može provjera? nešt jako čudno se dešava

može provjera? nešt jako čudno se dešava

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

Svakih 10 sekundi mi nestanu ikone sa pozadine i ona dole programska
traka i onda se vrate nakon 1-2 sekunde, a pozadina ostane.
pa bih vas molio da provjerite jel ima šta.
hvala!


-----------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:53:35, on 9.11.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Documents and Settings\Robi\Application Data\gadcom\gadcom.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\Program Files\BHROOT\BIN\NT611SVC.EXE
C:\Program Files\BHROOT\BIN\monitor.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\BHROOT\BIN\PORTMAP.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Robi\Desktop\Nova mapa (2)\TR3.exe
C:\WINDOWS\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.hr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: OLE (Part 1 of 5) - - (no file)
R3 - URLSearchHook: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
R3 - URLSearchHook: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {0524B01A-F7AF-4665-8BE1-BE460478A4FF} - C:\WINDOWS\system32\qoMdDSjI.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: (no name) - {5FE57281-16CD-47A9-A48D-2E77CE2FB986} - C:\WINDOWS\system32\vtUnMDWp.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Reganam Toolbar - {db9d7a78-a76c-4bf2-97c6-258925ee1542} - C:\Program Files\Reganam\tbReg1.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: CroHerzegovina InfoBar Toolbar - {01a40acf-f7b7-4a08-bf32-eac4113e41fd} - C:\Program Files\CroHerzegovina_InfoBar\tbCroH.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe" /m=2 /w
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [nodenable] C:\Program Files\eset\nodenable.exe /s
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [gadcom] "C:\Documents and Settings\Robi\Application Data\gadcom\gadcom.exe" 61A847B5BBF7281337983D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZSYYYYYYYYHR
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.1.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/ji.....586-jc.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: qoMdDSjI - C:\WINDOWS\SYSTEM32\qoMdDSjI.dll
O20 - Winlogon Notify: winopn32 - C:\WINDOWS\
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: bh611 - Bell& Howell - C:\Program Files\BHROOT\BIN\NT611SVC.EXE
O23 - Service: Bell & Howell Monitor Service (BHMonitorService) - Bell & Howell - C:\Program Files\BHROOT\BIN\monitor.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate1c8fe527b2f7a97) (gupdate1c8fe527b2f7a97) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: My Web Search Service (MyWebSearchService) - Unknown owner - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell - C:\Program Files\BHROOT\BIN\PORTMAP.EXE

--
End of file - 12538 bytes

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



-------------------------------------------------------------------------------------



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

evo napravio sam sve kako ste mi rekli
pa evo loga, otkako mi je taj combofix skenirao, sad
mi se više ono ne dešava Very Happy


