Poslao: 15 Okt 2008 22:04
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Usao mi je virus i Antispayware i bog zna sta sve molim pomozite??? evo loga........
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01: VIRUS ALERT!, on 10/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
D:\Program Files\Winamp\winampa.exe
C:\WINDOWS\VMSnap5.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Domino.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
C:\Program Files\Startup Mechanic\StartupMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\GameSpy\Comrade\Comrade.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Documents and Settings\Milos\Desktop\napao.Virus\TR3.exe..exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL
O2 - BHO: QXK Olive - {9D16A7EE-E00A-4BFA-A976-308772A47699} - C:\WINDOWS\grfxbanogtl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: rosqxvmn - {7C554665-B775-4305-BAE6-E310B361F216} - C:\WINDOWS\rosqxvmn.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [VMSnap5] C:\WINDOWS\VMSnap5.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [XP Antispyware 2009] "C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe" /hide
O4 - HKLM\..\Run: [Startup Manager Scanner] C:\Program Files\Startup Mechanic\StartupMonitor.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Comrade.exe] C:\Program Files\GameSpy\Comrade\Comrade.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1993962763-1677128483-682003330-1006\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Mikan')
O4 - HKUS\S-1-5-21-1993962763-1677128483-682003330-1006\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Mikan')
O4 - HKUS\S-1-5-21-1993962763-1677128483-682003330-1006\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Mikan')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{5B431BF4-3355-4462-8E17-54CB597A6725}: NameServer = 195.66.160.1 195.66.160.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{5B431BF4-3355-4462-8E17-54CB597A6725}: NameServer = 195.66.160.1 195.66.160.2
O20 - AppInit_DLLs: karna.dat
O21 - SSODL: ngwstxfd - {3EA21869-B8CB-4D37-9B5A-D66B8DF08FF5} - C:\WINDOWS\ngwstxfd.dll
O21 - SSODL: qrbgltos - {1A04D160-B8D7-4097-913F-B482896D4E75} - C:\WINDOWS\qrbgltos.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O24 - Desktop Component 0: Privacy Protection - file:///C:\WINDOWS\privacy_danger\index.htm
--
End of file - 8081 bytes
|
|
|
|
|
Poslao: 15 Okt 2008 22:29
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Nesto sam cackao po netu trazio Turbo pascal 7 a imam av Kaspersky internet securicy 7.0 i napalo me odjednom nesto kaspersky nista nije mogao i uslo mi bog zna sta pokusao sam da instaliram spybot i jos mnogo sto sta ali nece a kaspersky je nestao ..... i ne mogu opet da ga startujem.
Dopuna: 15 Okt 2008 22:29
dr_Bora ::Poz...
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.
Skinuo sam comboFix i na Desktop je al ne mogu da ga startujem znaci kad ga startujem pise mi Run i idem na to i nista se posle ne desava probao sam vise puta i cekao ali nista......... :S A mogu da se ulogujem u komp ne kao admin nego user obican pa da pokusam tu jel moze tako?
|
|
|
|
Poslao: 15 Okt 2008 22:37
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Preimenuj file ComboFix.exe u ABC.exe i zatim pokušaj ponovo da ga pokreneš.
|
|
|
|
Poslao: 15 Okt 2008 23:03
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
evo uspjelo je posle vece muke.. jer mi je komp usporio.. evo loga..........
ComboFix 08-10-15.01 - Milos 2008-10-15 22:45:31.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.198 [GMT 2:00]
Running from: C:\Documents and Settings\Milos\Desktop\ABC.exe.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Guest\Local Settings\Application Data\Microsoft\Windows Media\10.0\WMSDKNSD.XML
C:\Documents and Settings\Milos\Cookies\aduxute.bin
C:\Documents and Settings\Milos\Cookies\ifibeg._dl
C:\Documents and Settings\Milos\Local Settings\Temporary Internet Files\moqezovaz.dll
C:\Program Files\VirusRemover2008
C:\Program Files\VirusRemover2008\Viruses.bdt
C:\Program Files\VirusRemover2008\VRM2008.exe
C:\Program Files\XP_AntiSpyware
C:\Program Files\XP_AntiSpyware\AVEngn.dll
C:\Program Files\XP_AntiSpyware\htmlayout.dll
C:\Program Files\XP_AntiSpyware\pthreadVC2.dll
C:\Program Files\XP_AntiSpyware\Uninstall.exe
C:\Program Files\XP_AntiSpyware\XP_Antispyware.cfg
C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
C:\WINDOWS\brastk.exe
C:\WINDOWS\efdv.exe
C:\WINDOWS\grfxbanogtl.dll
C:\WINDOWS\karna.dat
C:\WINDOWS\ngwstxfd.dll
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\body.gif
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\capt2.gif
C:\WINDOWS\privacy_danger\images\red.gif
C:\WINDOWS\privacy_danger\images\text.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\qrbgltos.dll
C:\WINDOWS\rosqxvmn.dll
C:\WINDOWS\system32\brastk.exe
C:\WINDOWS\system32\dllcache\beep.sys
C:\WINDOWS\system32\karna.dat
Infected copy of C:\WINDOWS\system32\drivers\beep.sys was found and disinfected
Restored copy from - C:\System Volume Information\_restore{096F40B2-F906-4C25-BE45-6DC4620BA944}\RP77\A0037308.sys
.
