infekcija detektovana

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

skener pošte detektuje infekciju (puno mailova za slanje ), firefox nestabilan,
i inače čudno ponašanje računara.

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 20:50:10, on 14.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Analog Devices\SoundMAX\smax4.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DVB-S PowerInstall\PSU.EXE
C:\Program Files\Common Files\Sonic Shared\cinetray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live Toolbar\ComponentManager.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Petar\My Documents\programi\sorry.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {70AB0A8B-8A8A-496F-A339-4CD2F3352991} - C:\WINDOWS\system32\fcccbyy.dll
O2 - BHO: {387f990f-2e06-ea1b-89f4-296cd2de98d8} - {8d89ed2d-c692-4f98-b1ae-60e2f099f783} - C:\WINDOWS\system32\fibgblsq.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA7D75CB-A770-4436-9FFA-B922AE08D969} - C:\WINDOWS\system32\vturr.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: e404 helper - {D4FEDE82-C500-4AA4-BB99-A4DAE5A65A46} - C:\Program Files\Helper\1205522538.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BM73f50f8e] Rundll32.exe "C:\WINDOWS\system32\xtlstuea.dll",s
O4 - HKLM\..\Run: [70c63c12] rundll32.exe "C:\WINDOWS\system32\xcrmavrj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerInstall Key Updater.lnk = C:\Program Files\DVB-S PowerInstall\PSU.EXE
O4 - Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: Super Turbo Tango Patcher Reloader.lnk = C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?2d15d7526dd74ba185585bcfe79ab988
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?2d15d7526dd74ba185585bcfe79ab988
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....9613232187
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: fcccbyy - C:\WINDOWS\SYSTEM32\fcccbyy.dll
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O21 - SSODL: bxlrvps - {B4C5266E-3F3E-4291-87A4-A4ED66E8F894} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleilCS - IVT Corporation. - (no file)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - Unknown owner - (no file)
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe

--
End of file - 8348 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Poz...




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.

Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo i combofix


ComboFix 08-03-14.2 - Petar 2008-03-14 21:06:41.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.453 [GMT 1:00]
Running from: C:\Documents and Settings\Petar\Desktop\ComboFix_2.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kl.exe
C:\kmd.exe
C:\Program Files\Helper
C:\Program Files\Helper\1205522538.dll
C:\WINDOWS\BM73f50f8e.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aoajnftd.dll
C:\WINDOWS\system32\drivers\Rse17.sys
C:\WINDOWS\system32\fcccbyy.dll
C:\WINDOWS\system32\fibgblsq.dll
C:\WINDOWS\system32\gksxhdue.dll
C:\WINDOWS\system32\gtelbacw.dll
C:\WINDOWS\system32\jlfbbqmr.ini
C:\WINDOWS\system32\jrvamrcx.ini
C:\WINDOWS\system32\lorxapge.dll
C:\WINDOWS\system32\rmqbbflj.dll
C:\WINDOWS\system32\rrutv.ini
C:\WINDOWS\system32\rrutv.ini2
C:\WINDOWS\system32\vturr.dll
C:\WINDOWS\system32\wcabletg.ini
C:\WINDOWS\system32\xcrmavrj.dll
C:\WINDOWS\system32\xtlstuea.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_RSE17
-------\Rse17


((((((((((((((((((((((((( Files Created from 2008-02-14 to 2008-03-14 )))))))))))))))))))))))))))))))
.

