[bobby] Sta raditi?

1

[bobby] Sta raditi?

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:42, on 2009-04-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\WINDOWS\system32\DLService.exe
C:\windows\Explorer.EXE
C:\windows\system32\DLTray.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\windows\system32\spoolsv.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\PC Security Tweaker\newlock.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
D:\xampp\mysql\bin\mysqld-nt.exe
C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
C:\windows\system32\nvsvc32.exe
C:\Program Files\PC Auto Shutdown\ShutdownService.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\windows\system32\svchost.exe
C:\windows\System32\TUProgSt.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
D:\xampp\apache\bin\apache.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\totalcmd\TOTALCMD.EXE
D:\! Dobri programi\antivirus\diagnostika\HJTInstall.exe
C:\totalcmd\TOTALCMD.EXE
c:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - (no file)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Kwyshell MidpX BHO - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O3 - Toolbar: Kwyshell MidpX - {EBE9E2B5-B526-48BC-AD46-687263EDCB0E} - C:\Program Files\Kwyshell\MidpX\JadInvoker\MidpInvoker.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Link to &MidpX - C:\Program Files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
O8 - Extra context menu item: Prevedi sa Di recnikom - D:\Program Files\Di recnik\diie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\windows\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\windows\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\apache.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: DeskSaverService - Unknown owner - C:\Program Files\PC Security Tweaker\newlock.exe
O23 - Service: DeviceLock Service (Device Lock) - DeviceLock, Inc. - C:\WINDOWS\system32\DLService.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\NVIDIA\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld-nt.exe
O23 - Service: NetOp Helper ver. 9.21 (2008329) (NetOp Host for NT Service) - Danware Data A/S - C:\Program Files\Danware Data\NetOp School\Student\NHOSTSVC.EXE
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - C:\NVIDIA\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: PCAutoShutdown_Service - Unknown owner - C:\Program Files\PC Auto Shutdown\ShutdownService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\windows\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\windows\System32\TUProgSt.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 10494 bytes




i gmer

https://www.mycity.rs/must-login.png

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Napisano: 13 Apr 2009 22:52

Evo sta kaze combofix. Samo da napomenem da je prvo ne4sto skinuo sa interneta, pa je nest6o instalirao i brisao u windows folderi i nekoliko puta sam morao da kliknem na dont send i na kraju je dao ovaj log fajl
ComboFix 09-04-13.A2 - Boban 2009-04-13 22:41.1 - NTFSx86
Running from: c:\documents and settings\Boban\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

The system cannot find the file temp1001.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."

pevFind by Billy Robert O'Neal III
Version 0.0.1.0
So long as David Tribble's message is retained (his rule, not mine)
not limited to sale, distribution, modification, or other use of this
program. If it was my choice, it would be public domain.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM
THE SOFTWARE.

Filename regular expressions library is
"Copyright (C)1997-1998 by David R. Tribble, all rights reserved."



((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\Boban\Application Data\.#
c:\windows\6858.exe
c:\windows\7206.exe
c:\windows\9563.exe
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\e.exe
c:\windows\qq.exe
c:\windows\system\msvbvm60.dll
c:\windows\system32\Bandook Folder

----- BITS: Possible infected sites -----

hxxp://tube28.net
hxxp://78.157.143.217
.
((((((((((((((((((((((((( Files Created from 2009-03-13 to 2009-04-13 )))))))))))))))))))))))))))))))
.

