YVD
2009-03-11 10:16 . 2009-03-11 10:16 -------- d-----w c:\program files\uTIPu
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\program files\Youdagames
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Youdagames
2009-03-11 10:11 . 2009-03-11 10:11 -------- d-----w c:\program files\PassportPhoto
2009-03-11 10:06 . 2009-03-10 20:11 -------- d-----w c:\program files\Cleaner 5 EZ
2009-03-11 10:05 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-11 10:03 . 2009-03-11 09:49 -------- d-----w c:\program files\DivX
2009-03-11 09:55 . 2009-03-11 09:54 -------- d-----w c:\program files\QuickTime
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\program files\Apple Software Update
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-11 09:44 . 2009-03-11 09:42 -------- d-----w c:\program files\Valve
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Windows Search
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\SystemRequirementsLab
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sony Corporation
2009-03-11 00:28 . 2009-03-10 17:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\skypePM
2009-03-11 00:28 . 2009-03-10 17:06 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Skype
2009-03-11 00:28 . 2009-03-11 00:28 -------- d--h--r c:\documents and settings\Obrad Cvijovic\Application Data\SecuROM
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\PC Suite
2009-03-11 00:28 . 2009-03-10 19:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MyPhoneExplorer
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MegauploadToolbar
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Media Player Classic
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Malwarebytes
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Learn2.com
.

((((((((((((((((((((((((((((( SnapShot@2009-04-24_19.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 10:57 . 2009-04-26 10:57 16384 c:\windows\Temp\Perflib_Perfdata_7ec.dat
+ 2009-04-26 11:29 . 2009-04-26 11:29 16384 c:\windows\Temp\Perflib_Perfdata_7d4.dat
+ 2009-04-24 23:20 . 2009-04-24 23:20 78482 c:\windows\system32\Adobe\uninstaller.exe
+ 2009-03-19 15:15 . 2009-03-19 15:15 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-03-19 15:43 . 2009-03-19 15:43 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-03-19 15:43 . 2009-03-19 15:43 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-03-19 15:55 . 2009-03-19 15:55 460216 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe
+ 2009-03-19 15:46 . 2009-03-19 15:46 442368 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-03-19 15:44 . 2009-03-19 15:44 376832 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 704000 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-03-19 15:55 . 2009-03-19 15:55 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-03-19 15:20 . 2009-03-19 15:20 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-03-19 15:24 . 2009-03-19 15:24 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-22 342848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"run32"="c:\win\lsass.exe" [2001-12-31 551669]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-9 839680]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-9 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Pocket Tanks\\pockettanks.exe"=

R2 .norton2009Reset;Norton 2009 Reset;c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe [2009-03-10 280833]
R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2002-09-25 99904]
R3 netModUSBlfService;netMod USB Lower Filter Service;c:\windows\system32\drivers\nMUSBlf.sys [2004-01-20 20716]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2006-10-02 59260]
R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-20 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-02-06 276344]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936]


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed2cda8e-0e7f-11de-ab99-4d6564696130}]
\shell\open\command - %SystemRoot%\Explorer.exe /idlist,%I,%L
.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
IE: &Preuzmi sa FlashGet-om - c:\program files\FlashGet\jc_link.htm
IE: &Preuzmi sve sa FlashGet-om - c:\program files\FlashGet\jc_all.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
FF - ProfilePath - c:\documents and settings\Obrad Cvijovic\Application Data\Mozilla\Firefox\Profiles\f9yh552d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-26 18:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
Completion time: 2009-04-26 18:25
ComboFix-quarantined-files.txt 2009-04-26 16:25

Pre-Run: 82.496.999.424 bytes free
Post-Run: 82.627.264.512 bytes free

285 --- E O F --- 2009-04-24 19:42

Dopuna: 26 Apr 2009 18:32

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:15:33, on 26.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\WINDOWS\nMtsk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Win\lsass.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [run32] C:\Win\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Preuzmi sa FlashGet-om - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Preuzmi sve sa FlashGet-om - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Norton 2009 Reset (.norton2009Reset) - Unknown owner - C:\Documents and Settings\All Users\Application Data\Norton\Norton2009Reset.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8872 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ugasi antivirus.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\win\lsass.exe
c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe

Driver::
.norton2009Reset

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"run32"=-
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed2cda8e-0e7f-11de-ab99-4d6564696130}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 29 Jan 2009
  • Poruke: 19

ComboFix 09-04-25.01 - Obrad Cvijovic 26.04.2009 18:56.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.767.277 [GMT 2:00]
Running from: c:\documents and settings\Obrad Cvijovic\Desktop\Dr Bora Pack\ComboFix.exe
Command switches used :: c:\documents and settings\Obrad Cvijovic\Desktop\Dr Bora Pack\CFScript.txt
AV: Norton AntiVirus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe
c:\win\lsass.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Norton\Norton2009Reset.exe
c:\win\lsass.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.norton2009Reset


((((((((((((((((((((((((( Files Created from 2009-05-26 to 2009-4-26 )))))))))))))))))))))))))))))))
.

2009-04-25 00:32 . 2009-04-25 00:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Program Files
2009-04-24 23:20 . 2009-04-24 23:20 -------- d-----w c:\windows\system32\Adobe
2009-04-24 21:02 . 2008-04-14 00:12 221184 ----a-w c:\windows\system32\wmpns.dll
2009-04-24 21:01 . 2009-04-24 21:01 -------- d-----w c:\documents and settings\Administrator
2009-04-24 20:12 . 2009-04-24 20:16 -------- d-----w c:\program files\VS Revo Group
2009-04-16 23:34 . 2009-04-26 16:56 -------- d-sh--r C:\Win
2009-04-15 20:40 . 2009-04-15 20:40 -------- d-----r c:\program files\Norton Support
2009-04-15 11:02 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:02 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:02 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 11:02 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:02 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:02 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:02 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 11:02 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 11:02 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 10:55 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 10:55 . 2009-03-27 06:58 1203922 -c----w c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 10:55 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 07:25 . 2009-04-26 16:37 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-16 17:21 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\MailWasherFree
2009-04-12 23:45 . 2009-04-12 23:45 -------- d-----w c:\program files\FireTrust
2009-04-10 19:21 . 2009-04-10 19:21 -------- d-----w c:\documents and settings\All Users\Application Data\GARMIN
2009-04-09 21:49 . 2009-04-09 21:49 -------- d-----w c:\documents and settings\Branka Cvijovic\Application Data\GARMIN
2009-04-09 15:16 . 2008-04-13 17:45 32128 -c--a-w c:\windows\system32\dllcache\usbccgp.sys
2009-04-09 15:16 . 2008-04-13 17:45 32128 ----a-w c:\windows\system32\drivers\usbccgp.sys
2009-04-06 07:41 . 2009-04-06 07:48 -------- d-----w c:\program files\Unlocker
2009-04-06 07:26 . 2009-04-06 07:26 -------- d-sh--w c:\windows\ftpcache
2009-04-06 07:22 . 2009-04-06 07:22 -------- d-----w c:\windows\CreationCentre 2007
2009-04-06 06:27 . 2009-04-06 06:27 15 ----a-w c:\windows\system32\dcsd.ini
2009-04-06 06:24 . 2009-04-06 06:32 -------- d-----w C:\Magacioner
2009-04-04 12:03 . 2009-04-04 12:03 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2 SDK
2009-04-04 11:47 . 2009-04-04 11:47 -------- d-----w c:\program files\Pocket Tanks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-26 17:02 . 2009-03-09 10:29 -------- d-----w c:\program files\DNA
2009-04-26 17:02 . 2009-03-09 10:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DNA
2009-04-26 16:59 . 2009-03-09 11:03 -------- d-----w c:\program files\FlashGet
2009-04-26 16:56 . 2009-03-09 01:31 -------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-04-25 14:34 . 2009-03-11 10:23 -------- d-----w c:\program files\AV Vcs 6.0 DIAMOND
2009-04-25 14:26 . 2009-03-18 13:12 -------- d-----w c:\program files\Warcraft III