2008-03-14 20:44 . 2008-03-14 21:14 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-03-14 20:23 . 2008-03-14 20:23 63 --a------ C:\WINDOWS\system32\70c62e9c
2008-03-14 20:22 . 2008-03-14 20:43 11,776 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-03-14 18:13 . 2008-03-14 20:21 58,368 --a------ C:\onhtp.exe
2008-03-14 18:13 . 2008-03-14 20:21 6,144 --a------ C:\ffdcahl.exe
2008-03-14 18:13 . 2008-03-14 20:22 2 --a------ C:\1892039869
2008-03-13 14:13 . 2008-03-13 14:35 <DIR> d-------- C:\Program Files\AIMP2
2008-03-12 21:53 . 2008-03-12 21:53 253,360 --a------ C:\WINDOWS\ProgDVB Uninstaller.exe
2008-03-12 21:18 . 2008-03-12 22:12 <DIR> d-------- C:\Program Files\SkyView
2008-03-11 12:06 . 2008-03-13 11:35 <DIR> d-------- C:\Program Files\David J Taylor
2008-03-10 18:54 . 2008-03-13 14:41 <DIR> d-------- C:\Program Files\ProgDVB
2008-03-10 17:15 . 2008-03-14 20:18 <DIR> d-------- C:\Program Files\DVB-S PowerInstall
2008-03-10 17:09 . 2008-03-10 17:21 <DIR> d-------- C:\Program Files\vPlug Files Center
2008-03-10 16:45 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\WinPcap
2008-03-10 16:44 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\SkyGrabber
2008-03-10 11:59 . 2008-03-10 12:12 <DIR> d-------- C:\Program Files\DVBViewerTE
2008-03-10 11:58 . 2008-03-10 11:59 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-03-10 11:58 . 2008-03-10 11:58 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-10 11:57 . 2008-03-10 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 11:57 . 2008-03-10 11:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 21:37 . 2008-03-09 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-03-09 21:04 . 2008-03-12 22:14 34 --a------ C:\ProgDVB.ini
2008-03-09 20:57 . 2006-03-14 02:22 349,184 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Program Files\VIA
2008-03-04 16:53 . 2002-12-11 18:09 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-03-04 16:53 . 2002-12-11 17:34 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-03-04 11:25 . 2008-03-04 11:25 0 --a------ C:\WINDOWS\system32\BSPRINT.INI
2008-03-03 01:17 . 2008-03-03 01:17 5,863 --a------ C:\WINDOWS\system32\ubuntu tema.Theme
2008-03-02 21:51 . 2008-03-02 22:17 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\VoipBuster
2008-03-02 21:48 . 2008-03-02 21:48 <DIR> d-------- C:\Program Files\VoipBuster.com
2008-03-01 02:30 . 2008-03-01 02:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-01 02:30 . 2008-03-01 02:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-01 02:08 . 2002-12-27 04:41 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-03-01 01:35 . 2008-03-01 01:35 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Uniblue
2008-03-01 00:01 . 2008-03-01 00:01 <DIR> d-------- C:\Program Files\Shock Utility
2008-03-01 00:01 . 2008-03-01 00:01 65,536 --a------ C:\WINDOWS\IFinst27.exe
2008-02-28 19:45 . 2008-02-28 19:45 <DIR> d-------- C:\Program Files\Vasilios Applications
2008-02-28 19:29 . 2008-03-13 11:36 <DIR> d-------- C:\Program Files\Zortam Mp3 Media Studio
2008-02-28 19:20 . 2008-02-28 19:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-28 19:18 . 2008-02-28 19:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-28 19:13 . 2008-02-28 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-02-28 18:31 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb
2008-02-28 18:17 . 2008-03-03 01:19 <DIR> d-------- C:\WINDOWS\Super Turbo Tango Patcher
2008-02-28 17:40 . 2005-03-24 13:24 153,718 --a------ C:\WINDOWS\boot.bmp
2008-02-28 17:35 . 2008-02-28 19:50 <DIR> d-------- C:\Program Files\Slimm Boot-Logo
2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini
2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com
2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout
2008-02-26 23:52 . 2008-03-14 18:17 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft
2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe
2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone
2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll
2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll
2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock
2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg
2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek
2008-02-25 08:01 . 2008-03-01 03:51 <DIR> d-------- C:\Program Files\nLite
2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS
2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 20:14 26,240 ----a-w C:\WINDOWS\system32\drivers\Beh41.sys
2008-03-14 20:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-13 13:30 294,929 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat
2008-03-11 11:09 678,746 ----a-w C:\WINDOWS\unins000.exe
2008-03-11 07:33 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus
2008-03-11 07:00 --------- d-----w C:\Program Files\Azureus
2008-03-10 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 09:25 --------- d-----w C:\Program Files\SpeedFan
2008-03-02 21:38 --------- d-----w C:\Documents and Settings\Petar\Application Data\Skype
2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-28 19:05 --------- d-----w C:\Program Files\RocketReader KidsV3
2008-02-28 19:05 --------- d-----r C:\Program Files\TypingMaster
2008-02-28 17:21 --------- d-----w C:\Program Files\Winamp
2008-02-28 17:19 2,320,384 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-28 17:19 2,187,264 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO
2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia
2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour
2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran
2008-02-26 20:16 --------- d-----w C:\Program Files\TP
2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan
2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC
2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2
2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-26 19:53 --------- d-----w C:\Program Files\eMule
2008-02-26 19:52 --------- d-----w C:\Program Files\DivX
2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer
2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe
2008-02-11 23:31 --------- d-----w C:\Program Files\ASUS
2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-11 17:42 --------- d-----w C:\Program Files\Activision
2008-02-10 23:12 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ
2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker
2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006
2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler
2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec
2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx
2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools
2008-01-14 21:15 --------- d-----w C:\Program Files\Free DVD Ripper
2008-01-14 20:52 --------- d-----w C:\Program Files\uplink
2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys
2006-05-24 15:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 16:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 15:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2004-08-03 22:56 93,184 --sha-w C:\WINDOWS\Super Turbo Tango Patcher\Backup\iexplore.exe
.