2009-04-13 20:45 . 2009-04-13 20:45 390728 ----a-w c:\windows\system32\DLTray.EXE
2009-04-12 21:41 . 2009-04-12 21:41 -------- d-----w C:\New Folder
2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w C:\virus
2009-04-11 17:37 . 2009-04-11 17:37 144535 ----a-w C:\KALKD.ZIP
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\Boban\Application Data\Malwarebytes
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Common Files\EPSON
2009-03-31 17:00 . 2009-03-31 17:02 11249 ----a-w c:\windows\EPSTPLOG.BAK
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\program files\EpsonNet
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Epson
2009-03-30 18:09 . 2009-03-30 18:10 -------- d-----w C:\!SKOLA
2009-03-29 11:24 . 2009-03-29 11:24 -------- d-----w c:\program files\Smart Virus Remover
2009-03-22 17:24 . 2009-03-23 08:18 -------- d-----w c:\program files\SageTV
2009-03-18 14:08 . 2009-03-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-03-17 15:39 . 2009-03-29 11:26 -------- d-----w c:\program files\Multi Password Recovery
2009-03-17 14:06 . 2009-03-17 14:15 -------- d-----w c:\program files\MyLanViewer
2009-03-17 13:54 . 2009-03-17 13:54 -------- d-----w c:\documents and settings\Boban\Application Data\Uniblue
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\documents and settings\Boban\Application Data\FDRLab
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\program files\FDRLab
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\AskBarDis
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\Foxit Software
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\documents and settings\Boban\Application Data\Foxit
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\HTML Executable
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\Desktopicon
2009-03-16 09:30 . 2009-03-23 11:05 -------- d-----w c:\program files\Super Internet TV
2009-03-16 09:27 . 2009-03-16 09:27 -------- d-----w c:\documents and settings\Boban\Application Data\JLC's Software
2009-03-16 09:27 . 2009-03-16 10:39 -------- d-----w c:\program files\JLC's Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-13 20:45 . 2008-06-22 07:54 11336 ----a-w c:\windows\system32\DLServiceMsg.dll
2009-04-13 20:45 . 2008-06-22 07:54 714312 ----a-w c:\windows\system32\DLGPC.dll
2009-04-12 18:49 . 2008-08-19 13:24 -------- d-----w c:\documents and settings\Boban\Application Data\SolidDocuments
2009-04-12 13:35 . 2008-08-27 18:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-04-08 21:30 . 2008-01-21 17:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-08 21:27 . 2009-02-16 12:59 -------- d-----w c:\program files\Trojan Remover
2009-03-31 07:43 . 2008-01-09 05:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:31 . 2008-11-13 13:22 -------- d-----w c:\program files\Spy Cleaner Gold
2009-03-26 14:28 . 2008-12-27 13:59 -------- d-----w c:\program files\Easy GIF Animator
2009-03-25 21:02 . 2008-06-03 05:26 22463 ----a-w c:\windows\system32\epfwdata.bin
2009-03-23 08:21 . 2008-02-06 17:32 -------- d-----w c:\program files\Sony
2009-03-23 08:20 . 2008-01-29 10:24 -------- d-----w c:\program files\Eltima Software
2009-03-23 08:20 . 2008-01-29 10:25 -------- d-----w c:\documents and settings\Boban\Application Data\Eltima Software
2009-03-23 08:18 . 2008-01-09 20:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 08:11 . 2009-03-03 08:10 -------- d-----w c:\documents and settings\Boban\Application Data\Kingston
2009-03-17 14:12 . 2008-03-07 08:49 -------- d-----w c:\program files\Registry Clean Expert
2009-03-17 14:08 . 2008-01-11 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups
2009-03-17 13:58 . 2009-03-17 13:53 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-17 13:44 . 2008-01-09 05:22 -------- d-----w c:\program files\ESET
2009-03-16 17:48 . 2008-05-29 07:51 -------- d-----w c:\documents and settings\Boban\Application Data\MegauploadToolbar
2009-03-12 20:24 . 2009-03-12 20:24 137728 ----a-w C:\M4gm.xls
2009-03-12 08:20 . 2009-03-12 08:20 -------- d-----w c:\program files\Tukero[X]Team
2009-03-10 14:02 . 2009-03-10 13:54 -------- d-----w c:\program files\Hide Start Button
2009-03-10 13:56 . 2009-03-10 13:56 -------- d-----w c:\program files\1st Security Agent
2009-03-10 13:34 . 2008-06-02 13:15 -------- d-----w c:\program files\Mgtweak
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\Danware Data
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\program files\Danware Data
2009-03-04 08:46 . 2009-03-04 08:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-02-24 15:51 . 2009-02-24 15:51 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Teleca
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Sony Ericsson
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-02-22 12:09 . 2008-01-12 19:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-22 10:51 . 2009-02-22 10:51 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-22 10:51 . 2009-02-22 10:51 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-22 10:51 . 2009-02-22 10:50 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-22 10:51 . 2009-02-22 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-22 10:50 . 2009-02-22 10:50 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-22 10:45 . 2008-12-08 15:31 -------- d-----w c:\program files\dvdSanta
2009-02-22 10:44 . 2008-09-17 11:45 -------- d-----w c:\program files\Hamachi
2009-02-22 10:39 . 2008-05-27 07:11 -------- d-----w c:\program files\Enigma Software Group
2009-02-22 10:38 . 2008-02-18 14:33 -------- d-----w c:\program files\Real
2009-02-22 10:33 . 2008-01-21 17:59 -------- d-----w c:\program files\CoffeeCup Software
2009-02-22 10:29 . 2008-09-22 12:33 -------- d-----w c:\program files\gs
2009-02-22 10:22 . 2009-02-22 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-21 11:41 . 2008-05-11 07:34 -------- d-----w c:\documents and settings\Boban\Application Data\Thinstall
2009-02-21 11:30 . 2008-01-12 19:03 -------- d-----w c:\program files\WinHTTrack
2009-02-21 11:30 . 2009-02-17 16:09 -------- d-----w c:\program files\Modem Spy
2009-02-21 11:19 . 2009-02-21 11:19 -------- d-----w c:\program files\Yamicsoft
2009-02-17 16:09 . 2009-02-17 16:09 -------- d-----w c:\documents and settings\Boban\Application Data\Modem Spy
2009-02-17 15:58 . 2009-02-17 15:58 -------- d-----w c:\program files\Phone Spy
2009-02-16 13:07 . 2009-02-16 13:07 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-16 13:07 . 2009-02-16 12:59 -------- d-----w c:\documents and settings\Boban\Application Data\Simply Super Software
2009-02-16 13:05 . 2009-02-16 13:05 -------- d-----w c:\documents and settings\Boban\Application Data\URSoft
2009-02-15 13:56 . 2009-02-15 13:56 -------- d-----w c:\program files\NOD32view
2009-02-13 12:08 . 2009-02-13 12:08 56280 ----a-w c:\windows\system32\drivers\epfwtdi.sys
2009-02-13 12:08 . 2009-02-13 12:08 33096 ----a-w c:\windows\system32\drivers\epfwndis.sys
2009-02-13 12:08 . 2009-02-13 12:08 130952 ----a-w c:\windows\system32\drivers\epfw.sys
2009-02-13 12:07 . 2009-02-13 12:07 106208 ----a-w c:\windows\system32\drivers\ehdrv.sys
2009-02-13 12:06 . 2009-02-13 12:06 113448 ----a-w c:\windows\system32\drivers\eamon.sys
2009-02-09 15:25 . 2008-06-15 09:22 325003 ----a-w C:\TREEINFO.NCD
2009-02-03 15:34 . 2009-02-03 15:34 68 --sha-w c:\windows\system32\windzfa0.sys
2009-01-31 10:43 . 2009-01-31 10:42 13030 ----a-w C:\PDOXUSRS.NET
2009-01-14 10:29 . 2008-01-08 20:27 113304 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24E.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24D.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24C.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87C.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87A.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml879.tmp
2008-09-01 08:52 . 2008-09-01 08:52 128 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\fusioncache.dat
2008-07-25 13:22 . 2008-06-03 20:52 88 --sh--r c:\documents and settings\All Users\Application Data\428B7D0D81.sys
2008-07-25 13:22 . 2008-06-03 20:52 2984 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 13:58 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\COMMON~1\ULEADS~1\vio\dvacm.acm
"msacm.MPEGacm"= mpegacm.acm
"msacm.ulmp3acm"= ulmp3acm.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Device Lock]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 00:56 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-05-25 16:02 6746112 c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-04-08 09:58 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Auto Shutdown"=c:\program files\PC Auto Shutdown\AutoShutdown.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"00saskda"="c:\program files\1st Security Agent\newlock.exe" saskda
"TrayFactory"=d:\! dobri programi\!RAZNO\PS Tray Factory 2.52\PSTrayFactory.exe /start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\DLService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 HWiNFO32;HWiNFO32 Kernel Driver; [x]
R2 klpsrvc;klpsrvc; [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R3 ATE_PROCMON;ATE_PROCMON;d:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]
R3 block_reader;MPR DRV; [x]
R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys [2008-04-16 16696]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-03 55296]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 PORTMON;PORTMON; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-08 98840]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\System32\Drivers\NHOSTNT1.SYS [2008-11-24 102544]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2008-07-06 1453056]
S2 Device Lock;DeviceLock Service;c:\windows\system32\DLService.exe [2008-06-04 3130952]
S2 drhard;drhard; [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\program files\Danware Data\NetOp School\Student\NHOSTSVC.EXE [2008-11-24 1705896]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2006-12-08 451072]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-22 603904]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\System32\Drivers\NHOSTNT3.SYS [2008-11-24 10280]


