offline
- bgdtanja
- Novi MyCity građanin
- Pridružio: 22 Dec 2005
- Poruke: 5
|
Pozdrav svima.Zamolila bih za pomoc posto sam izgubila sve zivce pokusavajuci da se resim napasti i nisam uspela a nije mi resenje reinstalacija wina jer mi se virus pojavljuje i na c i na d na kome imam preko 100 gb programa,slika i filmova.U pitanju je W32.Rontokbro.B@mm koji mi prijavljuje Norton Iternet Security.Ne moze da ga obrise ali ga non stop blokira i to najvise u d/filmovi pokusava da se ubaci u svaki folder sa filmom. Pomagajte molim vas.Evo postavljam logove.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:58:31 PM, on 10/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\MSI\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Service Pack 3 Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Hard Disk Sentinel] "C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" /AUTORUN
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-19\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [msnsc] C:\WINDOWS\system32\msnsc.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevedi sa Di recnikom - C:\Program Files\Di recnik\diie.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CB8537D5-0DA1-4AF0-A703-896E844C6C69}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\MSI\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 8140 bytes
ComboFix 08-10-07.03 - Tanja 2008-10-08 17:05:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.525 [GMT 2:00]
Running from: C:\Documents and Settings\Tanja\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-09-08 to 2008-10-08 )))))))))))))))))))))))))))))))
.
2008-10-08 16:51 . 2008-10-08 16:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-10-07 12:27 . 2008-04-07 16:42 995,268 --a------ C:\wa501gv1-en-up.bin
2008-10-07 12:27 . 2007-01-28 05:03 90,112 --a------ C:\tftpd32.exe
2008-10-07 01:14 . 2008-10-07 01:14 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-10-06 22:26 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-10-06 22:26 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-10-06 22:26 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-10-06 17:26 . 2008-08-26 13:52 <DIR> d-------- C:\Documents and Settings\Administrator\ff_temp
2008-10-06 17:26 . 2008-09-16 20:48 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Desperate Housewives
2008-10-06 17:26 . 2008-08-26 13:52 <DIR> d-------- C:\Documents and Settings\Administrator\7zS183C.tmp
2008-10-06 17:26 . 2008-10-06 21:35 <DIR> d-------- C:\Documents and Settings\Administrator
2008-10-05 00:46 . 2007-03-21 20:33 503,808 --a------ C:\WINDOWS\system32\MSVCP71.DL1
2008-10-05 00:46 . 2007-03-21 20:33 348,160 --a------ C:\WINDOWS\system32\MSVCR71.DL1
2008-10-05 00:29 . 2008-10-06 22:26 <DIR> d-------- C:\Program Files\Norton Internet Security
2008-10-05 00:28 . 2008-10-05 00:41 <DIR> d-------- C:\Program Files\Symantec
2008-10-05 00:28 . 2008-10-07 12:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-10-05 00:28 . 2008-10-05 00:41 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-10-05 00:28 . 2008-10-05 00:41 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2008-10-05 00:28 . 2008-10-05 00:41 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-10-05 00:28 . 2008-10-05 00:41 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-10-05 00:27 . 2008-10-08 16:18 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-09-29 23:12 . 2008-09-29 23:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-22 11:55 . 2008-09-29 23:12 <DIR> d-------- C:\Program Files\Microids(2)
2008-09-18 18:27 . 2008-09-18 18:27 <DIR> d-------- C:\Program Files\Funcom
2008-09-18 03:02 . 2006-08-21 11:14 128,896 --------- C:\WINDOWS\system32\DllCache\fltmgr.sys
2008-09-18 03:02 . 2006-08-21 11:14 23,040 --------- C:\WINDOWS\system32\DllCache\fltmc.exe
2008-09-18 03:02 . 2006-08-21 14:21 16,896 --------- C:\WINDOWS\system32\DllCache\fltlib.dll
2008-09-17 20:07 . 2007-07-09 15:16 582,656 --------- C:\WINDOWS\system32\DllCache\rpcrt4.dll
2008-09-16 20:49 . 2008-09-16 20:49 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Leadertech
2008-09-16 20:48 . 2008-09-16 21:13 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Desperate Housewives
2008-09-16 20:47 . 2008-09-16 20:47 <DIR> d-------- C:\Program Files\Buena Vista Games