------- Sigcheck -------

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2gdr\user32.dll
2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll
2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\user32.dll
2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\dllcache\user32.dll

2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntkrnlpa.exe
2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntkrnlpa.exe
2004-08-04 00:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2008-02-28 18:19 2187264 adb6cf9a8a0bbaf5f18c22179e93c380 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 00:05 2187264 83a784e2516c022a4e27736605818339 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 10:55 2182144 19d249958ca4b26ec0e2b472a54286af C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntoskrnl.exe
2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntoskrnl.exe
2004-08-03 22:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2008-02-28 18:19 2320384 66b5883ab972da755ee6ca4663fa3bb0 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 22:18 2320384 e82797f423fa850f04d042df08227b4e C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\explorer.exe
2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe
2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
PowerInstall Key Updater.lnk - C:\Program Files\DVB-S PowerInstall\PSU.EXE [2008-02-06 21:05:40 52094]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-05-21 03:37:38 108398]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-03-14 20:43 11776 C:\WINDOWS\system32\WLCtrl32.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
"Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"snpstd3"=C:\WINDOWS\vsnpstd3.exe
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UACDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\SIERRA\\Half-Life\\hlds.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\My Drivers\\MyDrivers.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"86:TCP"= 86:TCP:BroadCam Web Server

R0 Beh41;Beh41;C:\WINDOWS\system32\Drivers\Beh41.sys [2008-03-14 21:14]
R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 02:22]
S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-26 16:26]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}]
\Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7c9c5aa-8a05-11dc-b161-0017319b95e3}]
\Shell\AutoRun\command - H:\.\Start.exe

*Newly Created Service* - BEH41
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-14 21:14:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aiqpbter]
"ImagePath"="\??\C:\WINDOWS\Help\aiqpbter.chm"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\BsLangInDepRes.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
.
**************************************************************************
.
Completion time: 2008-03-14 21:18:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-14 20:18:48
.
2007-09-13 08:16:44 --- E O F ---

Dopuna: 14 Mar 2008 21:45

evo poruke avasta

Ima previše identičnih e-poruka u zakazanom vremenu


Šalje: "Kolja Guimont" <49-54946@afj.lk>
Prima: eejielim@gmail.com
Naslov: Watch Hayden moan in pleasureIma previše identičnih e-poruka u zakazanom vremenu


Šalje: "quran Blaskie" <quran-5630794@afj.lk>
Prima: eejielim@gmail.com; jennifersamuels@gmail.com
Naslov: Watch Hayden moan in pleasure

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Aktiviraj prikaz skrivenih/sistemskih file-ova/foldera: http://www.mycity.rs/Uputstva-sa-ex-SuperSajta/Kako-videti-skrivene-fajlove.html



Upload-uj file: C:\WINDOWS\system32\drivers\Beh41.sys

preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php



-------------------------------------------------------------------------------------


Nakon izvršenog upload-a...

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\70c62e9c
C:\WINDOWS\system32\WLCtrl32.dll
C:\onhtp.exe
C:\ffdcahl.exe
C:\1892039869
C:\WINDOWS\system32\drivers\Beh41.sys
C:\WINDOWS\Help\aiqpbter.chm

Driver::
Beh41

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aiqpbter]





Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.

Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mogu uploadovati beh41.sys javlja da je fajl prevevik, mada je njegova veličina 25.6 kb.
Da uradim ostalo preko cf ili da probam nešto drugo?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isprati uputstvo za ComboFix...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-14.2 - Petar 2008-03-15 10:11:49.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.541 [GMT 1:00]
Running from: C:\Documents and Settings\Petar\Desktop\ComboFix_2.exe
Command switches used :: C:\Documents and Settings\Petar\Desktop\CFScript
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\1892039869
C:\ffdcahl.exe
C:\onhtp.exe
C:\WINDOWS\Help\aiqpbter.chm
C:\WINDOWS\system32\70c62e9c
C:\WINDOWS\system32\drivers\Beh41.sys
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\1892039869
C:\ffdcahl.exe
C:\onhtp.exe
C:\WINDOWS\Help\aiqpbter.chm
C:\WINDOWS\system32\70c62e9c
C:\WINDOWS\system32\drivers\Beh41.sys
C:\WINDOWS\system32\WLCtrl32.dl_
C:\WINDOWS\system32\WLCtrl32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\LEGACY_BEH41
-------\Beh41


((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-13 14:13 . 2008-03-13 14:35 <DIR> d-------- C:\Program Files\AIMP2
2008-03-12 21:53 . 2008-03-12 21:53 253,360 --a------ C:\WINDOWS\ProgDVB Uninstaller.exe
2008-03-12 21:18 . 2008-03-12 22:12 <DIR> d-------- C:\Program Files\SkyView
2008-03-11 12:06 . 2008-03-13 11:35 <DIR> d-------- C:\Program Files\David J Taylor
2008-03-10 18:54 . 2008-03-13 14:41 <DIR> d-------- C:\Program Files\ProgDVB
2008-03-10 17:15 . 2008-03-15 09:43 <DIR> d-------- C:\Program Files\DVB-S PowerInstall
2008-03-10 17:09 . 2008-03-10 17:21 <DIR> d-------- C:\Program Files\vPlug Files Center
2008-03-10 16:45 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\WinPcap
2008-03-10 16:44 . 2008-03-10 16:45 <DIR> d-------- C:\Program Files\SkyGrabber
2008-03-10 11:59 . 2008-03-10 12:12 <DIR> d-------- C:\Program Files\DVBViewerTE
2008-03-10 11:58 . 2008-03-10 11:59 <DIR> d-------- C:\Program Files\TechniSat DVB
2008-03-10 11:58 . 2008-03-10 11:58 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-03-10 11:57 . 2008-03-10 11:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-10 11:57 . 2008-03-10 11:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-09 21:37 . 2008-03-09 21:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Mixesoft
2008-03-09 21:04 . 2008-03-12 22:14 34 --a------ C:\ProgDVB.ini
2008-03-09 20:57 . 2006-03-14 02:22 349,184 -ra------ C:\WINDOWS\system32\drivers\SkyNET.sys
2008-03-09 20:49 . 2008-03-09 20:49 <DIR> d-------- C:\Program Files\VIA
2008-03-04 16:53 . 2002-12-11 18:09 217,600 --a--c--- C:\WINDOWS\system32\dllcache\npdrmv2.dll
2008-03-04 16:53 . 2002-12-11 17:34 9,728 --a--c--- C:\WINDOWS\system32\dllcache\npwmsdrm.dll
2008-03-04 11:25 . 2008-03-04 11:25 0 --a------ C:\WINDOWS\system32\BSPRINT.INI
2008-03-03 01:17 . 2008-03-03 01:17 5,863 --a------ C:\WINDOWS\system32\ubuntu tema.Theme
2008-03-02 21:51 . 2008-03-02 22:17 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\VoipBuster
2008-03-02 21:48 . 2008-03-02 21:48 <DIR> d-------- C:\Program Files\VoipBuster.com
2008-03-01 02:30 . 2008-03-01 02:30 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-03-01 02:30 . 2008-03-01 02:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2008-03-01 02:08 . 2002-12-27 04:41 26,880 --a------ C:\WINDOWS\system32\drivers\VIAAGP1.SYS
2008-03-01 01:35 . 2008-03-01 01:35 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Uniblue