--- Other Services/Drivers In Memory ---

*Deregistered* - DeviceLockDriver0
*Deregistered* - DeviceLockDriverHlpExtG3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bef8e80-5f92-11dd-a962-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb7ffb-97a0-11dd-ab1a-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-13 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 17:28]

2009-04-13 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 03:39]

2008-08-03 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]

2009-04-13 c:\windows\Tasks\OFF.job
- c:\windows\system32\shutdown.exe [2004-08-04 00:56]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{F4F10C1D-87C7-404A-B4B3-000000000000} - (no file)
SafeBoot-DeviceLockDriver0.sys
SafeBoot-DeviceLockDriverHlpExtG3.sys
SafeBoot-DLDriver.sys
SafeBoot-DLDriverHlp.sys
SafeBoot-DLDriverKbd0.sys
MSConfigStartUp-nodenable - c:\program files\eset\nodenable.exe
MSConfigStartUp-NodLogin - c:\program files\ESET\ESET Smart Security\nodlogin.exe
MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe


.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
IE: Prevedi sa Di recnikom - d:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\
FF - component: c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Boban\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-13 22:46
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E628ABE-25B0-7959-18B5-B5F2BAB81FE5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panclfcefkdjlbbabbfkekfnebmkibgh"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,
6a,65,66,61,67,65,65,00,fc
"oahdnggiehbahillfkklckihjgbofc"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,6a,
65,66,61,67,65,65,00,ff

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9435EE08-ADD3-A534-31C1-CE2382557008}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakljmmedmndhcoabi"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"hamlhhoibinpocak"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"gajkigojcnlgaa"=hex:6a,61,6e,66,6c,68,6d,6a,62,6e,6b,62,6a,66,66,6f,66,69,6b,
6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\N94827103]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="S"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5044)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\system32\DLTray.EXE
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
d:\xampp\mysql\bin\mysqld-nt.exe
c:\nvidia\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\nvidia\NetworkAccessManager\bin\nSvcIp.exe
c:\nvidia\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
.
**************************************************************************
.
Completion time: 2009-04-13 22:48 - machine was rebooted [Boban]
ComboFix-quarantined-files.txt 2009-04-13 20:48

Pre-Run: 53,233,238,016 bytes free
Post-Run: 53,235,613,696 bytes free

906

Dopuna: 15 Apr 2009 12:31

Bobby moze li pomoc

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Izvini puno. Juce sam bio van stroja totalno.

Moraces ponovo da skines ComboFix zato sto je NOD obrisao jedan njegov deo, pa skeniranje nije uradjeno kako treba.

Znaci, prvo iskljucis NOD:
* Pokreni ESET Smart Security/ESET NOD32 na sledeci nacin :
Start>All Programs>ESET>ESET Smart Security ili pak ESET NOD32 Antivirus(ukoliko koristis samo Antivirus resenje).

* Kada ti se otvori glavni prozor programa, klikni na Setup opciju sa leve strane prozora;
* Izaberi Antivirus and antispyware opciju i klikni na Temporarily disable Antivirus and antispyware protection.
* Na sledece pitanje klikni Yes.

Napomena: Ne zaboravi da ukljuciš ovu opciju po završetku cišcenja.

Onda skines ponovo ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Evo skenirao sam ponovo.
ComboFix 09-04-17.03 - Boban 17.04.2009 9:22.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.589 [GMT 2:00]
Running from: c:\documents and settings\Boban\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
The system cannot find the file temp1001.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Could Not Find c:\combofix\Ori0400