2009-04-24 22:44 . 2009-03-11 10:18 -------- d-----w c:\program files\Virtual Piano
2009-04-24 21:06 . 2009-03-17 16:41 -------- d-----w c:\program files\KONAMI
2009-04-16 21:33 . 2009-03-10 20:45 89560 ----a-w c:\documents and settings\Djordje Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-10 19:21 . 2009-03-09 11:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\GARMIN
2009-04-09 19:37 . 2009-03-10 21:03 89560 ----a-w c:\documents and settings\Branka Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 16:56 . 2009-03-10 22:08 89560 ----a-w c:\documents and settings\Miso Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-06 07:50 . 2009-03-09 10:27 89560 ----a-w c:\documents and settings\Obrad Cvijovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-31 17:16 . 2009-03-18 13:31 -------- d-----w c:\program files\Java
2009-03-24 19:14 . 2009-03-24 19:08 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\BitTorrent
2009-03-24 18:58 . 2009-03-24 18:58 -------- d-----w c:\program files\ReflexiveArcade
2009-03-24 18:52 . 2009-03-24 18:38 -------- d-----w c:\program files\AXIS Communications
2009-03-22 14:31 . 2009-03-09 10:36 -------- d-----w c:\program files\K-Lite Codec Pack
2009-03-22 13:55 . 2009-03-11 00:26 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\DivX
2009-03-22 11:56 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Nokia
2009-03-22 11:52 . 2009-03-11 11:08 -------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-22 11:52 . 2009-03-22 11:52 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-21 08:14 . 2009-03-21 08:14 -------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 -------- d-----w c:\program files\Symantec
2009-03-20 20:21 . 2009-03-09 01:32 805 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-03-20 20:21 . 2009-03-09 01:32 7386 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-03-20 20:21 . 2009-03-09 01:32 60808 ----a-w c:\windows\system32\S32EVNT1.DLL
2009-03-20 20:21 . 2009-03-09 01:32 124464 ----a-w c:\windows\system32\drivers\SYMEVENT.SYS
2009-03-18 20:07 . 2009-03-18 20:07 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Media Player Classic
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\program files\Learn2.com
2009-03-18 20:04 . 2009-03-18 20:04 -------- d-----w c:\documents and settings\Miso Cvijovic\Application Data\Learn2.com
2009-03-18 20:01 . 2009-03-18 20:00 -------- d-sh--w c:\program files\Common Files\WindowsLiveInstaller
2009-03-18 19:59 . 2009-03-09 01:32 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-03-18 19:52 . 2009-03-18 19:52 -------- d-----w c:\program files\Common Files\Adobe Systems Shared
2009-03-18 19:47 . 2009-03-10 20:10 -------- d-----w c:\program files\Common Files\Adobe
2009-03-18 14:24 . 2009-03-18 14:24 -------- d-----w c:\program files\Xvid
2009-03-18 14:09 . 2009-03-11 11:38 -------- d-----w c:\program files\Igre
2009-03-18 14:05 . 2009-03-18 13:32 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\LimeWire
2009-03-18 13:48 . 2009-03-18 13:16 77298 ----a-w c:\windows\War3Unin.dat
2009-03-18 13:32 . 2009-03-18 13:16 2829 ----a-w c:\windows\War3Unin.pif
2009-03-18 13:32 . 2009-03-18 13:16 139264 ----a-w c:\windows\War3Unin.exe
2009-03-18 13:32 . 2009-03-18 13:29 -------- d-----w c:\program files\LimeWire
2009-03-18 13:20 . 2009-03-18 13:20 -------- d-----w c:\program files\Gabest
2009-03-16 15:06 . 2009-03-09 10:37 -------- d-----w c:\program files\Magic Video Converter
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\documents and settings\All Users\Application Data\TechSmith
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\Common Files\TechSmith Shared
2009-03-15 16:49 . 2009-03-15 16:49 -------- d-----w c:\program files\TechSmith
2009-03-12 11:58 . 2009-03-12 11:58 -------- d-----w c:\program files\Common Files\Apple
2009-03-12 11:50 . 2009-03-12 11:50 -------- d-----w c:\program files\IrfanView
2009-03-12 11:35 . 2009-03-12 11:35 -------- d-----w c:\program files\Intracom S.A
2009-03-12 11:15 . 2009-03-09 10:42 -------- d-----w c:\program files\Corel