2008-03-01 00:01 . 2008-03-01 00:01 <DIR> d-------- C:\Program Files\Shock Utility
2008-03-01 00:01 . 2008-03-01 00:01 65,536 --a------ C:\WINDOWS\IFinst27.exe
2008-02-28 19:45 . 2008-02-28 19:45 <DIR> d-------- C:\Program Files\Vasilios Applications
2008-02-28 19:29 . 2008-03-13 11:36 <DIR> d-------- C:\Program Files\Zortam Mp3 Media Studio
2008-02-28 19:20 . 2008-02-28 19:20 <DIR> d-------- C:\Program Files\NCH Swift Sound
2008-02-28 19:18 . 2008-02-28 19:18 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\DivX
2008-02-28 19:13 . 2008-02-28 19:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NCH Software
2008-02-28 18:31 . 2002-11-22 14:46 554,776 --a------ C:\WINDOWS\system32\olelib.tlb
2008-02-28 18:17 . 2008-03-03 01:19 <DIR> d-------- C:\WINDOWS\Super Turbo Tango Patcher
2008-02-28 17:40 . 2005-03-24 13:24 153,718 --a------ C:\WINDOWS\boot.bmp
2008-02-28 17:35 . 2008-02-28 19:50 <DIR> d-------- C:\Program Files\Slimm Boot-Logo
2008-02-27 11:14 . 2008-02-27 11:14 250 --a------ C:\WINDOWS\gmer.ini
2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-27 10:11 . 2008-03-01 02:53 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\SUPERAntiSpyware.com
2008-02-27 10:11 . 2008-02-27 10:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-27 09:52 . 2008-02-27 09:56 <DIR> d-------- C:\fixwareout
2008-02-26 23:52 . 2008-03-14 21:18 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-02-26 22:58 . 2008-02-26 22:58 <DIR> d-------- C:\Documents and Settings\Petar\Application Data\Lavasoft
2008-02-26 22:31 . 2008-02-26 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 19:59 . 2008-02-26 20:10 8,192 --a------ C:\WINDOWS\Rpoint.exe
2008-02-26 19:58 . 2008-02-26 22:25 <DIR> d-------- C:\spywarebegone
2008-02-26 19:58 . 2008-02-26 19:58 170 --a------ C:\WINDOWS\spywarebegone-fullversion-installed.html
2008-02-26 15:27 . 2008-02-26 15:27 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-02-26 15:00 . 2002-11-22 01:00 221,184 --a------ C:\WINDOWS\system32\DartSock.dll
2008-02-26 15:00 . 2002-11-25 01:00 118,784 --a------ C:\WINDOWS\system32\DartWeb.dll
2008-02-26 15:00 . 2000-10-10 01:00 49,152 --a------ C:\WINDOWS\system32\DartObjects.dll
2008-02-26 14:56 . 2008-02-26 14:56 <DIR> d-------- C:\Program Files\Stardock
2008-02-26 14:56 . 2003-02-26 22:27 36,864 --------- C:\WINDOWS\system32\wbsys.dll
2008-02-25 15:55 . 2008-02-12 00:54 309,916 --a------ C:\WINDOWS\wall8_2.jpg
2008-02-25 15:50 . 2008-02-25 15:50 <DIR> d-------- C:\Program Files\TGTSoft
2008-02-25 15:22 . 2008-02-25 15:22 <DIR> d-------- C:\Program Files\VirtuallTek
2008-02-25 08:01 . 2008-03-01 03:51 <DIR> d-------- C:\Program Files\nLite
2008-02-16 00:55 . 2008-02-16 00:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2008-02-16 00:54 . 2008-02-16 00:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Installations
2008-02-16 00:49 . 2008-02-26 21:14 <DIR> d-------- C:\Program Files\NSS
2008-02-16 00:49 . 2006-08-29 15:56 32,377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-14 20:03 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-13 13:30 294,929 ---h--w C:\Documents and Settings\Petar\Application Data\TurboLaunch_IconCache.dat
2008-03-11 11:09 678,746 ----a-w C:\WINDOWS\unins000.exe
2008-03-11 07:33 --------- d-----w C:\Documents and Settings\Petar\Application Data\Azureus
2008-03-11 07:00 --------- d-----w C:\Program Files\Azureus
2008-03-10 10:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-09 20:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-04 09:25 --------- d-----w C:\Program Files\SpeedFan