ComboFix 08-11-07.01 - Robi 2008-11-09 10:28:30.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.659 [GMT 1:00]
Running from: c:\documents and settings\Robi\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Robi\Application Data\gadcom
c:\documents and settings\Robi\Application Data\gadcom\gadcom.exe
c:\documents and settings\Robi\Application Data\inst.exe
c:\documents and settings\Robi\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\PopSwatr\History\allowed
c:\program files\FunWebProducts\PopSwatr\History\notallow
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Cache\00065CD8.bin
c:\program files\MyWebSearch\bar\Cache\00065E4F.bin
c:\program files\MyWebSearch\bar\Cache\00065F87.bin
c:\program files\MyWebSearch\bar\Cache\000661AA.bin
c:\program files\MyWebSearch\bar\Cache\0059448A
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\n.tmp
c:\windows\system32\AutoRun.inf
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\pWDMnUtv.ini
c:\windows\system32\pWDMnUtv.ini2
c:\windows\system32\qoMdDSjI.dll
c:\windows\system32\vtUnMDWp.dll
c:\windows\system32\winopn32.dll
c:\windows\system32\xxyvtqNF.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-08 22:38 . 2008-11-08 22:38 132,096 --a------ C:\htihpu.exe
2008-11-08 22:38 . 2008-11-08 22:38 75,776 --a------ C:\aofbbjf.exe
2008-11-08 22:38 . 2008-11-08 22:38 7,168 --a------ C:\cnfftefx.exe
2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- C:\ADCDTEMP
2008-11-06 23:46 . 2008-11-06 23:46 <DIR> dr-h----- c:\documents and settings\Robi\Application Data\SecuROM
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\documents and settings\Robi\Application Data\PnkBstrK.sys
2008-11-06 23:32 . 2008-11-06 23:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-06 23:32 . 2008-11-06 23:33 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-06 23:32 . 2008-11-06 23:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-03 17:59 . 2008-11-03 17:59 236 --a------ C:\sqmdata00.sqm
2008-11-03 17:59 . 2008-11-03 17:59 200 --a------ C:\sqmnoopt00.sqm
2008-11-01 17:27 . 2008-11-01 17:27 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-01 17:27 . 2008-11-01 17:27 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-01 17:27 . 2008-11-01 17:28 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-31 21:40 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-31 21:40 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-31 21:40 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-31 21:25 . 2008-11-06 17:25 88 -r-hs---- c:\windows\system32\205156C147.sys
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\Robi\Application Data\Corel
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-31 21:23 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-31 21:20 . 2008-11-06 17:25 3,558 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-10-31 21:19 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Corel
2008-10-31 20:24 . 2008-10-31 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2008-10-31 19:52 . 2008-10-31 19:53 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-10-31 19:48 . 2008-10-31 19:48 <DIR> d-------- c:\documents and settings\Robi\Application Data\DAEMON Tools
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\Robi\Application Data\Yahoo!
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-29 22:16 . 2008-10-29 22:16 <DIR> d-------- c:\program files\Recuva
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\program files\Hewlett-Packard
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-10-29 21:33 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD
2008-10-28 22:01 . 2008-10-29 22:00 <DIR> d-------- c:\program files\KGB Archiver
2008-10-26 19:40 . 2008-10-26 19:45 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HP
2008-10-26 19:27 . 2008-10-26 19:22 140,577 --------- c:\windows\hpoins14.dat.temp
2008-10-26 19:27 . 2007-06-06 00:07 2,000 --------- c:\windows\hpomdl14.dat.temp
2008-10-26 19:20 . 2008-10-26 19:37 141,212 --a------ c:\windows\hpoins14.dat
2008-10-26 19:20 . 2007-06-06 00:07 2,000 --------- c:\windows\hpomdl14.dat
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\program files\WGSoft
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\documents and settings\Robi\Application Data\ScanMaster-ELM - DEMO
2008-10-26 11:46 . 2006-07-04 14:36 61,440 --a------ c:\windows\system32\FTChipID.dll
2008-10-24 16:37 . 2008-10-24 17:09 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Yahoo!
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Visual Business Cards
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- C:\Downloads
2008-10-22 15:50 . 2008-10-22 16:34 <DIR> d-------- c:\program files\MyWebSearch(2)
2008-10-22 15:50 . 2008-10-22 16:34 <DIR> d-------- c:\program files\FunWebProducts(2)
2008-10-19 22:32 . 2008-10-19 22:32 <DIR> d-------- c:\documents and settings\Robi\Application Data\mojosoft
2008-10-19 17:35 . 2008-11-07 16:08 <DIR> d-------- c:\documents and settings\Robi\Application Data\skypePM
2008-10-19 17:35 . 2008-10-19 17:35 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-19 17:32 . 2008-11-07 18:00 <DIR> d-------- c:\documents and settings\Robi\Application Data\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-18 12:11 . 2008-10-18 12:11 <DIR> d-------- c:\documents and settings\Robi\System
2008-10-18 12:11 . 2008-10-18 12:21 <DIR> d-------- c:\documents and settings\Robi\Application Data\SmartDraw
2008-10-18 12:03 . 2008-10-18 12:11 <DIR> d-------- c:\program files\SmartDraw 2009
2008-10-14 23:42 . 2008-10-14 23:44 <DIR> d-------- c:\program files\CCleaner