((((((((((((((((((((((((( Files Created from 2008-09-15 to 2008-10-15 )))))))))))))))))))))))))))))))
.
2008-10-15 21:34 . 2008-10-15 21:34 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\VirusRemover2008
2008-10-15 21:06 . 2008-10-15 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 21:05 . 2008-10-15 21:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 20:51 . 2008-10-15 20:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-15 20:51 . 2008-10-15 20:51 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\Lavasoft
2008-10-15 20:49 . 2008-10-15 20:49 <DIR> d-------- C:\Program Files\Startup Mechanic
2008-10-15 19:43 . 2008-10-15 19:43 19,343 --a------ C:\Program Files\Common Files\mesiwiz.dll
2008-10-15 19:43 . 2008-10-15 19:43 17,175 --a------ C:\Documents and Settings\Milos\Application Data\bywex.exe
2008-10-15 19:43 . 2008-10-15 19:43 16,129 --a------ C:\Documents and Settings\All Users\Application Data\esyrofox.bat
2008-10-15 19:43 . 2008-10-15 19:43 16,001 --a------ C:\WINDOWS\system32\enegylug.ban
2008-10-15 19:43 . 2008-10-15 19:43 15,807 --a------ C:\Documents and Settings\Milos\Application Data\onawuzunu.exe
2008-10-15 19:43 . 2008-10-15 19:43 14,291 --a------ C:\WINDOWS\system32\esex.ban
2008-10-15 19:43 . 2008-10-15 19:43 13,768 --a------ C:\WINDOWS\iqywe.pif
2008-10-15 19:43 . 2008-10-15 19:43 13,072 --a------ C:\WINDOWS\hirizaco._dl
2008-10-15 19:43 . 2008-10-15 19:43 12,634 --a------ C:\Documents and Settings\All Users\Application Data\puco.bin
2008-10-15 19:43 . 2008-10-15 19:43 12,196 --a------ C:\WINDOWS\system32\yviq.lib
2008-10-15 19:43 . 2008-10-15 19:43 10,920 --a------ C:\WINDOWS\ybukusu._dl
2008-10-15 19:42 . 2008-10-14 23:14 211,984 --a------ C:\WINDOWS\system32\_scui.cpl
2008-10-15 19:36 . 2008-10-15 19:36 71,710 --a------ C:\WINDOWS\system32\wini104552664.exe
2008-10-15 19:33 . 2008-10-15 19:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\whefubmb
2008-10-15 19:33 . 2008-10-15 19:33 81,920 --a------ C:\WINDOWS\system32\xkdgvuzo.exe
2008-10-15 19:32 . 2008-10-15 17:12 86,016 --a------ C:\WINDOWS\lomxeqsn.exe
2008-10-15 19:04 . 2008-10-15 19:04 91 --a------ C:\WINDOWS\tdw.ini
2008-10-15 17:32 . 2008-10-15 17:32 <DIR> d-------- C:\mp3-millennium
2008-10-15 17:32 . 2008-10-15 17:32 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-10-13 15:10 . 2008-10-13 15:10 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-13 15:09 . 2008-10-13 15:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-13 15:05 . 2008-10-13 16:48 <DIR> d-------- C:\Program Files\NOS
2008-10-13 15:05 . 2008-10-13 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-09 12:56 . 2008-10-09 12:56 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\THQ
2008-10-09 12:39 . 2008-10-09 12:39 <DIR> d-------- C:\Program Files\THQ
2008-10-09 12:13 . 2008-10-09 12:13 <DIR> d-------- C:\Program Files\Rockstar Games
2008-10-07 12:28 . 2006-05-16 10:58 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-10-07 12:27 . 2008-10-07 12:27 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\InstallShield
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d-------- C:\Program Files\GameSpy
2008-10-06 14:56 . 2008-10-06 14:56 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-10-06 14:56 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-06 14:11 . 2008-10-06 14:11 <DIR> dr-h----- C:\Documents and Settings\Milos\Application Data\SecuROM
2008-10-06 14:11 . 2008-10-06 14:11 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 14:08 . 2008-10-06 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-06 13:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-10-06 13:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-10-06 13:52 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-10-06 13:52 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-06 13:52 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-10-06 13:52 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-06 13:51 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-06 13:51 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-06 13:51 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-06 13:49 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-06 13:49 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-06 13:48 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-06 13:48 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-06 13:48 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-06 13:48 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-06 13:47 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-06 13:47 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-06 13:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-06 01:19 . 2008-10-06 01:19 <DIR> d-------- C:\Program Files\XviD
2008-10-05 03:22 . 2008-10-05 03:22 <DIR> d--hs---- C:\INCINERATE
2008-10-05 03:10 . 2008-10-05 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-05 03:09 . 2008-10-05 03:09 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-10-05 03:09 . 2008-10-05 03:10 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-05 03:09 . 2008-10-05 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-04 16:57 . 2008-10-04 16:57 26,214,400 --a------ C:\WINDOWS\system32\cxl1705