2008-03-02 21:38 --------- d-----w C:\Documents and Settings\Petar\Application Data\Skype
2008-03-01 01:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-03-01 01:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-28 19:05 --------- d-----w C:\Program Files\RocketReader KidsV3
2008-02-28 19:05 --------- d-----r C:\Program Files\TypingMaster
2008-02-28 17:21 --------- d-----w C:\Program Files\Winamp
2008-02-28 17:19 2,320,384 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-02-28 17:19 2,187,264 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-02-27 12:58 --------- d-----w C:\Program Files\PowerISO
2008-02-27 10:03 --------- d-----w C:\Program Files\Nokia
2008-02-27 10:03 --------- d-----w C:\Program Files\Common Files\Nokia
2008-02-26 20:41 --------- d-----w C:\Program Files\Bonjour
2008-02-26 20:23 --------- d-----w C:\Program Files\NeuroTran
2008-02-26 20:16 --------- d-----w C:\Program Files\TP
2008-02-26 20:08 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-26 20:06 --------- d-----w C:\Program Files\Morgan
2008-02-26 20:05 --------- d-----w C:\Program Files\mIRC
2008-02-26 20:02 --------- d-----w C:\Program Files\Hunting Unlimited 2
2008-02-26 19:53 --------- d-----w C:\Program Files\Free Audio Pack
2008-02-26 19:53 --------- d-----w C:\Program Files\eMule
2008-02-26 19:52 --------- d-----w C:\Program Files\DivX
2008-02-26 19:45 --------- d-----w C:\Documents and Settings\Petar\Application Data\BSplayer
2008-02-26 19:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-26 18:58 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-02-14 19:50 --------- d-----w C:\Documents and Settings\Petar\Application Data\Metacafe
2008-02-11 23:31 --------- d-----w C:\Program Files\ASUS
2008-02-11 17:56 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-11 17:42 --------- d-----w C:\Program Files\Activision
2008-02-10 23:12 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-02-08 10:13 --------- d-----w C:\Program Files\VirtualDJ
2008-02-08 10:13 --------- d-----w C:\Program Files\Folder Marker
2008-02-08 10:13 --------- d-----w C:\Program Files\Cheatbook Database 2006
2008-02-08 10:12 --------- d-----w C:\Program Files\Solways Task Scheduler
2008-01-28 21:35 --------- d-----w C:\Program Files\SourceTec
2008-01-28 21:35 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-01-17 21:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\MicroSoftOcx
2008-01-15 13:55 --------- d-----w C:\Program Files\D-Tools
2008-01-08 21:58 47,360 ----a-w C:\Documents and Settings\Petar\Application Data\pcouffin.sys
2006-05-24 15:38 233,472 ----a-w C:\Program Files\mozilla firefox\plugins\CrazyTalk4Native.dll
2006-05-18 16:00 204,895 ----a-w C:\Program Files\mozilla firefox\plugins\ctdomemhelper.dll
2005-09-29 13:41 77,824 ----a-w C:\Program Files\mozilla firefox\plugins\ctframeplayerobject.dll
2006-05-18 15:59 426,081 ----a-w C:\Program Files\mozilla firefox\plugins\ctplayerobject.dll
2005-02-02 11:19 458,752 ----a-w C:\Program Files\mozilla firefox\plugins\imagickrt.dll
2006-04-10 17:35 139,264 ----a-w C:\Program Files\mozilla firefox\plugins\rlcontentclass.dll
2005-11-09 10:10 204,800 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicPacker.dll
2005-11-09 10:42 106,496 ----a-w C:\Program Files\mozilla firefox\plugins\RLMusicUnpacker.dll
2006-01-04 10:22 212,992 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoicePacker.dll
2006-01-04 10:21 167,936 ----a-w C:\Program Files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2004-08-03 22:56 93,184 --sha-w C:\WINDOWS\Super Turbo Tango Patcher\Backup\iexplore.exe
.