((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-17 07:17 . 2009-04-17 07:17 390728 ----a-w c:\windows\system32\DLTray.EXE
2009-04-15 19:33 . 2009-04-15 19:41 22 ----a-w c:\windows\mfd.ini
2009-04-15 19:33 . 1994-02-05 22:00 25952 ----a-w c:\windows\system\MSACM.DRV
2009-04-15 19:33 . 1994-02-05 22:00 23808 ----a-w c:\windows\system\MSADPCM.ACM
2009-04-15 19:33 . 2009-04-15 19:33 -------- d-----w C:\DKMM
2009-04-14 07:23 . 2009-04-14 07:23 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-14 07:23 . 2009-04-14 07:23 1409 ----a-w c:\windows\QTFont.for
2009-04-12 21:41 . 2009-04-12 21:41 -------- d-----w C:\New Folder
2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w C:\virus
2009-04-11 17:37 . 2009-04-11 17:37 144535 ----a-w C:\KALKD.ZIP
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\Boban\Application Data\Malwarebytes
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Common Files\EPSON
2009-03-31 17:00 . 2009-03-31 17:02 11249 ----a-w c:\windows\EPSTPLOG.BAK
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\program files\EpsonNet
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Epson
2009-03-30 18:09 . 2009-03-30 18:10 -------- d-----w C:\!SKOLA
2009-03-29 11:24 . 2009-03-29 11:24 -------- d-----w c:\program files\Smart Virus Remover
2009-03-22 17:24 . 2009-03-23 08:18 -------- d-----w c:\program files\SageTV
2009-03-18 14:08 . 2009-03-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-17 07:17 . 2008-06-22 07:54 714312 ----a-w c:\windows\system32\DLGPC.dll
2009-04-17 07:17 . 2008-06-22 07:54 11336 ----a-w c:\windows\system32\DLServiceMsg.dll
2009-04-14 07:26 . 2008-05-29 07:51 -------- d-----w c:\documents and settings\Boban\Application Data\MegauploadToolbar
2009-04-14 07:17 . 2009-03-16 09:30 -------- d-----w c:\program files\Super Internet TV
2009-04-14 07:16 . 2008-01-21 17:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 18:49 . 2008-08-19 13:24 -------- d-----w c:\documents and settings\Boban\Application Data\SolidDocuments
2009-04-12 13:35 . 2008-08-27 18:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-04-08 21:27 . 2009-02-16 12:59 -------- d-----w c:\program files\Trojan Remover
2009-03-31 07:43 . 2008-01-09 05:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:31 . 2008-11-13 13:22 -------- d-----w c:\program files\Spy Cleaner Gold
2009-03-29 11:26 . 2009-03-17 15:39 -------- d-----w c:\program files\Multi Password Recovery
2009-03-26 14:28 . 2008-12-27 13:59 -------- d-----w c:\program files\Easy GIF Animator
2009-03-25 21:02 . 2008-06-03 05:26 22463 ----a-w c:\windows\system32\epfwdata.bin
2009-03-23 08:21 . 2008-02-06 17:32 -------- d-----w c:\program files\Sony
2009-03-23 08:20 . 2008-01-29 10:24 -------- d-----w c:\program files\Eltima Software
2009-03-23 08:20 . 2008-01-29 10:25 -------- d-----w c:\documents and settings\Boban\Application Data\Eltima Software
2009-03-23 08:18 . 2008-01-09 20:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 08:11 . 2009-03-03 08:10 -------- d-----w c:\documents and settings\Boban\Application Data\Kingston
2009-03-17 14:15 . 2009-03-17 14:06 -------- d-----w c:\program files\MyLanViewer
2009-03-17 14:12 . 2008-03-07 08:49 -------- d-----w c:\program files\Registry Clean Expert
2009-03-17 14:08 . 2008-01-11 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups
2009-03-17 13:58 . 2009-03-17 13:53 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-17 13:54 . 2009-03-17 13:54 -------- d-----w c:\documents and settings\Boban\Application Data\Uniblue
2009-03-17 13:44 . 2008-01-09 05:22 -------- d-----w c:\program files\ESET
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\documents and settings\Boban\Application Data\FDRLab
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\program files\FDRLab
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\AskBarDis
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\Foxit Software
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\documents and settings\Boban\Application Data\Foxit
2009-03-16 10:39 . 2009-03-16 09:27 -------- d-----w c:\program files\JLC's Software
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\HTML Executable
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\Desktopicon
2009-03-16 09:27 . 2009-03-16 09:27 -------- d-----w c:\documents and settings\Boban\Application Data\JLC's Software
2009-03-12 20:24 . 2009-03-12 20:24 137728 ----a-w C:\M4gm.xls
2009-03-12 08:20 . 2009-03-12 08:20 -------- d-----w c:\program files\Tukero[X]Team
2009-03-10 14:02 . 2009-03-10 13:54 -------- d-----w c:\program files\Hide Start Button
2009-03-10 13:56 . 2009-03-10 13:56 -------- d-----w c:\program files\1st Security Agent
2009-03-10 13:34 . 2008-06-02 13:15 -------- d-----w c:\program files\Mgtweak
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\Danware Data
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\program files\Danware Data
2009-03-04 08:46 . 2009-03-04 08:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-02-24 15:51 . 2009-02-24 15:51 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Teleca
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Sony Ericsson
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-02-22 12:09 . 2008-01-12 19:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-22 10:51 . 2009-02-22 10:51 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-22 10:51 . 2009-02-22 10:51 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-22 10:51 . 2009-02-22 10:50 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-22 10:51 . 2009-02-22 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-22 10:50 . 2009-02-22 10:50 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-22 10:45 . 2008-12-08 15:31 -------- d-----w c:\program files\dvdSanta
2009-02-22 10:44 . 2008-09-17 11:45 -------- d-----w c:\program files\Hamachi
2009-02-22 10:39 . 2008-05-27 07:11 -------- d-----w c:\program files\Enigma Software Group
2009-02-22 10:38 . 2008-02-18 14:33 -------- d-----w c:\program files\Real
2009-02-22 10:33 . 2008-01-21 17:59 -------- d-----w c:\program files\CoffeeCup Software
2009-02-22 10:29 . 2008-09-22 12:33 -------- d-----w c:\program files\gs
2009-02-22 10:22 . 2009-02-22 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-21 11:41 . 2008-05-11 07:34 -------- d-----w c:\documents and settings\Boban\Application Data\Thinstall
2009-02-21 11:30 . 2008-01-12 19:03 -------- d-----w c:\program files\WinHTTrack
2009-02-21 11:30 . 2009-02-17 16:09 -------- d-----w c:\program files\Modem Spy
2009-02-21 11:19 . 2009-02-21 11:19 -------- d-----w c:\program files\Yamicsoft
2009-02-17 16:09 . 2009-02-17 16:09 -------- d-----w c:\documents and settings\Boban\Application Data\Modem Spy
2009-02-17 15:58 . 2009-02-17 15:58 -------- d-----w c:\program files\Phone Spy
2009-02-16 13:07 . 2009-02-16 13:07 -------- d-----w c:\documents and settings\All Users\Application Data\Simply Super Software
2009-02-16 13:07 . 2009-02-16 12:59 -------- d-----w c:\documents and settings\Boban\Application Data\Simply Super Software
2009-02-16 13:05 . 2009-02-16 13:05 -------- d-----w c:\documents and settings\Boban\Application Data\URSoft
2009-02-09 15:25 . 2008-06-15 09:22 325003 ----a-w C:\TREEINFO.NCD
2009-01-31 10:43 . 2009-01-31 10:42 13030 ----a-w C:\PDOXUSRS.NET
2009-01-14 10:29 . 2008-01-08 20:27 113304 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24E.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24D.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24C.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87C.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87A.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml879.tmp
2008-09-01 08:52 . 2008-09-01 08:52 128 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\fusioncache.dat
2008-07-25 13:22 . 2008-06-03 20:52 88 --sh--r c:\documents and settings\All Users\Application Data\428B7D0D81.sys
2008-07-25 13:22 . 2008-06-03 20:52 2984 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Device Lock]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-05-25 14:02 6746112 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 07:58 68856 ----a-w c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Auto Shutdown"=c:\program files\PC Auto Shutdown\AutoShutdown.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"00saskda"="c:\program files\1st Security Agent\newlock.exe" saskda
"TrayFactory"=d:\! dobri programi\!RAZNO\PS Tray Factory 2.52\PSTrayFactory.exe /start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\DLService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 HWiNFO32;HWiNFO32 Kernel Driver; [x]
R2 klpsrvc;klpsrvc; [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R3 ATE_PROCMON;ATE_PROCMON;d:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]
R3 block_reader;MPR DRV; [x]
R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys [2008-04-16 16696]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-02 55296]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 PORTMON;PORTMON; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\System32\Drivers\NHOSTNT1.SYS [2008-11-24 102544]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2008-07-06 1453056]
S2 Device Lock;DeviceLock Service;c:\windows\system32\DLService.exe [2008-06-04 3130952]
S2 drhard;drhard; [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\program files\Danware Data\NetOp School\Student\NHOSTSVC.EXE [2008-11-24 1705896]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2006-12-08 451072]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-22 603904]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\System32\Drivers\NHOSTNT3.SYS [2008-11-24 10280]