2008-09-23 13:58 . 2008-09-23 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Default
2008-09-23 13:32 . 2008-09-24 18:24 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\KONAMI
2008-09-21 12:40 . 2008-10-08 13:34 <DIR> d-------- C:\Documents and Settings\Mikan\Application Data\InstallShield
2008-09-19 21:41 . 2008-09-19 21:41 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-19 21:38 . 2008-09-19 21:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-19 21:38 . 2008-09-19 21:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-19 21:38 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-15 20:52 11,848,736 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-15 20:51 574,240 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-15 20:51 56,588 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-15 20:51 162,704 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-15 17:43 14,558 ----a-w C:\Program Files\Common Files\bytucini.dl
2008-10-15 11:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-14 15:46 --------- d-----w C:\Documents and Settings\Milos\Application Data\uTorrent
2008-10-12 17:02 7,780 ----a-w C:\Documents and Settings\Mikan\FMCodec.dat
2008-10-09 10:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 14:28 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Teleca
2008-10-05 14:26 --------- d-----w C:\Program Files\Warcraft III
2008-10-05 01:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-15 13:57 --------- d-----w C:\Documents and Settings\Milos\Application Data\mfcd gram
2008-09-14 15:36 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-09-14 15:36 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-09-14 14:57 --------- d-----w C:\Documents and Settings\Mikan\Application Data\CyberLink
2008-09-12 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-11 10:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck
2008-09-11 09:27 --------- d-----w C:\Program Files\mfcd gram
2008-09-11 09:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-11 09:26 --------- d-----w C:\Program Files\Circle Developement
2008-09-10 22:48 --------- d-----w C:\Program Files\AC3Filter
2008-09-10 20:22 --------- d-----w C:\Program Files\MessengerDiscovery
2008-09-04 13:58 --------- d-----w C:\Program Files\topdownloads
2008-09-04 13:55 --------- d-----w C:\Program Files\weblin
2008-09-04 13:54 --------- d-----w C:\Documents and Settings\Milos\Application Data\zweitgeist
2008-08-28 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-28 06:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\Sony Ericsson
2008-08-28 06:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\Nero
2008-08-27 13:55 --------- d-----w C:\Program Files\Google
2008-08-27 12:26 --------- d-----w C:\Documents and Settings\Mikan\Application Data\ACD Systems
2008-08-27 12:24 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Winamp
2008-08-27 08:20 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Sony Ericsson
2008-08-27 08:20 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Nero
2008-08-23 18:10 --------- d-----w C:\Documents and Settings\Milos\Application Data\Winamp
2008-08-23 08:28 --------- d-----w C:\Documents and Settings\Milos\Application Data\AdobeUM
2008-08-22 04:11 --------- d-----w C:\Documents and Settings\Milos\Application Data\Desktopicon
2008-08-21 14:55 --------- d-----w C:\Program Files\AskTBar
2008-08-20 23:50 --------- d-----w C:\Documents and Settings\Milos\Application Data\CyberLink
2008-08-20 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-20 23:41 --------- d-----w C:\Program Files\CyberLink
2008-08-20 23:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 23:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-20 22:07 --------- d-----w C:\Documents and Settings\Milos\Application Data\Nero
2008-08-20 22:04 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-20 21:59 --------- d-----w C:\Program Files\Nero
2008-08-20 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-20 21:51 --------- d-----w C:\Documents and Settings\Milos\Application Data\Apple Computer
2008-08-20 21:50 --------- d-----w C:\Documents and Settings\Milos\Application Data\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Program Files\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-20 21:48 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-08-20 21:33 --------- d-----w C:\Program Files\Windows Live
2008-08-20 21:20 --------- d-----w C:\Program Files\Disc2Phone
2008-08-20 21:19 --------- d-----w C:\Documents and Settings\Milos\Application Data\Teleca
2008-08-20 21:12 --------- d-----w C:\Program Files\QuickTime
2008-08-20 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 21:09 --------- d-----w C:\Documents and Settings\Milos\Application Data\Sony Ericsson