2008-09-16 20:47 . 2008-09-16 20:49 1,175 --a------ C:\WINDOWS\disney.ini
2008-09-16 20:47 . 2008-09-16 20:47 186 --a------ C:\WINDOWS\disneysy.ini
2008-09-16 20:28 . 2008-09-16 20:28 <DIR> d-------- C:\Program Files\Pro Pinball
2008-09-15 18:09 . 2007-12-21 05:09 368,640 -ra------ C:\WINDOWS\system32\SET30.tmp
2008-09-15 18:07 . 2008-09-15 18:07 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-15 18:07 . 2008-09-15 18:07 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-15 16:03 . 2008-09-16 16:08 <DIR> d-------- C:\Program Files\ATI
2008-09-15 16:01 . 2008-09-15 16:01 <DIR> d-------- C:\ATI
2008-09-15 15:56 . 2008-09-15 15:56 <DIR> d-------- C:\Program Files\Softland
2008-09-15 15:56 . 2008-07-21 14:10 21,656 --a------ C:\WINDOWS\system32\dopdfmn6.dll
2008-09-15 15:56 . 2008-07-21 14:10 18,072 --a------ C:\WINDOWS\system32\dopdfmi6.dll
2008-09-15 15:56 . 2008-03-27 15:42 7,477 --a------ C:\WINDOWS\system32\dopdf6.ctm
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\WINDOWS\speech
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\WINDOWS\Lhsp
2008-09-15 15:55 . 2008-09-15 15:55 <DIR> d-------- C:\Program Files\Di recnik
2008-09-15 15:55 . 2002-02-01 19:00 1,497,088 --a------ C:\WINDOWS\system32\cc3260mt.dll
2008-09-15 15:55 . 2003-01-30 05:04 1,412,608 --a------ C:\WINDOWS\system32\cc3260.dll
2008-09-15 15:55 . 2002-02-01 18:00 1,326,080 --a------ C:\WINDOWS\system32\vcl60.bpl
2008-09-15 15:55 . 2002-02-01 17:00 148,992 --a------ C:\WINDOWS\system32\adortl60.bpl
2008-09-15 15:55 . 2002-02-01 18:00 22,016 --a------ C:\WINDOWS\system32\Borlndmm.dll
2008-09-15 15:53 . 2008-09-15 15:53 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-09-15 15:52 . 2008-09-15 15:52 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-15 15:52 . 2008-09-15 15:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-15 15:50 . 2008-09-15 15:50 <DIR> d-------- C:\Program Files\CCleaner
2008-09-15 15:48 . 2008-09-15 15:48 <DIR> d-------- C:\Program Files\Winamp
2008-09-15 15:48 . 2008-09-15 18:33 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-15 15:48 . 2008-09-15 15:48 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Winamp
2008-09-15 15:47 . 2008-10-02 09:50 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-15 15:47 . 2008-10-02 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-15 15:44 . 2008-09-15 15:44 <DIR> d-------- C:\Program Files\Webteh
2008-09-15 15:44 . 2008-09-15 15:45 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\BSplayer Pro
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Program Files\ACD Systems
2008-09-15 15:43 . 2008-09-15 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Program Files\Skype
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-09-15 15:42 . 2008-09-15 18:02 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Skype
2008-09-15 15:42 . 2008-09-15 15:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-09-15 15:36 . 2008-09-15 15:36 <DIR> d--h----- C:\WINDOWS\PIF
2008-09-15 15:10 . 2008-09-15 15:10 <DIR> d-------- C:\Program Files\Sparkle
2008-09-10 23:35 . 2008-09-10 23:36 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-09-10 23:35 . 2008-09-10 23:36 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-09-08 01:03 . 2008-09-15 15:09 <DIR> d-------- C:\Documents and Settings\Tanja\Application Data\Lavasoft
2008-09-08 00:56 . 1999-07-22 18:14 306,688 --a------ C:\WINDOWS\IsUninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-05 18:45 --------- d-----w C:\Program Files\Hard Disk Sentinel
2008-09-18 16:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-17 17:27 --------- d-----w C:\Program Files\Unlocker
2008-09-15 13:45 --------- d-----w C:\Program Files\PowerISO
2008-09-07 21:55 --------- d-----w C:\Program Files\Runtime Software
2008-09-07 21:27 --------- d-----w C:\Documents and Settings\Tanja\Application Data\EPSON
2008-09-03 10:26 275,458 ----a-w C:\WINDOWS\StrongDC++ Uninstaller.exe
2008-09-03 00:24 --------- d-----w C:\Program Files\MSI
2008-09-02 23:58 --------- d-----w C:\Documents and Settings\Tanja\Application Data\Talkback
2008-09-02 21:57 --------- d-----w C:\Program Files\MSXML 4.0
2008-09-02 21:24 --------- d-----w C:\Program Files\ESET