2009-03-12 11:12 . 2009-03-10 16:40 6578 --sha-w c:\windows\system32\KGyGaAvL.sys
2009-03-12 00:36 . 2009-03-12 00:36 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sports Interactive
2009-03-12 00:31 . 2009-03-12 00:31 107888 ----a-w c:\windows\system32\CmdLineExt.dll
2009-03-12 00:29 . 2009-03-12 00:27 -------- d--h--w c:\program files\Zero G Registry
2009-03-11 21:12 . 2009-03-09 00:03 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-11 21:10 . 2009-03-11 21:10 -------- d-----w c:\program files\Sonic
2009-03-11 21:03 . 2009-03-11 21:03 -------- d-----w c:\program files\Sony
2009-03-11 21:02 . 2009-03-11 21:02 -------- d-----w c:\documents and settings\All Users\Application Data\Sony Corporation
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\MSBuild
2009-03-11 20:33 . 2009-03-11 20:33 -------- d-----w c:\program files\Reference Assemblies
2009-03-11 19:52 . 2009-03-11 19:52 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\AdobeUM
2009-03-11 19:45 . 2009-03-11 19:45 -------- d-----w c:\documents and settings\All Users\Application Data\Cadsoft
2009-03-11 19:44 . 2009-03-11 19:44 -------- d-----w c:\program files\Common Files\Cadsoft
2009-03-11 19:43 . 2009-03-11 19:43 -------- d-----w c:\program files\3D Home Architect
2009-03-11 19:07 . 2009-03-11 19:07 -------- d-----w c:\program files\MSXML 4.0
2009-03-11 18:16 . 2009-03-11 18:16 -------- d-----w c:\program files\Readiris
2009-03-11 18:16 . 2009-03-11 18:07 -------- d-----w c:\program files\Samsung
2009-03-11 11:42 . 2009-03-11 11:42 -------- d-----w c:\program files\CartmansAuthoritah
2009-03-11 11:07 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\Common Files\Nokia
2009-03-11 11:06 . 2009-03-11 10:48 -------- d-----w c:\program files\Nokia
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\DIFX
2009-03-11 11:06 . 2009-03-11 11:06 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-11 11:04 . 2009-03-11 11:04 -------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-11 10:28 . 2009-03-11 10:28 -------- d-----w c:\program files\Real Alternative
2009-03-11 10:22 . 2009-03-11 10:20 -------- d-----w c:\program files\YVD
2009-03-11 10:16 . 2009-03-11 10:16 -------- d-----w c:\program files\uTIPu
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\program files\Youdagames
2009-03-11 10:15 . 2009-03-11 10:15 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Youdagames
2009-03-11 10:11 . 2009-03-11 10:11 -------- d-----w c:\program files\PassportPhoto
2009-03-11 10:06 . 2009-03-10 20:11 -------- d-----w c:\program files\Cleaner 5 EZ
2009-03-11 10:05 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-03-11 10:03 . 2009-03-11 09:49 -------- d-----w c:\program files\DivX
2009-03-11 09:55 . 2009-03-11 09:54 -------- d-----w c:\program files\QuickTime
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\program files\Apple Software Update
2009-03-11 09:54 . 2009-03-11 09:54 -------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-03-11 09:44 . 2009-03-11 09:42 -------- d-----w c:\program files\Valve
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Windows Search
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\SystemRequirementsLab
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Sony Corporation
2009-03-11 00:28 . 2009-03-10 17:07 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\skypePM
2009-03-11 00:28 . 2009-03-10 17:06 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Skype
2009-03-11 00:28 . 2009-03-11 00:28 -------- d--h--r c:\documents and settings\Obrad Cvijovic\Application Data\SecuROM
2009-03-11 00:28 . 2009-03-11 00:28 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\PC Suite
2009-03-11 00:28 . 2009-03-10 19:29 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MyPhoneExplorer
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\MegauploadToolbar
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Media Player Classic
2009-03-11 00:27 . 2009-03-11 00:27 -------- d-----w c:\documents and settings\Obrad Cvijovic\Application Data\Malwarebytes
.