2008-08-20 21:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 20:54 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-20 20:54 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-20 20:54 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-20 20:44 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-20 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-20 20:35 --------- d-----w C:\Program Files\Vimicro
2008-08-20 20:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-20 20:26 --------- d-----w C:\Program Files\WinFast
2008-08-20 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-20 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-20 20:07 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-08-20 20:07 --------- d-----w C:\Program Files\AvRack
2008-08-20 19:19 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ZipFile]
@="{2D7E38A6-A604-45AE-9A87-4F5F25760650}"
[HKEY_CLASSES_ROOT\CLSID\{2D7E38A6-A604-45AE-9A87-4F5F25760650}]
2001-01-01 17:24 90112 --a------ C:\WINDOWS\System32\winsdrv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-11 68856]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Comrade.exe"="C:\Program Files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFast Schedule"="C:\Program Files\WinFast\WFTVFM\WFWIZ.exe" [2006-04-27 344064]
"WinampAgent"="D:\Program Files\Winamp\winampa.exe" [2008-04-01 36352]
"VMSnap5"="C:\WINDOWS\VMSnap5.EXE" [2006-06-28 49152]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-08-20 155648]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-02-13 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2008-06-19 570664]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2008-06-08 2221352]
"Domino"="C:\WINDOWS\Domino.EXE" [2006-06-28 49152]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2006-11-24 487424]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-05-16 213936]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-08 227856]
"SoundMan"="SOUNDMAN.EXE" [2005-02-24 C:\WINDOWS\SOUNDMAN.EXE]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 C:\WINDOWS\sm56hlpr.exe]
"nwiz"="nwiz.exe" [2006-02-13 C:\WINDOWS\system32\nwiz.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-13 415072]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"D:\\Program Files\\Achilles-Script 4.5 White\\Mirc.exe"=
"D:\\Program Files\\Achilles-Script 4.5 Black\\Mirc.exe"=
"D:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"D:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=
R1 HFSYS;HFSYS;C:\WINDOWS\system32\drivers\HFSYS.SYS [2003-03-12 19860]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]
R3 ZSMC0305;Vimicro USB PC Camera (VC0305);C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-08-10 391737]
S3 FXDRV;FXDRV;E:\Fxdrv.sys [ ]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f64bf5f1-6f7a-11dd-89c9-001558156083}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
Contents of the 'Scheduled Tasks' folder
2008-10-15 C:\WINDOWS\Tasks\AD7D41909192F30C.job
- c:\docume~1\milos\applic~1\mfcdgr~1\ante barb rect.exe []
.
- - - - ORPHANS REMOVED - - - -
BHO-{9D16A7EE-E00A-4BFA-A976-308772A47699} - C:\WINDOWS\grfxbanogtl.dll
HKLM-Run-BigDog305 - C:\WINDOWS\VM305_STI.EXE
HKLM-Run-XP Antispyware 2009 - C:\Program Files\XP_AntiSpyware\XP_AntiSpyware.exe
SSODL-ngwstxfd-{3EA21869-B8CB-4D37-9B5A-D66B8DF08FF5} - C:\WINDOWS\ngwstxfd.dll
SSODL-qrbgltos-{1A04D160-B8D7-4097-913F-B482896D4E75} - C:\WINDOWS\qrbgltos.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Milos\Application Data\Mozilla\Firefox\Profiles\7qpz8cft.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com/
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-15 22:52:22
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-10-15 22:58:46 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-15 20:58:33
Pre-Run: 9,166,000,128 bytes free
Post-Run: 10,469,412,864 bytes free
318
|
|
|
|
|
Poslao: 16 Okt 2008 17:13
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
ComboFix 08-10-15.08 - Milos 2008-10-16 17:03:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.288 [GMT 2:00]
Running from: C:\Documents and Settings\Milos\Desktop\ABC.exe.exe
Command switches used :: C:\Documents and Settings\Milos\Desktop\CFScript.txt.txt
* Created a new restore point
FILE ::
C:\Documents and Settings\All Users\Application Data\esyrofox.bat
C:\Documents and Settings\All Users\Application Data\puco.bin
C:\Documents and Settings\Milos\Application Data\bywex.exe
C:\Documents and Settings\Milos\Application Data\onawuzunu.exe
C:\Program Files\Common Files\bytucini.dl
C:\Program Files\Common Files\mesiwiz.dll
C:\WINDOWS\hirizaco._dl
C:\WINDOWS\iqywe.pif
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\enegylug.ban
C:\WINDOWS\system32\esex.ban
C:\WINDOWS\system32\wini104552664.exe
C:\WINDOWS\System32\winsdrv.dll
C:\WINDOWS\system32\xkdgvuzo.exe
C:\WINDOWS\system32\yviq.lib
C:\WINDOWS\Tasks\AD7D41909192F30C.job
C:\WINDOWS\ybukusu._dl
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\esyrofox.bat
C:\Documents and Settings\All Users\Application Data\Joy coal mpeg heck
C:\Documents and Settings\All Users\Application Data\puco.bin
C:\Documents and Settings\All Users\Application Data\whefubmb