2008-10-12 18:46 . 2008-10-19 20:19 <DIR> d-------- c:\program files\CroHerzegovina_InfoBar
2008-10-12 18:46 . 2008-10-12 18:46 <DIR> d-------- c:\program files\Conduit
2008-10-11 10:04 . 2008-10-11 10:04 <DIR> d--hs---- c:\documents and settings\Robi\PrivacIE
2008-10-11 09:46 . 2008-09-04 21:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-10-11 09:31 . 2007-08-13 17:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-10-11 09:31 . 2007-08-13 17:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-10-10 12:54 . 2008-10-10 13:30 <DIR> d-------- c:\program files\No-IP
2008-10-09 21:43 . 2008-10-12 15:36 <DIR> d-------- c:\program files\Icecast2 Win32
2008-10-09 19:38 . 2008-10-09 19:41 <DIR> d-------- c:\documents and settings\Robi\Application Data\Winamp
2008-10-09 13:10 . 2008-10-09 13:10 <DIR> d-------- C:\BHROOT
2008-10-09 13:10 . 2008-10-09 13:10 <DIR> d-------- C:\BHBACKUP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 00:38 --------- d-----w c:\documents and settings\Robi\Application Data\uTorrent
2008-11-07 19:16 566,784 ----a-w c:\windows\~de74bc.tmp
2008-11-07 18:40 --------- d-----w c:\program files\ESET
2008-11-06 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 14:47 --------- d-----w c:\documents and settings\Robi\Application Data\Hamachi
2008-11-02 16:23 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-01 15:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-31 20:24 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-29 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-26 18:41 --------- d-----w c:\program files\HP
2008-10-22 15:35 --------- d-----w c:\program files\Windows Live
2008-10-22 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-19 19:19 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-14 22:49 --------- d-----w c:\program files\Winamp
2008-10-14 22:49 --------- d-----w c:\program files\SHOUTcast
2008-10-12 14:38 47,360 ----a-w c:\documents and settings\Robi\Application Data\pcouffin.sys
2008-10-12 14:38 --------- d-----w c:\documents and settings\Robi\Application Data\Vso
2008-10-06 14:36 --------- d-----w c:\program files\Rockstar Games
2008-10-05 09:49 --------- d-----w c:\program files\GTASAConsole
2008-10-03 09:51 --------- d-----w c:\documents and settings\Robi\Application Data\LimeWire
2008-10-03 09:49 --------- d-----w c:\program files\Java
2008-10-03 09:46 --------- d-----w c:\program files\Common Files\Java
2008-09-30 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\phenomedia
2008-09-29 12:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 21:55 --------- d-----w c:\documents and settings\Robi\Application Data\Windows Live Writer
2008-09-28 21:54 --------- d-----w c:\program files\Microsoft
2008-09-28 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-09-28 19:14 --------- d-----w c:\program files\Alwil Software
2008-09-27 11:50 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-26 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\BlackPencil
2008-09-24 15:42 --------- d-----w c:\documents and settings\Robi\Application Data\ESET
2008-09-24 14:54 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-23 19:59 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-23 14:26 --------- d-----w c:\program files\ICQ6
2008-09-22 16:04 --------- d-----w c:\program files\Google
2008-09-22 12:39 --------- d-----w c:\documents and settings\Robi\Application Data\Samsung
2008-09-21 22:01 --------- d-----w c:\documents and settings\Robi\Application Data\MSNInstaller
2008-09-18 20:04 --------- d-----w c:\program files\Alcohol Soft
2008-09-18 19:42 --------- d-----w c:\program files\uTorrent
2008-09-18 19:31 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-09-16 17:25 --------- d-----w c:\program files\USB GamePad
2008-09-16 11:26 --------- d-----w c:\documents and settings\Robi\Application Data\TransRender
2008-09-16 11:25 --------- d-----w c:\documents and settings\Robi\Application Data\Temporary
2008-09-15 12:27 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 12:10 --------- d-----w c:\documents and settings\Robi\Application Data\MozillaControl
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-14 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-09-12 18:59 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-08 19:30 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-09-08 19:30 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-09-06 23:40 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-09-05 13:56 287,744 ----a-w c:\windows\WLXPGSS.SCR
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-24 14:02 1,419,232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-21 18:59 116,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]
2008-09-15 05:47 1784856 --------- c:\program files\CroHerzegovina_InfoBar\tbCroH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 14:11 1569304 --------- c:\program files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01A40ACF-F7B7-4A08-BF32-EAC4113E41FD}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\game.dat"=
"d:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"d:\\Program Files\\Electronic Arts\\Need For Speed\\Porsche Unleashed 2000\\Porsche.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\F1\\F1 2008 DELUX\\F1 2008 DELUX\\F1 Challenge 99-02.exe"=
"d:\\Program Files\\Quake3 Arena\\Quake III Arena\\quake3.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Codemasters\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-03 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 18:28]