--- Other Services/Drivers In Memory ---

*Deregistered* - DeviceLockDriver0
*Deregistered* - DeviceLockDriverHlpExtG3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bef8e80-5f92-11dd-a962-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb7ffb-97a0-11dd-ab1a-001802f3ee32}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C0\KB915866.exe
.
Contents of the 'Scheduled Tasks' folder

2009-04-17 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2009-04-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 01:39]

2008-08-03 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 12:28]

2009-04-13 c:\windows\Tasks\OFF.job
- c:\windows\system32\shutdown.exe [2004-08-03 22:56]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
IE: Prevedi sa Di recnikom - d:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\
FF - component: c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Boban\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-17 09:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E628ABE-25B0-7959-18B5-B5F2BAB81FE5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panclfcefkdjlbbabbfkekfnebmkibgh"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,
6a,65,66,61,67,65,65,00,fc
"oahdnggiehbahillfkklckihjgbofc"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,6a,
65,66,61,67,65,65,00,ff

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9435EE08-ADD3-A534-31C1-CE2382557008}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakljmmedmndhcoabi"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"hamlhhoibinpocak"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"gajkigojcnlgaa"=hex:6a,61,6e,66,6c,68,6d,6a,62,6e,6b,62,6a,66,66,6f,66,69,6b,
6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\N94827103]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="S"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(424)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-17 9:26
ComboFix-quarantined-files.txt 2009-04-17 07:26
ComboFix2.txt 2009-04-13 20:48

Pre-Run: 53.080.301.568 bytes free
Post-Run: 53.090.836.480 bytes free

412

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Pogledao sam.

Opet se desilo isto sr* sa ComboFixom - tvoj antivirus je obrisao jedan deo ComboFixa ili su ti dozvole za pristup folderima na kompjuteru neke nestandardne.
Jesi li ti to namerno proskenirao ComboFix antivirusom pre nego sto si ga pustio?

Dalje, ovde ima vise instaliranih programa nego na drugih 10 kompjutera zajedno. Komp ti je prepun nekih kvazi-zastitnih programa. Ima li razloga svemu tome?

I jos nesto - nisi mi rekao na sta se konkretno zalis.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

Vindows je instaliran standardno. Nemam ni jedan antivirus sem nod eset verzije 4. Pratio sam uputstvo koje si mi ti napisao i nisam vrsio preskaniranje combofixa. Radim u srednljoj skoli i tu ima dosta racunara koji su u mrezi. Na skoro svim ima neki virus koji pokusava da unisti flash memoriju. Svi folderi se skrivaju a formiraju se neki exe fajlovi koji imaju isti naziv kao i folderi na flashu. Ovaj virus se nalazi i u jos dosta firmi. Ja sam postavio pitanje kako da zastitim usb flash od tih virusa. Posto sam taj flash stavljao i u moj komp, verovatno je on zarazen. Trenuto nemam neke vidljive smetnje na racunaru. Ako mislis da treba ponovo da instaliram Windows mogu to da uradim, ukoliko nema drugi nacin. Mada mi treba savet kako da se izbrise taj virus, jer se prosirio u celom gradu.
Unapred hvala na savetu.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Malwarebytes Anti Malware
Smart Virus Remover
Trojan Remover
Spy Cleaner Gold
Enigma Software Group
Simply Super Software
Anti Trojan Elite

Ovo gore su sve folderi od raznih sigurnosnih programa. Nije ovde samo NOD instaliran.

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1bef8e80-5f92-11dd-a962-001802f3ee32}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5bdb7ffb-97a0-11dd-ab1a-001802f3ee32}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 16 Avg 2007
  • Poruke: 315
  • Gde živiš: Srbija

evo kako izgleda log.
U pravu si sto se tice antivirusnih programa ali to sam nekada probao i ne koristim ih. Deinstaliracu ih.
ComboFix 09-04-17.03 - Boban 18.04.2009 9:04.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.499 [GMT 2:00]
Running from: c:\documents and settings\Boban\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Boban\Desktop\CFScript.txt
AV: ESET Smart Security 4.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
/wow section - STAGE 41
The system cannot find the file temp1001.
The system cannot find the path specified.
The system cannot find the path specified.
The system cannot find the path specified.
Could Not Find c:\combofix\Ori0400


((((((((((((((((((((((((( Files Created from 2009-03-18 to 2009-04-18 )))))))))))))))))))))))))))))))
.