C:\Documents and Settings\All Users\Application Data\whefubmb\ulmvylyb.exe
C:\Documents and Settings\Milos\Application Data\bywex.exe
C:\Documents and Settings\Milos\Application Data\mfcd gram
C:\Documents and Settings\Milos\Application Data\mfcd gram\0
C:\Documents and Settings\Milos\Application Data\onawuzunu.exe
C:\Documents and Settings\Milos\Application Data\VirusRemover2008
C:\Documents and Settings\Milos\Application Data\VirusRemover2008\Logs\scns.log
C:\Program Files\Circle Developement
C:\Program Files\Circle Developement\Uninstall.exe
C:\Program Files\Common Files\bytucini.dl
C:\Program Files\Common Files\mesiwiz.dll
C:\Program Files\MessengerDiscovery
C:\Program Files\MessengerDiscovery\AlertSkinInstaller.exe
C:\Program Files\MessengerDiscovery\jelena91zr@live.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\jelena91zr@live.com\Encrypted.mdl
C:\Program Files\MessengerDiscovery\jelena91zr@live.com\NNHistory.mdl
C:\Program Files\MessengerDiscovery\jelena91zr@live.com\PSMHistory.mdl
C:\Program Files\MessengerDiscovery\jelena91zr@live.com\Unblock.mdl
C:\Program Files\MessengerDiscovery\Languages\Dansk.ini
C:\Program Files\MessengerDiscovery\Languages\Dutch.ini
C:\Program Files\MessengerDiscovery\Languages\Eesti.ini
C:\Program Files\MessengerDiscovery\Languages\English.ini
C:\Program Files\MessengerDiscovery\Languages\Español (Neutral).ini
C:\Program Files\MessengerDiscovery\Languages\Français.ini
C:\Program Files\MessengerDiscovery\Languages\German.ini
C:\Program Files\MessengerDiscovery\Languages\Italiano.ini
C:\Program Files\MessengerDiscovery\Languages\Magyar.ini
C:\Program Files\MessengerDiscovery\Languages\Norsk.ini
C:\Program Files\MessengerDiscovery\Languages\Portuguese (Brazil).ini
C:\Program Files\MessengerDiscovery\Languages\Portuguese (Portugal).ini
C:\Program Files\MessengerDiscovery\Languages\Turkish.ini
C:\Program Files\MessengerDiscovery\Loader.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe.manifest
C:\Program Files\MessengerDiscovery\MessengerDiscovery Today.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery.dll
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\AlertFilter.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\Encrypted.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\NNHistory.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\Pinned.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\PSMHistory.mdl
C:\Program Files\MessengerDiscovery\milosrako@hotmail.com\Unblock.mdl
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Blue\background.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\away.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\background.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\busy.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\close.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\close_sel.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\DO NOT DELETE THIS DIRECTORY OR ITS CONTENTS
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\dpframe.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\move.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\move_sel.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\offline.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\online.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pin.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pin_sel.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pinned.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\pinned_sel.png
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Default\Skin.ini
C:\Program Files\MessengerDiscovery\Resources\Alert Skins\Red\background.png
C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel0.png
C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel1.png
C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel2.png
C:\Program Files\MessengerDiscovery\Resources\Settings\AlertSel3.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon0.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon0_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon1.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon1_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon2.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon2_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon3.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon3_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon4.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon4_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon5.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon5_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon6.png
C:\Program Files\MessengerDiscovery\Resources\Settings\imicon6_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel0.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel1.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel2.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel3.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel4.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel5.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel6.png