2008-11-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 06:29]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0524B01A-F7AF-4665-8BE1-BE460478A4FF} - c:\windows\system32\qoMdDSjI.dll
BHO-{928D0A35-1109-4A6D-AB72-3DF99910B4CA} - c:\windows\system32\vtUnMDWp.dll
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~2\bar\1.bin\m3SrchMn.exe
ShellExecuteHooks-{0524B01A-F7AF-4665-8BE1-BE460478A4FF} - c:\windows\system32\qoMdDSjI.dll
Notify-winopn32 - winopn32.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Robi\Application Data\Mozilla\Firefox\Profiles\u3btprip.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-09 10:34:11
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\BHROOT\BIN\NT611SVC.EXE
c:\program files\BHROOT\BIN\MONITOR.EXE
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\BHROOT\BIN\PORTMAP.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-09 10:36:47 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 09:36:42

Pre-Run: 647.032.832 bytes free
Post-Run: 931,004,416 bytes free

358 --- E O F --- 2008-10-24 20:00:58

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\htihpu.exe
C:\aofbbjf.exe
C:\cnfftefx.exe

Folder::
c:\program files\MyWebSearch(2)
c:\program files\FunWebProducts(2)


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

evo i drugi logo Very Happy


ComboFix 08-11-07.01 - Robi 2008-11-09 12:49:06.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.646 [GMT 1:00]
Running from: c:\documents and settings\Robi\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Robi\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\aofbbjf.exe
C:\cnfftefx.exe
C:\htihpu.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\aofbbjf.exe
C:\cnfftefx.exe
C:\htihpu.exe
c:\program files\FunWebProducts(2)
c:\program files\FunWebProducts(2)\Shared(2)\Cache(2)\CursorManiaBtn.html
c:\program files\FunWebProducts(2)\Shared(2)\Cache(2)\MyFunCardsIMBtn.html
c:\program files\FunWebProducts(2)\Shared(2)\Cache(2)\SmileyCentralBtn.html
c:\program files\FunWebProducts(2)\Shared(2)\Cache(2)\WebfettiBtn.html
c:\program files\MyWebSearch(2)
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000415E6.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\0004176C.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000418B4.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000419ED.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000DEB0C.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000DEC83.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000DF0AA.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\000DF201.bin
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\00593DF2
c:\program files\MyWebSearch(2)\bar(2)\Cache(2)\0059448A
c:\program files\MyWebSearch(2)\bar(2)\History(2)\search3
c:\program files\MyWebSearch(2)\bar(2)\Settings(2)\prevcfg2.htm

.
((((((((((((((((((((((((( Files Created from 2008-10-09 to 2008-11-09 )))))))))))))))))))))))))))))))
.