------- Sigcheck -------

2007-03-08 16:36 577536 b409909f6e2e8a7067076ed748abf1e7 C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2gdr\user32.dll
2007-03-08 16:48 578048 7aa4f6c00405dfc4b70ed4214e7d687b C:\WINDOWS\SoftwareDistribution\Download\4d9d678c0d8af22c04a4a7fc7f1ff86c\sp2qfe\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2gdr\user32.dll
2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\user32.dll
2005-03-02 19:09 577024 de2db164bbb35db061af0997e4499054 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2gdr\user32.dll
2005-03-02 19:19 577024 1800f293bccc8ede8a70e12b88d80036 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\user32.dll
2004-08-03 23:56 577024 c72661f8552ace7c5c85e16a3cf505c4 C:\WINDOWS\Super Turbo Tango Patcher\Backup\user32.dll
2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\user32.dll
2004-08-03 23:56 540672 348a1fb4d6ff3ba12c55da1f8bdbc0d9 C:\WINDOWS\system32\dllcache\user32.dll

2007-02-28 10:15 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 09:38 2057600 515d30e2c90a3665a2739309334c9283 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntkrnlpa.exe
2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntkrnlpa.exe
2004-08-03 22:59 2056832 947fb1d86d14afcffdb54bf837ec25d0 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntkrnlpa.exe
2005-03-02 01:36 2056832 d8aba3eab509627e707a3b14f00fbb6b C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntkrnlpa.exe
2004-08-04 00:05 2015232 fb142b7007ca2eea76966c6c5cc12150 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntkrnlpa.exe
2008-02-28 18:19 2187264 adb6cf9a8a0bbaf5f18c22179e93c380 C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-04 00:05 2187264 83a784e2516c022a4e27736605818339 C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 10:55 2182144 19d249958ca4b26ec0e2b472a54286af C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 10:10 2180352 582a8dbaa58c3b1f176eb2817daee77c C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2gdr\ntoskrnl.exe
2007-02-28 10:55 2182144 5a5c8db4aa962c714c8371fbdf189fc9 C:\WINDOWS\SoftwareDistribution\Download\10e16e65c532d077de7c89a212bd8df8\sp2qfe\ntoskrnl.exe
2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3b8fb011c281dea1cb7a45f880da78\sp2qfe\ntoskrnl.exe
2004-08-03 23:20 2180992 ce218bc7088681faa06633e218596ca7 C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\backup\sp2gdr\ntoskrnl.exe
2005-03-02 02:04 2179456 28187802b7c368c0d3aef7d4c382aabb C:\WINDOWS\SoftwareDistribution\Download\dc3fa7fed4facc29618f4c01f9c9f686\sp2qfe\ntoskrnl.exe
2004-08-03 22:18 2148352 626309040459c3915997ef98ec1c8d40 C:\WINDOWS\Super Turbo Tango Patcher\Backup\ntoskrnl.exe
2008-02-28 18:19 2320384 66b5883ab972da755ee6ca4663fa3bb0 C:\WINDOWS\system32\ntoskrnl.exe
2004-08-03 22:18 2320384 e82797f423fa850f04d042df08227b4e C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\explorer.exe
2007-06-13 12:26 1033216 7712df0cdde3a5ac89843e61cd5b3658 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-03 23:56 1032192 a0732187050030ae399b241436565e64 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 11:23 1033216 97bd6515465659ff8f3b7be375b2ea87 C:\WINDOWS\Super Turbo Tango Patcher\Backup\explorer.exe
2007-06-13 11:23 980992 02a351f886df3dd2f0a90057c40be755 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((( snapshot@2008-03-14_21.18.33.71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-03-14 19:45:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
+ 2008-03-15 09:02:24 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
- 2008-03-14 19:45:31 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2008-03-15 09:07:51 131,072 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-03-14 19:47:45 32,768 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat
+ 2008-03-14 22:10:05 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031420080315\index.dat
+ 2008-03-15 09:07:44 49,152 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat
- 2008-03-14 19:51:16 65,536 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-15 09:09:20 327,680 ----a-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2008-03-15 09:16:43 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SoundMax"="C:\Program Files\Analog Devices\SoundMAX\smax4.exe" [2005-09-07 14:35 716800]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 10:11 925696]
"snpstd3"="C:\WINDOWS\vsnpstd3.exe" [2005-09-05 14:55 339968]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
PowerInstall Key Updater.lnk - C:\Program Files\DVB-S PowerInstall\PSU.EXE [2008-02-06 21:05:40 52094]
Sonic CinePlayer Quick Launch.lnk - C:\Program Files\Common Files\Sonic Shared\cinetray.exe [2002-09-18 14:16:30 98304]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Super Turbo Tango Patcher Reloader.lnk - C:\WINDOWS\Super Turbo Tango Patcher\Reloader.exe [2007-05-21 03:37:38 108398]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-10-18 19:47 75064 C:\WINDOWS\system32\LMIinit.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background
"Web Video Downloader"="C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe"
"Slawdog Smart Shutdown"=C:\Program Files\Slawdog\Smart Shutdown\Smart Shutdown.exe startup