2009-04-18 06:57 . 2009-04-18 06:57 390728 ----a-w c:\windows\system32\DLTray.EXE
2009-04-15 19:33 . 2009-04-15 19:41 22 ----a-w c:\windows\mfd.ini
2009-04-15 19:33 . 1994-02-05 22:00 25952 ----a-w c:\windows\system\MSACM.DRV
2009-04-15 19:33 . 1994-02-05 22:00 23808 ----a-w c:\windows\system\MSADPCM.ACM
2009-04-15 19:33 . 2009-04-15 19:33 -------- d-----w C:\DKMM
2009-04-14 07:23 . 2009-04-14 07:23 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-14 07:23 . 2009-04-14 07:23 1409 ----a-w c:\windows\QTFont.for
2009-04-12 21:41 . 2009-04-12 21:41 -------- d-----w C:\New Folder
2009-04-12 21:40 . 2009-04-12 21:40 -------- d-----w C:\virus
2009-04-11 17:37 . 2009-04-11 17:37 144535 ----a-w C:\KALKD.ZIP
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\Boban\Application Data\Malwarebytes
2009-03-31 20:56 . 2009-03-31 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-31 17:00 . 2009-03-31 17:00 -------- d-----w c:\program files\Common Files\EPSON
2009-03-31 17:00 . 2009-03-31 17:02 11249 ----a-w c:\windows\EPSTPLOG.BAK
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\program files\EpsonNet
2009-03-31 07:43 . 2009-03-31 07:43 -------- d-----w c:\documents and settings\All Users\Application Data\Epson
2009-03-30 18:09 . 2009-03-30 18:10 -------- d-----w C:\!SKOLA
2009-03-29 11:24 . 2009-03-29 11:24 -------- d-----w c:\program files\Smart Virus Remover
2009-03-22 17:24 . 2009-03-23 08:18 -------- d-----w c:\program files\SageTV

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-18 06:57 . 2008-06-22 07:54 714312 ----a-w c:\windows\system32\DLGPC.dll
2009-04-18 06:57 . 2008-06-22 07:54 11336 ----a-w c:\windows\system32\DLServiceMsg.dll
2009-04-14 07:26 . 2008-05-29 07:51 -------- d-----w c:\documents and settings\Boban\Application Data\MegauploadToolbar
2009-04-14 07:17 . 2009-03-16 09:30 -------- d-----w c:\program files\Super Internet TV
2009-04-14 07:16 . 2008-01-21 17:53 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-12 18:49 . 2008-08-19 13:24 -------- d-----w c:\documents and settings\Boban\Application Data\SolidDocuments
2009-04-12 13:35 . 2008-08-27 18:08 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\SolidDocuments
2009-04-08 21:27 . 2009-02-16 12:59 -------- d-----w c:\program files\Trojan Remover
2009-03-31 07:43 . 2008-01-09 05:15 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 11:31 . 2008-11-13 13:22 -------- d-----w c:\program files\Spy Cleaner Gold
2009-03-29 11:26 . 2009-03-17 15:39 -------- d-----w c:\program files\Multi Password Recovery
2009-03-26 14:28 . 2008-12-27 13:59 -------- d-----w c:\program files\Easy GIF Animator
2009-03-25 21:02 . 2008-06-03 05:26 22463 ----a-w c:\windows\system32\epfwdata.bin
2009-03-23 08:21 . 2008-02-06 17:32 -------- d-----w c:\program files\Sony
2009-03-23 08:20 . 2008-01-29 10:24 -------- d-----w c:\program files\Eltima Software
2009-03-23 08:20 . 2008-01-29 10:25 -------- d-----w c:\documents and settings\Boban\Application Data\Eltima Software
2009-03-23 08:18 . 2008-01-09 20:08 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-20 08:11 . 2009-03-03 08:10 -------- d-----w c:\documents and settings\Boban\Application Data\Kingston
2009-03-18 14:08 . 2009-03-18 14:08 -------- d-----w c:\documents and settings\All Users\Application Data\Zylom
2009-03-17 14:15 . 2009-03-17 14:06 -------- d-----w c:\program files\MyLanViewer
2009-03-17 14:12 . 2008-03-07 08:49 -------- d-----w c:\program files\Registry Clean Expert
2009-03-17 14:08 . 2008-01-11 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups
2009-03-17 13:58 . 2009-03-17 13:53 -------- dc-h--w c:\documents and settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
2009-03-17 13:54 . 2009-03-17 13:54 -------- d-----w c:\documents and settings\Boban\Application Data\Uniblue
2009-03-17 13:44 . 2008-01-09 05:22 -------- d-----w c:\program files\ESET
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\documents and settings\Boban\Application Data\FDRLab
2009-03-16 17:49 . 2009-03-16 17:49 -------- d-----w c:\program files\FDRLab
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\AskBarDis
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\program files\Foxit Software
2009-03-16 10:48 . 2009-03-16 10:48 -------- d-----w c:\documents and settings\Boban\Application Data\Foxit
2009-03-16 10:39 . 2009-03-16 09:27 -------- d-----w c:\program files\JLC's Software
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\HTML Executable
2009-03-16 10:07 . 2009-03-16 10:07 -------- d-----w c:\documents and settings\Boban\Application Data\Desktopicon
2009-03-16 09:27 . 2009-03-16 09:27 -------- d-----w c:\documents and settings\Boban\Application Data\JLC's Software
2009-03-12 20:24 . 2009-03-12 20:24 137728 ----a-w C:\M4gm.xls
2009-03-12 08:20 . 2009-03-12 08:20 -------- d-----w c:\program files\Tukero[X]Team
2009-03-10 14:02 . 2009-03-10 13:54 -------- d-----w c:\program files\Hide Start Button
2009-03-10 13:56 . 2009-03-10 13:56 -------- d-----w c:\program files\1st Security Agent
2009-03-10 13:34 . 2008-06-02 13:15 -------- d-----w c:\program files\Mgtweak
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\documents and settings\All Users\Application Data\Danware Data
2009-03-07 08:48 . 2009-03-06 18:16 -------- d-----w c:\program files\Danware Data
2009-03-04 08:46 . 2009-03-04 08:46 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\ESET
2009-02-24 15:51 . 2009-02-24 15:51 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Teleca
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\windows\system32\config\systemprofile\Application Data\Sony Ericsson
2009-02-23 14:00 . 2009-02-23 14:00 -------- d-----w c:\documents and settings\LocalService\Application Data\Sony Ericsson
2009-02-22 12:09 . 2008-01-12 19:19 -------- d-----w c:\program files\Common Files\Adobe
2009-02-22 10:51 . 2009-02-22 10:51 603904 ----a-w c:\windows\system32\TUProgSt.exe
2009-02-22 10:51 . 2009-02-22 10:51 362240 ----a-w c:\windows\system32\TuneUpDefragService.exe
2009-02-22 10:51 . 2009-02-22 10:50 -------- d-----w c:\program files\TuneUp Utilities 2009
2009-02-22 10:51 . 2009-02-22 10:51 -------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2009-02-22 10:50 . 2009-02-22 10:50 -------- d-sh--w c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-02-22 10:45 . 2008-12-08 15:31 -------- d-----w c:\program files\dvdSanta
2009-02-22 10:44 . 2008-09-17 11:45 -------- d-----w c:\program files\Hamachi
2009-02-22 10:39 . 2008-05-27 07:11 -------- d-----w c:\program files\Enigma Software Group
2009-02-22 10:38 . 2008-02-18 14:33 -------- d-----w c:\program files\Real
2009-02-22 10:33 . 2008-01-21 17:59 -------- d-----w c:\program files\CoffeeCup Software
2009-02-22 10:29 . 2008-09-22 12:33 -------- d-----w c:\program files\gs
2009-02-22 10:22 . 2009-02-22 10:22 -------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2009-02-21 11:41 . 2008-05-11 07:34 -------- d-----w c:\documents and settings\Boban\Application Data\Thinstall
2009-02-21 11:30 . 2008-01-12 19:03 -------- d-----w c:\program files\WinHTTrack
2009-02-21 11:30 . 2009-02-17 16:09 -------- d-----w c:\program files\Modem Spy
2009-02-21 11:19 . 2009-02-21 11:19 -------- d-----w c:\program files\Yamicsoft
2009-02-17 16:09 . 2009-02-17 16:09 -------- d-----w c:\documents and settings\Boban\Application Data\Modem Spy
2009-02-17 15:58 . 2009-02-17 15:58 -------- d-----w c:\program files\Phone Spy
2009-02-09 15:25 . 2008-06-15 09:22 325003 ----a-w C:\TREEINFO.NCD
2009-01-31 10:43 . 2009-01-31 10:42 13030 ----a-w C:\PDOXUSRS.NET
2009-01-14 10:29 . 2008-01-08 20:27 113304 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24E.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24D.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24C.tmp
2008-12-07 16:09 . 2008-12-07 16:09 0 ----a-w c:\documents and settings\All Users\Application Data\xml24B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87C.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87B.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml87A.tmp
2008-12-07 10:21 . 2008-12-07 10:21 0 ----a-w c:\documents and settings\All Users\Application Data\xml879.tmp
2008-09-01 08:52 . 2008-09-01 08:52 128 ----a-w c:\documents and settings\Boban\Local Settings\Application Data\fusioncache.dat
2008-07-25 13:22 . 2008-06-03 20:52 88 --sh--r c:\documents and settings\All Users\Application Data\428B7D0D81.sys
2008-07-25 13:22 . 2008-06-03 20:52 2984 --sha-w c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
.