2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2008-11-08 21:57 . 2008-11-08 21:57 <DIR> d-------- C:\ADCDTEMP
2008-11-06 23:46 . 2008-11-06 23:46 <DIR> dr-h----- c:\documents and settings\Robi\Application Data\SecuROM
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2008-11-06 23:33 . 2008-11-06 23:33 22,328 --a------ c:\documents and settings\Robi\Application Data\PnkBstrK.sys
2008-11-06 23:32 . 2008-11-06 23:32 2,250,024 --a------ c:\windows\system32\pbsvc.exe
2008-11-06 23:32 . 2008-11-06 23:33 107,832 --a------ c:\windows\system32\PnkBstrB.exe
2008-11-06 23:32 . 2008-11-06 23:32 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2008-11-03 17:59 . 2008-11-03 17:59 236 --a------ C:\sqmdata00.sqm
2008-11-03 17:59 . 2008-11-03 17:59 200 --a------ C:\sqmnoopt00.sqm
2008-11-01 17:27 . 2008-11-01 17:27 <DIR> d-------- c:\windows\system32\AGEIA
2008-11-01 17:27 . 2008-11-01 17:27 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-11-01 17:27 . 2008-11-01 17:28 <DIR> d-------- c:\program files\AGEIA Technologies
2008-10-31 21:40 . 2004-05-14 16:53 462,848 --a------ c:\windows\system32\ltkrn13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 450,560 --a------ c:\windows\system32\ltimg13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 401,408 --a------ c:\windows\system32\lfcmp13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 299,008 --a------ c:\windows\system32\ltdis13n.dll
2008-10-31 21:40 . 2004-01-12 02:09 206,336 --a------ c:\windows\system32\ltefx13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 163,840 --a------ c:\windows\system32\ltfil13n.dll
2008-10-31 21:40 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-10-31 21:40 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-10-31 21:25 . 2008-11-06 17:25 88 -r-hs---- c:\windows\system32\205156C147.sys
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\Robi\Application Data\Corel
2008-10-31 21:24 . 2008-10-31 21:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2008-10-31 21:23 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Common Files\Corel
2008-10-31 21:20 . 2008-11-06 17:25 3,558 --ahs---- c:\windows\system32\KGyGaAvL.sys
2008-10-31 21:19 . 2008-10-31 21:23 <DIR> d-------- c:\program files\Corel
2008-10-31 20:24 . 2008-10-31 20:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\KONAMI
2008-10-31 19:52 . 2008-10-31 19:53 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-10-31 19:48 . 2008-10-31 19:48 <DIR> d-------- c:\documents and settings\Robi\Application Data\DAEMON Tools
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\Robi\Application Data\Yahoo!
2008-10-29 22:35 . 2008-10-29 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-10-29 22:16 . 2008-10-29 22:16 <DIR> d-------- c:\program files\Recuva
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\program files\Hewlett-Packard
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HPAppData
2008-10-29 22:01 . 2008-10-29 22:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2008-10-29 21:33 . 2002-02-18 18:40 6,200 --a------ c:\windows\system32\INT13EXT.VXD
2008-10-28 22:01 . 2008-10-29 22:00 <DIR> d-------- c:\program files\KGB Archiver
2008-10-26 19:40 . 2008-10-26 19:45 <DIR> d-------- c:\documents and settings\LocalService\Application Data\HP
2008-10-26 19:27 . 2008-10-26 19:22 140,577 --------- c:\windows\hpoins14.dat.temp
2008-10-26 19:27 . 2007-06-06 00:07 2,000 --------- c:\windows\hpomdl14.dat.temp
2008-10-26 19:20 . 2008-10-26 19:37 141,212 --a------ c:\windows\hpoins14.dat
2008-10-26 19:20 . 2007-06-06 00:07 2,000 --------- c:\windows\hpomdl14.dat
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\program files\WGSoft
2008-10-26 11:46 . 2008-10-26 11:46 <DIR> d-------- c:\documents and settings\Robi\Application Data\ScanMaster-ELM - DEMO
2008-10-26 11:46 . 2006-07-04 14:36 61,440 --a------ c:\windows\system32\FTChipID.dll
2008-10-24 16:37 . 2008-10-24 17:09 <DIR> d-------- c:\program files\vanBasco's Karaoke Player
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Yahoo!
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- c:\program files\Visual Business Cards
2008-10-22 16:35 . 2008-10-22 16:35 <DIR> d-------- C:\Downloads
2008-10-19 22:32 . 2008-10-19 22:32 <DIR> d-------- c:\documents and settings\Robi\Application Data\mojosoft
2008-10-19 17:35 . 2008-11-07 16:08 <DIR> d-------- c:\documents and settings\Robi\Application Data\skypePM
2008-10-19 17:35 . 2008-10-19 17:35 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\program files\Common Files\Skype
2008-10-19 17:32 . 2008-11-07 18:00 <DIR> d-------- c:\documents and settings\Robi\Application Data\Skype
2008-10-19 17:32 . 2008-10-19 17:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype
2008-10-18 12:11 . 2008-10-18 12:11 <DIR> d-------- c:\documents and settings\Robi\System
2008-10-18 12:11 . 2008-10-18 12:21 <DIR> d-------- c:\documents and settings\Robi\Application Data\SmartDraw
2008-10-18 12:03 . 2008-10-18 12:11 <DIR> d-------- c:\program files\SmartDraw 2009
2008-10-14 23:42 . 2008-10-14 23:44 <DIR> d-------- c:\program files\CCleaner
2008-10-12 18:46 . 2008-10-19 20:19 <DIR> d-------- c:\program files\CroHerzegovina_InfoBar
2008-10-12 18:46 . 2008-10-12 18:46 <DIR> d-------- c:\program files\Conduit
2008-10-11 10:04 . 2008-10-11 10:04 <DIR> d--hs---- c:\documents and settings\Robi\PrivacIE
2008-10-11 09:46 . 2008-09-04 21:03 56,344 --a------ c:\windows\system32\drivers\fssfltr.sys
2008-10-11 09:31 . 2007-08-13 17:45 78,336 --a------ c:\windows\system32\ieencode.dll