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" -lang 1033
"snpstd3"=C:\WINDOWS\vsnpstd3.exe
"DownloadAccelerator"="C:\Program Files\DAP\DAP.EXE" /STARTUP
"KernelFaultCheck"=%systemroot%\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UACDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\MSI\\MyGuard Live\\MyGuard Live.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\SIERRA\\Half-Life\\hl.exe"=
"C:\\SIERRA\\Half-Life\\hlds.exe"=
"C:\\Program Files\\DAP\\DAP.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"=
"C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"=
"C:\\Program Files\\My Drivers\\MyDrivers.exe"=
"C:\\Program Files\\VoipBuster.com\\VoipBuster\\VoipBuster.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\ProgDVB\\ProgDvbNet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"86:TCP"= 86:TCP:BroadCam Web Server

R0 hotcore;hotcore;C:\WINDOWS\system32\drivers\hotcore.sys [2005-07-22 12:07]
R1 Cinemsup;Cinemsup;C:\WINDOWS\system32\drivers\Cinemsup.sys [2002-07-19 08:10]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-09-12 09:20]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-09-23 20:21]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 SKYNET;TechniSat DVB-PC TV Star PCI;C:\WINDOWS\system32\DRIVERS\SkyNET.SYS [2006-03-14 02:22]
S1 StarPortLite;StarPort Storage Controller (Lite);C:\WINDOWS\system32\DRIVERS\StarPortLite.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys []
S3 ASPI;Advanced SCSI Programming Interface Driver;C:\WINDOWS\System32\DRIVERS\ASPI32.sys [2002-07-17 08:05]
S3 Asushwio;Asushwio;C:\WINDOWS\system32\drivers\Asushwio.sys [2004-04-26 16:26]
S3 PavSRK.sys;PavSRK.sys;C:\WINDOWS\system32\PavSRK.sys []
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 11:54]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cb01b14d-60ce-11dc-ab2e-806d6172696f}]
\Shell\AutoRun\command - E:\bootcd\wintools\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7c9c5aa-8a05-11dc-b161-0017319b95e3}]
\Shell\AutoRun\command - H:\.\Start.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-15 10:17:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\WINDOWS\system32\BsLangInDepRes.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-03-15 10:21:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-15 09:21:22
ComboFix2.txt 2008-03-14 20:18:52
.
2007-09-13 08:16:44 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipuj/raruj kompletan sledeći folder: C:\QooBox\Quarantine ( <--- Quarantine folder )

i uploaduj ga: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u.
Raspakuj ga u neki folder.

Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu.
Klikni na Scan.
Kada je skeniranje završeno, klik na Save ... dugme ispod i sačuvaj logfile.
Priloži sačuvani logfile uz poruku (koristi opciju Prikači fajl)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

.rar je poslan, log prikačen.
mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini file mbr.exe sa ovog linka i sačuvaj ga na Desktopu.

- Dvoklikom pokreni mbr.exe
- Crni prozor će se na kratko otvoriti
- Iskopiraj ovde sadržaj file-a mbr.log koji će se nalaziti na Desktopu.



-------------------------------------------------------------------------------------



Preuzmi Dr.Web CureIt (~9 MB).


Dvoklikom pokreni cureit.exe, nakon čega će se pojaviti uvodni prozor - klikni Start

Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK

Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK

U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje

Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju

Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i,
u meniju koji se otvori, klikni Move incurable:


Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu

Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.