C:\Program Files\MessengerDiscovery\Resources\Settings\MenuSel7.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon0.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon0_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon1.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon1_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon2.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon2_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon3.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon3_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon4.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon4_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon5.png
C:\Program Files\MessengerDiscovery\Resources\Settings\tbicon5_disabled.png
C:\Program Files\MessengerDiscovery\Resources\Sounds\Alert.wav
C:\Program Files\MessengerDiscovery\Resources\Sounds\Sounds Copyright.txt
C:\Program Files\MessengerDiscovery\SpellCHK.exe
C:\Program Files\MessengerDiscovery\Spring22@live.com\AlertFilter.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\Encrypted.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\NNHistory.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\Pinned.mdl
C:\Program Files\MessengerDiscovery\Spring22@live.com\PSMHistory.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\AlertFilter.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\AlwaysAllow.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\AlwaysBlock.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\ContactBlocks.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\Encrypted.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\NNHistory.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\Pinned.mdl
C:\Program Files\MessengerDiscovery\springfield90@live.com\PSMHistory.mdl
C:\Program Files\MessengerDiscovery\unins000.dat
C:\Program Files\MessengerDiscovery\unins000.exe
C:\Program Files\MessengerDiscovery\unzip.dll
C:\Program Files\MessengerDiscovery\Webcam Record.exe
C:\Program Files\MessengerDiscovery\zizuu_93@hotmail.com\ContactManager.mdl
C:\Program Files\MessengerDiscovery\zizuu_93@hotmail.com\NNHistory.mdl
C:\Program Files\MessengerDiscovery\zizuu_93@hotmail.com\PSMHistory.mdl
C:\Program Files\mfcd gram
C:\WINDOWS\hirizaco._dl
C:\WINDOWS\iqywe.pif
C:\WINDOWS\lomxeqsn.exe
C:\WINDOWS\system32\_scui.cpl
C:\WINDOWS\system32\enegylug.ban
C:\WINDOWS\system32\esex.ban
C:\WINDOWS\system32\wini104552664.exe
C:\WINDOWS\system32\xkdgvuzo.exe
C:\WINDOWS\system32\yviq.lib
C:\WINDOWS\Tasks\AD7D41909192F30C.job
C:\WINDOWS\ybukusu._dl
.
((((((((((((((((((((((((( Files Created from 2008-09-16 to 2008-10-16 )))))))))))))))))))))))))))))))
.
2008-10-15 21:06 . 2008-10-15 21:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-15 21:05 . 2008-10-15 21:06 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-10-15 20:51 . 2008-10-15 20:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-10-15 20:51 . 2008-10-15 20:51 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\Lavasoft
2008-10-15 20:49 . 2008-10-15 20:49 <DIR> d-------- C:\Program Files\Startup Mechanic
2008-10-15 19:04 . 2008-10-15 19:04 91 --a------ C:\WINDOWS\tdw.ini
2008-10-15 17:32 . 2008-10-15 17:32 <DIR> d-------- C:\mp3-millennium
2008-10-15 17:32 . 2008-10-15 17:32 724,992 --a------ C:\WINDOWS\iun6002.exe
2008-10-13 15:10 . 2008-10-13 15:10 <DIR> d-------- C:\Program Files\Common Files\Adobe AIR
2008-10-13 15:09 . 2008-10-13 15:09 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-10-13 15:05 . 2008-10-13 16:48 <DIR> d-------- C:\Program Files\NOS
2008-10-13 15:05 . 2008-10-13 16:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NOS
2008-10-09 12:56 . 2008-10-09 12:56 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\THQ
2008-10-09 12:39 . 2008-10-09 12:39 <DIR> d-------- C:\Program Files\THQ
2008-10-09 12:13 . 2008-10-09 12:13 <DIR> d-------- C:\Program Files\Rockstar Games
2008-10-07 12:28 . 2006-05-16 10:58 73,728 --a------ C:\WINDOWS\system32\ISUSPM.cpl
2008-10-07 12:27 . 2008-10-07 12:27 <DIR> d-------- C:\Documents and Settings\Milos\Application Data\InstallShield
2008-10-06 15:07 . 2008-10-06 15:07 <DIR> d-------- C:\Program Files\GameSpy
2008-10-06 14:56 . 2008-10-06 14:56 <DIR> d-------- C:\Program Files\Sierra Entertainment
2008-10-06 14:56 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-10-06 14:11 . 2008-10-06 14:11 <DIR> dr-h----- C:\Documents and Settings\Milos\Application Data\SecuROM
2008-10-06 14:11 . 2008-10-06 14:11 107,888 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2008-10-06 14:08 . 2008-10-06 14:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\InstallShield