2008-10-11 09:31 . 2007-08-13 17:45 78,336 --a------ c:\windows\system32\dllcache\ieencode.dll
2008-10-10 12:54 . 2008-10-10 13:30 <DIR> d-------- c:\program files\No-IP
2008-10-09 21:43 . 2008-10-12 15:36 <DIR> d-------- c:\program files\Icecast2 Win32
2008-10-09 19:38 . 2008-10-09 19:41 <DIR> d-------- c:\documents and settings\Robi\Application Data\Winamp
2008-10-09 13:10 . 2008-10-09 13:10 <DIR> d-------- C:\BHROOT
2008-10-09 13:10 . 2008-10-09 13:10 <DIR> d-------- C:\BHBACKUP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-09 11:19 --------- d-----w c:\documents and settings\Robi\Application Data\uTorrent
2008-11-07 19:16 566,784 ----a-w c:\windows\~de74bc.tmp
2008-11-07 18:40 --------- d-----w c:\program files\ESET
2008-11-06 22:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 14:47 --------- d-----w c:\documents and settings\Robi\Application Data\Hamachi
2008-11-02 16:23 25,280 ----a-w c:\windows\system32\drivers\hamachi.sys
2008-11-01 15:52 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-31 20:24 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-31 18:48 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2008-10-29 21:01 --------- d-----w c:\documents and settings\All Users\Application Data\HP
2008-10-26 18:41 --------- d-----w c:\program files\HP
2008-10-22 15:35 --------- d-----w c:\program files\Windows Live
2008-10-22 14:23 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-19 19:19 2,560 ----a-w c:\windows\_MSRSTRT.EXE
2008-10-14 22:49 --------- d-----w c:\program files\Winamp
2008-10-14 22:49 --------- d-----w c:\program files\SHOUTcast
2008-10-12 14:38 47,360 ----a-w c:\documents and settings\Robi\Application Data\pcouffin.sys
2008-10-12 14:38 --------- d-----w c:\documents and settings\Robi\Application Data\Vso
2008-10-06 14:36 --------- d-----w c:\program files\Rockstar Games
2008-10-05 09:49 --------- d-----w c:\program files\GTASAConsole
2008-10-03 09:51 --------- d-----w c:\documents and settings\Robi\Application Data\LimeWire
2008-10-03 09:49 --------- d-----w c:\program files\Java
2008-10-03 09:46 --------- d-----w c:\program files\Common Files\Java
2008-09-30 08:07 --------- d-----w c:\documents and settings\All Users\Application Data\phenomedia
2008-09-29 12:09 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-09-28 21:55 --------- d-----w c:\documents and settings\Robi\Application Data\Windows Live Writer
2008-09-28 21:54 --------- d-----w c:\program files\Microsoft
2008-09-28 20:55 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-09-28 19:14 --------- d-----w c:\program files\Alwil Software
2008-09-27 11:50 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-09-26 18:30 --------- d-----w c:\documents and settings\All Users\Application Data\BlackPencil
2008-09-24 15:42 --------- d-----w c:\documents and settings\Robi\Application Data\ESET
2008-09-24 14:54 --------- d-----w c:\documents and settings\LocalService\Application Data\Xfire
2008-09-23 19:59 --------- d-----w c:\documents and settings\NetworkService\Application Data\Xfire
2008-09-23 14:26 --------- d-----w c:\program files\ICQ6
2008-09-22 16:04 --------- d-----w c:\program files\Google
2008-09-22 12:39 --------- d-----w c:\documents and settings\Robi\Application Data\Samsung
2008-09-21 22:01 --------- d-----w c:\documents and settings\Robi\Application Data\MSNInstaller
2008-09-18 20:04 --------- d-----w c:\program files\Alcohol Soft
2008-09-18 19:42 --------- d-----w c:\program files\uTorrent
2008-09-18 19:31 360,320 ----a-w c:\windows\system32\drivers\TCPIP.SYS
2008-09-16 17:25 --------- d-----w c:\program files\USB GamePad
2008-09-16 11:26 --------- d-----w c:\documents and settings\Robi\Application Data\TransRender
2008-09-16 11:25 --------- d-----w c:\documents and settings\Robi\Application Data\Temporary
2008-09-15 12:27 --------- d-----w c:\program files\Common Files\Adobe
2008-09-15 12:10 --------- d-----w c:\documents and settings\Robi\Application Data\MozillaControl
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-14 22:55 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-09-12 18:59 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-09-08 22:03 51,712 ----a-w c:\windows\system32\sirenacm.dll
2008-09-08 19:30 4,608 ----a-w c:\windows\system32\w95inf32.dll
2008-09-08 19:30 2,272 ----a-w c:\windows\system32\w95inf16.dll
2008-09-06 23:40 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-09-05 13:56 287,744 ----a-w c:\windows\WLXPGSS.SCR
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-24 14:02 1,419,232 ----a-w c:\windows\system32\wdfcoinstaller01005.dll
2008-08-14 10:00 2,180,352 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-05-21 18:59 116,512 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-05-21 18:10 1,824 --sha-w c:\windows\system32\drivers\fidbox2.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]
2008-09-15 05:47 1784856 --------- c:\program files\CroHerzegovina_InfoBar\tbCroH.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]
2008-09-06 14:11 1569304 --------- c:\program files\Reganam\tbReg1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{db9d7a78-a76c-4bf2-97c6-258925ee1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01a40acf-f7b7-4a08-bf32-eac4113e41fd}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DB9D7A78-A76C-4BF2-97C6-258925EE1542}"= "c:\program files\Reganam\tbReg1.dll" [2008-09-06 1569304]
"{01A40ACF-F7B7-4A08-BF32-EAC4113E41FD}"= "c:\program files\CroHerzegovina_InfoBar\tbCroH.dll" [2008-09-15 1784856]