((((((((((((((((((((((((((((( SnapShot@2009-04-24_19.57.46 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-26 17:03 . 2009-04-26 17:03 16384 c:\windows\Temp\Perflib_Perfdata_5e4.dat
+ 2009-04-26 17:02 . 2009-04-26 17:02 16384 c:\windows\Temp\Perflib_Perfdata_384.dat
+ 2009-04-24 23:20 . 2009-04-24 23:20 78482 c:\windows\system32\Adobe\uninstaller.exe
+ 2009-03-19 15:15 . 2009-03-19 15:15 58736 c:\windows\system32\Adobe\Shockwave 11\SYMCCHECKER.DLL
+ 2009-03-19 15:43 . 2009-03-19 15:43 94208 c:\windows\system32\Adobe\Shockwave 11\SwMenu.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 52288 c:\windows\system32\Adobe\Shockwave 11\gtapi.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 9216 c:\windows\system32\Adobe\Shockwave 11\DynaPlayer.dll
+ 2009-03-19 15:43 . 2009-03-19 15:43 114688 c:\windows\system32\Adobe\Shockwave 11\SwInit.exe
+ 2009-03-19 15:55 . 2009-03-19 15:55 460216 c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150595.exe
+ 2009-03-19 15:46 . 2009-03-19 15:46 442368 c:\windows\system32\Adobe\Shockwave 11\Proj.dll
+ 2009-03-19 15:44 . 2009-03-19 15:44 376832 c:\windows\system32\Adobe\Shockwave 11\Plugin.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 704000 c:\windows\system32\Adobe\Shockwave 11\gi.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 614400 c:\windows\system32\Adobe\Shockwave 11\Control.dll
+ 2009-03-19 15:55 . 2009-03-19 15:55 202168 c:\windows\system32\Adobe\Director\SwDir.dll
+ 2009-03-19 15:45 . 2009-03-19 15:45 131072 c:\windows\system32\Adobe\Director\np32dsw.dll
+ 2009-03-19 15:20 . 2009-03-19 15:20 1011712 c:\windows\system32\Adobe\Shockwave 11\iml32.dll
+ 2009-03-19 15:15 . 2009-03-19 15:15 1145896 c:\windows\system32\Adobe\Shockwave 11\gt.exe
+ 2009-03-19 15:24 . 2009-03-19 15:24 1798144 c:\windows\system32\Adobe\Shockwave 11\dirapi.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-22 342848]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-07-31 139264]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-06-29 1990704]
"WinDVR SchSvr"="c:\program files\Common Files\InterVideo\SchSvr\SchSvr.exe" [2005-02-16 106496]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"QuickFinder Scheduler"="c:\program files\WordPerfect Office X3\Programs\QFSCHD130.EXE" [2005-11-30 77892]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]
"nMTaskBarService"="nMtsk.exe" - c:\windows\nMtsk.exe [2005-05-06 90112]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-3-9 839680]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2009-3-9 204800]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\nms\\nmsd.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\xtop.exe"=
"c:\\Program Files\\proeWildfire\\i486_nt\\obj\\pro_comm_msg.exe"=
"c:\\Program Files\\Microsoft Visual Studio\\Common\\Tools\\VS-Ent98\\Vanalyzr\\VARPC.EXE"=
"c:\\Program Files\\ApexDC++\\ApexDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Pocket Tanks\\pockettanks.exe"=