2008-10-06 13:53 . 2007-05-31 19:30 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2008-10-06 13:53 . 2007-05-31 19:29 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2008-10-06 13:52 . 2007-05-16 16:45 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2008-10-06 13:52 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-10-06 13:52 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-10-06 13:52 . 2007-04-04 18:53 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-10-06 13:51 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-10-06 13:51 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-10-06 13:51 . 2007-04-04 18:55 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2008-10-06 13:49 . 2007-03-12 16:42 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2008-10-06 13:49 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-10-06 13:48 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-10-06 13:48 . 2006-09-28 16:05 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2008-10-06 13:48 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-10-06 13:48 . 2007-03-05 12:42 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2008-10-06 13:47 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-10-06 13:47 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-10-06 13:44 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-10-06 01:19 . 2008-10-06 01:19 <DIR> d-------- C:\Program Files\XviD
2008-10-05 03:22 . 2008-10-05 03:22 <DIR> d--hs---- C:\INCINERATE
2008-10-05 03:10 . 2008-10-05 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony Ericsson
2008-10-05 03:09 . 2008-10-05 03:09 <DIR> d-------- C:\Program Files\Sony Ericsson
2008-10-05 03:09 . 2008-10-05 03:10 <DIR> d-------- C:\Program Files\Common Files\Sony Ericsson Shared
2008-10-05 03:09 . 2008-10-05 03:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-10-04 16:57 . 2008-10-04 16:57 26,214,400 --a------ C:\WINDOWS\system32\cxl1705
2008-09-23 13:58 . 2008-09-23 13:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Default
2008-09-23 13:32 . 2008-09-24 18:24 <DIR> d-------- C:\Program Files\Acclaim Entertainment
2008-09-21 14:01 . 2008-09-21 14:01 <DIR> d-------- C:\Program Files\KONAMI
2008-09-21 12:40 . 2008-10-08 13:34 <DIR> d-------- C:\Documents and Settings\Mikan\Application Data\InstallShield
2008-09-19 21:41 . 2008-09-19 21:41 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-09-19 21:38 . 2008-09-19 21:38 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-09-19 21:38 . 2008-09-19 21:39 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-09-19 21:38 . 2006-09-25 17:58 23,856 --a------ C:\WINDOWS\system32\spupdsvc.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-16 15:08 585,760 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-16 15:08 12,164,128 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-16 11:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-16 01:51 57,260 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-16 01:51 165,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-14 15:46 --------- d-----w C:\Documents and Settings\Milos\Application Data\uTorrent
2008-10-12 17:02 7,780 ----a-w C:\Documents and Settings\Mikan\FMCodec.dat
2008-10-09 10:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-10-05 14:28 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Teleca
2008-10-05 14:26 --------- d-----w C:\Program Files\Warcraft III
2008-10-05 01:10 --------- d-----w C:\Program Files\Common Files\Teleca Shared
2008-09-14 15:36 2,829 ----a-w C:\WINDOWS\War3Unin.pif
2008-09-14 15:36 126,976 ----a-w C:\WINDOWS\War3Unin.exe
2008-09-14 14:57 --------- d-----w C:\Documents and Settings\Mikan\Application Data\CyberLink
2008-09-12 12:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-09-11 09:26 --------- d-----w C:\Program Files\Messenger Plus! Live
2008-09-10 22:48 --------- d-----w C:\Program Files\AC3Filter
2008-09-04 13:58 --------- d-----w C:\Program Files\topdownloads
2008-09-04 13:55 --------- d-----w C:\Program Files\weblin
2008-09-04 13:54 --------- d-----w C:\Documents and Settings\Milos\Application Data\zweitgeist
2008-08-28 21:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-08-28 06:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\Sony Ericsson
2008-08-28 06:46 --------- d-----w C:\Documents and Settings\Guest\Application Data\Nero
2008-08-27 13:55 --------- d-----w C:\Program Files\Google
2008-08-27 12:26 --------- d-----w C:\Documents and Settings\Mikan\Application Data\ACD Systems
2008-08-27 12:24 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Winamp
2008-08-27 08:20 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Sony Ericsson
2008-08-27 08:20 --------- d-----w C:\Documents and Settings\Mikan\Application Data\Nero
2008-08-23 18:10 --------- d-----w C:\Documents and Settings\Milos\Application Data\Winamp
2008-08-23 08:28 --------- d-----w C:\Documents and Settings\Milos\Application Data\AdobeUM
2008-08-22 04:11 --------- d-----w C:\Documents and Settings\Milos\Application Data\Desktopicon
2008-08-21 14:55 --------- d-----w C:\Program Files\AskTBar
2008-08-20 23:50 --------- d-----w C:\Documents and Settings\Milos\Application Data\CyberLink
2008-08-20 23:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-20 23:41 --------- d-----w C:\Program Files\CyberLink
2008-08-20 23:29 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-08-20 23:27 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-20 22:07 --------- d-----w C:\Documents and Settings\Milos\Application Data\Nero