[HKEY_CLASSES_ROOT\clsid\{db9d7a78-a76c-4bf2-97c6-258925ee1542}]

[HKEY_CLASSES_ROOT\clsid\{01a40acf-f7b7-4a08-bf32-eac4113e41fd}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"nodenable"="c:\program files\eset\nodenable.exe" [2008-09-23 326823]
"DAEMON Tools Lite"="d:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 c:\windows\system32\nvmctray.dll]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 c:\windows\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"d:\\Program Files\\game.dat"=
"d:\\UT2004\\System\\UT2004.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6\\ICQ.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\Activision Value\\Soldier of Fortune Payback\\sof3.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hlds.exe"=
"d:\\Program Files\\Electronic Arts\\Need For Speed\\Porsche Unleashed 2000\\Porsche.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\F1\\F1 2008 DELUX\\F1 2008 DELUX\\F1 Challenge 99-02.exe"=
"d:\\Program Files\\Quake3 Arena\\Quake III Arena\\quake3.exe"=
"d:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"d:\\Program Files\\Codemasters\\Turning Point - Fall of Liberty\\Binaries\\LTCG-TPGame.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
R2 fssfltr;FssFltr;c:\windows\system32\DRIVERS\fssfltr.sys [2008-09-04 56344]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe [2004-08-03 14336]
S2 gupdate1c8fe527b2f7a97;Google Update Service (gupdate1c8fe527b2f7a97);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 133104]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-09-04 512536]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-08-24 13352]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2008-11-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-08-29 18:28]