R2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys [2006-03-02 63555]
R3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
R3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\DRIVERS\gflmouhid.sys [2004-04-19 6656]
R3 GrooveInstallerService;Groove Installer Service;c:\program files\Groove Networks\Groove\Bin\GrooveInstallerService.exe [2002-09-25 99904]
R3 netModUSBlfService;netMod USB Lower Filter Service;c:\windows\system32\drivers\nMUSBlf.sys [2004-01-20 20716]
R3 netModUSBService;Service for netMod USB CAPI Driver;c:\windows\system32\drivers\nMUSB.sys [2006-10-02 59260]
R3 nMtskService;nMtskBar Service;c:\windows\nMtsk.exe [2005-05-06 90112]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1005000.086\SYMEFA.SYS [2009-02-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
S1 ccHP;Symantec Hash Provider;c:\windows\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-20 482352]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090420.001\IDSxpx86.sys [2009-02-06 276344]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
S2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys [2006-05-04 114616]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-03-08 101936]

.
Contents of the 'Scheduled Tasks' folder

2009-03-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-04-26 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 18:20]
.
.
------- Supplementary Scan -------
.
IE: &Stáhnout &vše FlashGetem - c:\program files\FlashGet\jc_all.htm
IE: &Stáhnout FlashGetem - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Open with WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: {0C1F73EC-70D0-49DF-B390-C56E9355B6D9} = 194.247.192.1 194.247.192.33
FF - ProfilePath - c:\documents and settings\Obrad Cvijovic\Application Data\Mozilla\Firefox\Profiles\f9yh552d.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-26 19:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2200)
c:\program files\FlashGet\fgmgr.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclIrSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-04-26 19:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-26 17:07
ComboFix2.txt 2009-04-26 16:25

Pre-Run: 82.528.493.568 bytes free
Post-Run: 82.412.171.264 bytes free

319 --- E O F --- 2009-04-24 19:42

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ajmo ponovo skriptu, pa mi kazi kako radi.

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
C:\Win


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 29 Jan 2009
  • Poruke: 19

Taj folder sam obrisao bio je samo jedan fajl 1.exe

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kada si ga obrisao?

offline
  • Pridružio: 29 Jan 2009
  • Poruke: 19

Mislim da taj folder nemoze nista da osteti posto ga combofix nije obrisao.

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Kad ga nije obrisao? Ajde ti uradi kako kazem, ili si vec uradio, ako jesi, daj log.

offline
  • Pridružio: 29 Jan 2009
  • Poruke: 19

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:06:42, on 26.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\QuickTime\QTTask.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\nMtsk.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Obrad Cvijovic\Desktop\Dr Bora Pack\124.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [WinDVR SchSvr] "C:\Program Files\Common Files\InterVideo\SchSvr\SchSvr.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files\WordPerfect Office X3\Programs\QFSCHD130.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nMTaskBarService] nMtsk.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKUS\S-1-5-21-1960408961-630328440-682003330-1006\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Djordje Cvijovic')
O4 - HKUS\S-1-5-21-1960408961-630328440-682003330-1006\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (User 'Djordje Cvijovic')
O4 - HKUS\S-1-5-21-1960408961-630328440-682003330-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Djordje Cvijovic')
O4 - HKUS\S-1-5-21-1960408961-630328440-682003330-1006\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (User 'Djordje Cvijovic')
O4 - S-1-5-21-1960408961-630328440-682003330-1006 Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe (User 'Djordje Cvijovic')
O4 - S-1-5-21-1960408961-630328440-682003330-1006 User Startup: LimeWire On Startup.lnk = D:\Program Files\LimeWire\LimeWire.exe (User 'Djordje Cvijovic')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Stáhnout &vše FlashGetem - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Stáhnout FlashGetem - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C1F73EC-70D0-49DF-B390-C56E9355B6D9}: NameServer = 194.247.192.1 194.247.192.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Groove Installer Service (GrooveInstallerService) - Groove Networks, Inc. - C:\Program Files\Groove Networks\Groove\Bin\GrooveInstallerService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: nMtskBar Service (nMtskService) - Intracom S.A. - C:\WINDOWS\nMtsk.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9711 bytes

offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Ma, jesi ti pustio skriptu za brisanje onog foldera?

Ko je trenutno na forumu
 

Ukupno su 1278 korisnika na forumu :: 55 registrovanih, 10 sakrivenih i 1213 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, A.R.Chafee.Jr., Acivi, aramis s, babaroga, Bobrock1, bojankrstc, Brana01, cifra, comi_pfc, dankisha, darcaud, DENIRO, Dimitrije Paunovic, Dimitrise93, Djokkinen, Doca, doktor1964, DonRumataEstorski, Fabius, Georgius, HogarStrashni, hooraay, hyla, ILGromovnik, krkalon, kunktator, Kure126-7, kybonacci, Lieutenant, ljubacv, Metanoja, milenko crazy north, Miroljub1979, MiroslavD, Mixelotti, mkukoleca, Motocar, nemkea71, nenooo, raptorsi, ruma, sabros, Sančo, sap, Smajser, Smd, srbijaiznadsvega, stalja, suton, tmanda323, Trpe Grozni, uruk, voja64, Zi0mek