------- Sigcheck -------

[7] 2004-08-03 21:14 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\system32\dllcache\tcpip.sys
[-] 2004-08-03 21:14 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-04-13_22.47.21.78 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-09 05:08 . 2009-04-17 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-09 05:08 . 2009-04-13 12:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-01-09 05:08 . 2009-04-17 16:42 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-01-09 05:08 . 2009-04-13 12:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-01-09 05:08 . 2009-04-17 16:42 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-01-09 05:08 . 2009-04-13 12:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-05-25 6746112]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-02-13 2046120]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideFastUserSwitching"= 0 (0x0)
"HideShutdownScripts"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLogonScripts"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"NoVisualStyleChoice"= 0 (0x0)
"NoColorChoice"= 0 (0x0)
"NoSizeChoice"= 0 (0x0)
"HideLogonScripts"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoWelcomeScreen"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThemesTab"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
"RestrictCpl"= 0 (0x0)
"DisallowCpl"= 0 (0x0)
"NoViewOnDrive"= 0 (0x0)
"RestrictRun"= 0 (0x0)
"DisallowRun"= 0 (0x0)
"NoRecycleFiles"= 0 (0x0)
"ForceRecycleBinSize"= 0 (0x0)
"NoCustomizeWebView"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoDFSTab"= 0 (0x0)
"NoCustomizeThisFolder"= 0 (0x0)
"NoWebView"= 0 (0x0)
"DontShowSuperHidden"= 0 (0x0)
"NoOnlinePrintsWizard"= 0 (0x0)
"NoPublishingWizard"= 0 (0x0)
"NoSMConfigurePrograms"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
"NoHelp"= 0 (0x0)
"NoCommonGroups"= 0 (0x0)
"NoStartMenuEjectPC"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoStartMenuSubFolders"= 0 (0x0)
"NoDisconnect"= 0 (0x0)
"NoNtSecurity"= 0 (0x0)
"GreyMSIAds"= 0 (0x0)
"ForceMaxRecentDocs"= 0 (0x0)
"NoSMBalloonTip"= 0 (0x0)
"NoSMBalloonTips"= 0 (0x0)
"HideClock"= 0 (0x0)
"HideSCAVolume"= 0 (0x0)
"HideSCANetwork"= 0 (0x0)
"HideSCAPower"= 0 (0x0)
"NoTaskGrouping"= 0 (0x0)
"NoWebServices"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"SpecifyDefaultButtons"= 0 (0x0)
"NoRecentDocsNetHood"= 0 (0x0)
"PromptRunasInstallNetPath"= 1 (0x1)
"NoResolveTrack"= 0 (0x0)
"NoDevMgrUpdate"= 0 (0x0)
"NoThumbnailCache"= 0 (0x0)
"ForceCopyAclwithFile"= 0 (0x0)
"StartRunNoHOMEPATH"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Device Lock]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2005-05-25 14:02 6746112 ----a-w c:\windows\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-04-08 07:58 68856 ----a-w c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PC Auto Shutdown"=c:\program files\PC Auto Shutdown\AutoShutdown.exe
"NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
"00saskda"="c:\program files\1st Security Agent\newlock.exe" saskda
"TrayFactory"=d:\! dobri programi\!RAZNO\PS Tray Factory 2.52\PSTrayFactory.exe /start
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"TrojanScanner"=c:\program files\Trojan Remover\Trjscan.exe /boot