2008-11-09 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2008-08-11 06:29]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-09 12:52:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\program files\BHROOT\BIN\NT611SVC.EXE
c:\program files\BHROOT\BIN\MONITOR.EXE
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\BHROOT\BIN\PORTMAP.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-11-09 12:55:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-09 11:55:04
ComboFix2.txt 2008-11-09 09:36:48

Pre-Run: 912.924.672 bytes free
Post-Run: 901,029,888 bytes free

298 --- E O F --- 2008-10-24 20:00:58

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok.

Zamolio bih te da upakuješ u zip (ili rar) kompletan folder C:\qoobox\quarantine i da uploaduješ taj zip preko sledećeg linka:

http://www.mycity.rs/ambulanta-upload.php




Ukoliko sada ne postoji neki konkretan problem, preostaje samo da uradiš sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore

offline
  • Pridružio: 15 Sep 2008
  • Poruke: 74

Uploadao sam onaj file.
I sada je sve OK.
Hvala Vam puno. Zagrljaj
Da nema vas ja neznam kak bi. Very Happy

Ko je trenutno na forumu
 

Ukupno su 925 korisnika na forumu :: 56 registrovanih, 5 sakrivenih i 864 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, babaroga, benne, bojcistv, burevesnik, ccoogg123, dankisha, dejanbenkovic, dijica, doklevise, Dorcolac, Ehinacea, Georgius, Goran 0000, Jester, Joja2, Jovan Nenad, Litostroton, ljuba, lord sir giga, Magistar78, Markoni29, markoskjk, Mauzer91, MB120mm, Mendonca, Mixelotti, mkukoleca, MrNo, operniki, Outis, proleter373, raptorsi, Ray1973, Recce, rkekoke, Rocker, rovac, S2M, Snorks, solic, srecko81, stagezin, stalja, strn, theNedjeljko, tmanda323, vathra, Vlad000, Vlada78, vladetije, Wrangler, zdrebac, zlaya011, Zmaj Ognjeni Vuk