2008-08-20 22:04 --------- d-----w C:\Program Files\Common Files\Nero
2008-08-20 21:59 --------- d-----w C:\Program Files\Nero
2008-08-20 21:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-08-20 21:51 --------- d-----w C:\Documents and Settings\Milos\Application Data\Apple Computer
2008-08-20 21:50 --------- d-----w C:\Documents and Settings\Milos\Application Data\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Program Files\ACD Systems
2008-08-20 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-08-20 21:48 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-08-20 21:33 --------- d-----w C:\Program Files\Windows Live
2008-08-20 21:20 --------- d-----w C:\Program Files\Disc2Phone
2008-08-20 21:19 --------- d-----w C:\Documents and Settings\Milos\Application Data\Teleca
2008-08-20 21:12 --------- d-----w C:\Program Files\QuickTime
2008-08-20 21:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-20 21:09 --------- d-----w C:\Documents and Settings\Milos\Application Data\Sony Ericsson
2008-08-20 21:04 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-20 20:54 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-20 20:54 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-20 20:54 112,144 ----a-w C:\WINDOWS\system32\drivers\kl1.sys
2008-08-20 20:44 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-20 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-20 20:35 --------- d-----w C:\Program Files\Vimicro
2008-08-20 20:27 --------- d-----w C:\Program Files\Common Files\Ulead Systems
2008-08-20 20:26 --------- d-----w C:\Program Files\WinFast
2008-08-20 20:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ulead Systems
2008-08-20 20:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-08-20 20:07 --------- d-----w C:\Program Files\Realtek Sound Manager
2008-08-20 20:07 --------- d-----w C:\Program Files\AvRack
2008-08-20 19:19 --------- d-----w C:\Program Files\microsoft frontpage
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Mikan\FMCodec.dat -- Not a PE file.
MD5: 9aa6ef0efea7cdd91c9fc67a77f34d6b
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-08-20 57344]
[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Startup Manager Scanner"="C:\Program Files\Startup Mechanic\StartupMonitor.exe" [2004-09-05 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-02-13 7557120]
"BigDog305"="C:\WINDOWS\VM305_STI.EXE" [BU]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Program Files\\Achilles-Script 4.5 White\\Mirc.exe"=
"D:\\Program Files\\Achilles-Script 4.5 Black\\Mirc.exe"=
"D:\\Program Files\\SHOUTcast\\sc_serv.exe"=
"D:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Internet Security 7.0\\avp.exe"=
"D:\\Program Files\\Warcraft III\\ftinst.tmp\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"C:\\Program Files\\Warcraft III\\War3.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"=
R1 HFSYS;HFSYS;C:\WINDOWS\system32\drivers\HFSYS.SYS [2003-03-12 19860]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2006-04-20 59776]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2006-04-20 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2006-04-20 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-12-13 24592]
R3 ZSMC0305;Vimicro USB PC Camera (VC0305);C:\WINDOWS\system32\Drivers\usbVM305.sys [2006-08-10 391737]
S3 FXDRV;FXDRV;E:\Fxdrv.sys [ ]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 9446]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f64bf5f1-6f7a-11dd-89c9-001558156083}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
.
- - - - ORPHANS REMOVED - - - -
Toolbar-{7C554665-B775-4305-BAE6-E310B361F216} - C:\WINDOWS\rosqxvmn.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-16 17:08:41
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-16 17:10:57
ComboFix-quarantined-files.txt 2008-10-16 15:10:36
ComboFix2.txt 2008-10-15 20:58:52
Pre-Run: 10,277,834,752 bytes free
Post-Run: 10,399,797,248 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
386
|
|
|
|
|
|
Poslao: 16 Okt 2008 18:35
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Prva slika - vidi se da KIS pokušava da se upiše u Startup sekciju. Potrebno je to da dozvoliš kada ti Startup Monitor prijavi promenu u registru.
Druga slika - to nije program u sklopu MSN-a; MessengerDiscovery je adware i u prethodnom postupku je obrisan. Preostaje ti samo da obrišeš shortcut-ove sa Desktopa ili start menija ukoliko još postoje.
Ukoliko želiš da koristiš taj program, reinstaliraj ga (mada ja to ne bih preporučio).
Softver za TV karticu (i ne samo to)... Koliko vidim, gomila programa koji su se ranije pokretali sa Windows-om to više ne rade.
To si ti sam uradio korišćenjem nekog programa - i to je urađeno između poslednja dva uputstva koja si dobio. Prosto, ako želiš da ti se neki program pokreće sa Windows-om, onda ponovo iskoristi taj isti program da bi to omogućio.
Na Desktop-u imaš još nekoliko zaostalih file-ove koji su za brisanje:
System Error Fixer
Malware Defender
Virus Remover
Protect Your Privacy
Još nešto?
|
|
|
|