2008-09-02 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-09-02 14:00 --------- d-----w C:\Program Files\Alwil Software
2008-09-02 13:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-02 13:32 --------- d-----w C:\Documents and Settings\All Users\Application Data\UDL
2008-09-02 13:31 --------- d-----w C:\Program Files\epson
2008-09-02 13:31 --------- d-----w C:\Program Files\ABBYY FineReader 6.0 Sprint
2008-09-02 13:27 --------- d-----w C:\Documents and Settings\Tanja\Application Data\InstallShield
2008-09-02 13:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\EPSON
2008-09-02 12:54 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-09-02 12:54 --------- d-----w C:\Program Files\Realtek
2008-09-02 12:52 --------- d-----w C:\Program Files\Intel
2008-09-02 12:49 --------- d-----w C:\Documents and Settings\Tanja\Application Data\ATI
2008-09-02 12:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-09-02 12:46 --------- d-----w C:\Program Files\ATI Technologies
2008-09-02 12:43 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-09-02 07:37 --------- d-----w C:\Program Files\Common Files\Nero
2008-09-02 07:37 --------- d-----w C:\Documents and Settings\Tanja\Application Data\Nero
2008-09-02 07:36 --------- d-----w C:\Program Files\Nero
2008-09-02 07:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-02 07:31 --------- d-----w C:\Documents and Settings\Tanja\Application Data\DeepBurner
2008-09-02 06:06 --------- d-----w C:\Program Files\Astonsoft
2008-08-26 13:35 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-26 11:52 107,132 ----a-w C:\WINDOWS\UninstallFirefox.exe
2008-08-26 11:52 --------- d-----w C:\Program Files\QuickTime Alternative
2008-08-26 11:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-26 11:51 --------- d-----w C:\Program Files\Common Files\Adobe
2008-08-26 11:45 --------- d-----w C:\Program Files\MSN Messenger
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
"Hard Disk Sentinel"="C:\Program Files\Hard Disk Sentinel\HDSentinel.exe" [2008-09-02 3256320]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 115816]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-01-14 771704]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2006-01-06 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2007-04-10 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2007-04-04 C:\WINDOWS\SkyTel.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnsc"="C:\WINDOWS\system32\msnsc.exe" [2006-01-13 62054]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2006-01-13 44544]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
BTTray.lnk - C:\Program Files\MSI\Bluetooth Software\BTTray.exe [2004-03-31 507965]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i263_32.drv
"msacm.imc"= imc32.acm
"msacm.l3codecp"= l3codecp.acm
"VIDC.i263"= i263_32.drv
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
C:\Program Files\Di recnik [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX8400 Series]
--a------ 2007-04-12 08:00 182272 C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATICEE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2005-12-14 13:13 7095344 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 02:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-08-12 18:19 21741864 C:\Program Files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\BEOGRID\\StrongDC++\\StrongDC.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R3 DLKRTS;D-Link DFE-530TX+ PCI Adapter;C:\WINDOWS\system32\DRIVERS\DLKRTS.SYS [2001-10-17 25434]
S1 tvtool;tvtool;C:\Program Files\TVTool 9.5\tvtool.sys [ ]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-07-03 39424]
*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-10-04 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Tanja.job
- C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe [2007-01-14 03:09]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Tanja\Application Data\Mozilla\Firefox\Profiles\2da0mdam.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-08 17:06:37
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-08 17:07:16
ComboFix-quarantined-files.txt 2008-10-08 15:07:10
ComboFix2.txt 2008-10-08 15:02:19
Pre-Run: 145,168,465,920 bytes free
Post-Run: 145,156,177,920 bytes free
222 --- E O F --- 2008-09-18 01:06:57
|