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Silicon Image\\SI3114\\SiITray.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\WINDOWS\\system32\\DLService.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009\\WNt500x86\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 HWiNFO32;HWiNFO32 Kernel Driver; [x]
R2 klpsrvc;klpsrvc; [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]
R3 ATE_PROCMON;ATE_PROCMON;d:\program files\Anti Trojan Elite\ATEPMon.sys [2004-09-10 5969]
R3 block_reader;MPR DRV; [x]
R3 dwVSCD;NetOp Virtual Smart Card Driver;c:\windows\system32\DRIVERS\dwvscd.sys [2008-04-16 16696]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2007-05-02 55296]
R3 mirrorv3;mirrorv3;c:\windows\system32\DRIVERS\rminiv3.sys [2006-11-01 3328]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
R3 PORTMON;PORTMON; [x]
R3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009\RpcAgentSrv.exe [2008-09-01 98488]
R3 SetupNTGLM7X;SetupNTGLM7X; [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2008-01-25 25088]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [2007-11-07 98840]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123); [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [2008-09-14 225280]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-13 106208]
S1 NHostNT1;NetOp Driver 1 ver. 9.21 (2008329);c:\windows\System32\Drivers\NHOSTNT1.SYS [2008-11-24 102544]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\apache.exe [2008-06-14 17408]
S2 DeskSaverService;DeskSaverService;c:\program files\PC Security Tweaker\newlock.exe [2008-07-06 1453056]
S2 Device Lock;DeviceLock Service;c:\windows\system32\DLService.exe [2008-06-04 3130952]
S2 drhard;drhard; [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-02-13 727720]
S2 NetOp Host for NT Service;NetOp Helper ver. 9.21 (2008329);c:\program files\Danware Data\NetOp School\Student\NHOSTSVC.EXE [2008-11-24 1705896]
S2 PCAutoShutdown_Service;PCAutoShutdown_Service;c:\program files\PC Auto Shutdown\ShutdownService.exe [2006-12-08 451072]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-02-22 603904]
S3 iadusb;MT882;c:\windows\system32\DRIVERS\glauiad.sys [2006-03-20 30336]
S3 NHOSTNT3;NetOp Driver 3 ver. 9.21 (2008329) (NHOSTNT3);c:\windows\System32\Drivers\NHOSTNT3.SYS [2008-11-24 10280]


--- Other Services/Drivers In Memory ---

*Deregistered* - DeviceLockDriver0
*Deregistered* - DeviceLockDriverHlpExtG3

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2009-04-18 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 15:28]

2009-04-17 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-28 01:39]

2008-08-03 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 12:28]

2009-04-17 c:\windows\Tasks\OFF.job
- c:\windows\system32\shutdown.exe [2004-08-03 22:56]
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\pchealth\helpctr\System\panels\blank.htm
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1
uInternet Settings,ProxyServer = ftp=127.0.0.1:8080;http=127.0.0.1:8080
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: + Offline &Explorer: Download the link
IE: + Offline E&xplorer: Download the current page
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Link to &MidpX - c:\program files\Kwyshell\MidpX\JadInvoker\Extent\jad_wrap.htm
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?f25ef1eeb96d429e96eefb6082dd5c95
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?f25ef1eeb96d429e96eefb6082dd5c95
IE: Prevedi sa Di recnikom - d:\program files\Di recnik\diie.htm
IE: Translate with Di dictionary -
FF - ProfilePath - c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\
FF - component: c:\documents and settings\Boban\Application Data\Mozilla\Firefox\Profiles\dwmi830w.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}\components\FFAlert.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Boban\Application Data\Mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-18 09:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4E628ABE-25B0-7959-18B5-B5F2BAB81FE5}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"panclfcefkdjlbbabbfkekfnebmkibgh"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,
6a,65,66,61,67,65,65,00,fc
"oahdnggiehbahillfkklckihjgbofc"=hex:6a,61,6d,67,6f,67,6c,63,65,68,62,64,6e,6a,
65,66,61,67,65,65,00,ff

[HKEY_USERS\S-1-5-21-1275210071-1343024091-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9435EE08-ADD3-A534-31C1-CE2382557008}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakljmmedmndhcoabi"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"hamlhhoibinpocak"=hex:6a,61,6e,66,6b,68,6c,6a,6b,68,6c,6c,6b,63,6a,63,6c,65,
6c,65,00,0c
"gajkigojcnlgaa"=hex:6a,61,6e,66,6c,68,6d,6a,62,6e,6b,62,6a,66,66,6f,66,69,6b,
6f,00,02

[HKEY_LOCAL_MACHINE\software\Classes\N94827103]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="S"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(5384)
c:\windows\system32\msi.dll
.
Completion time: 2009-04-18 9:08
ComboFix-quarantined-files.txt 2009-04-18 07:08
ComboFix2.txt 2009-04-17 07:26
ComboFix3.txt 2009-04-13 20:48

Pre-Run: 53.398.179.840 bytes free
Post-Run: 53.381.054.464 bytes free

416

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ja bih rekao da u logu nema vise niceg spornog.
Kazi mi kako se komp ponasa? Je li sve u redu?

Ako jeste, onda treba deinstalirati ComboFix prema sledecem upustvu:

Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 849 korisnika na forumu :: 43 registrovanih, 6 sakrivenih i 800 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., AF-1, AK - 230, amaterSRB, Andrija357, arsa, babaroga, Bane san, Bogoslov, Brankoni, cenejac111, Ctrl x, darcaud, Dorcolac, Drug pukovnik, goxin, goxsys, hyla, ivica976, Koca Popovic, krlebgd77, manda87, Marko Marković, MB120mm, mercedesamg, Mercury, Miskohd, Ognjen D., pein, raketaš, Recce, rovac, Sale.S, saputnik plavetnila, Singidunumac, Smd, Sr.Stat., Srle993, Toni, VJ, voja64, xJeremijAx, |_MeD_|