offline
- philip1s
- Građanin
- Pridružio: 06 Jan 2009
- Poruke: 265
|
Napisano: 29 Sep 2009 18:03
Imam ovo, samo ne znam otkud mi na c: particiji i sto je najgore od svega, ne mogu da obrisem to... Moze li da bude virus... U njemu se nalazi folder open office koji ne mogu da otvorim. -- Sorry za offtopic.
ComboFix 09-09-28.01 - Luxon 09/29/2009 17:35.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.277 [GMT 2:00]
Running from: c:\documents and settings\Luxon\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-08-28 to 2009-09-29 )))))))))))))))))))))))))))))))
.
2009-09-29 12:07 . 2009-09-29 12:28 -------- d-----w- c:\documents and settings\Luxon\Application Data\Hide IP NG
2009-09-28 20:25 . 2009-09-28 20:25 -------- d-----w- c:\documents and settings\Luxon\Application Data\Malwarebytes
2009-09-28 20:25 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-28 20:25 . 2009-09-28 20:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-28 20:24 . 2009-09-28 20:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-28 20:24 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-28 17:02 . 2009-09-29 15:37 -------- d-----w- c:\program files\PeerGuardian2
2009-09-28 15:08 . 2009-09-28 15:09 -------- d-----w- c:\documents and settings\Luxon\.housecall6.6
2009-09-27 16:07 . 2009-07-22 20:39 13056 ----a-w- c:\windows\SPORDER.EXE
2009-09-27 12:08 . 2009-09-27 12:09 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2009-09-27 12:03 . 2009-09-27 12:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2009-09-27 12:03 . 2009-09-28 19:57 -------- d-----w- c:\program files\DAP
2009-09-27 11:46 . 2009-09-27 13:56 -------- d-----w- c:\documents and settings\Luxon\Application Data\BitTorrent
2009-09-27 11:31 . 2009-09-27 11:31 -------- d-----w- c:\program files\BitTorrent
2009-09-27 11:25 . 2009-09-27 13:56 -------- d-----w- c:\program files\BitTorrent Turbo Accelerator
2009-09-26 17:27 . 2009-09-26 17:27 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\documents and settings\Luxon\Application Data\SUPERAntiSpyware.com
2009-09-26 17:26 . 2009-09-26 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-26 16:15 . 2009-09-26 16:15 -------- d-----w- c:\program files\uTorrent
2009-09-26 16:15 . 2009-09-26 16:46 -------- d-----w- c:\documents and settings\Luxon\Application Data\uTorrent
2009-09-26 14:43 . 2009-09-26 14:43 -------- d-----w- C:\Sandbox
2009-09-26 14:40 . 2009-09-26 14:40 -------- d-----w- c:\program files\Sandboxie
2009-09-26 13:24 . 2009-09-26 13:24 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-09-26 13:23 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-26 13:08 . 2009-09-26 13:08 -------- d-----w- c:\documents and settings\Luxon\Local Settings\Application Data\Opera
2009-09-26 13:08 . 2009-09-26 13:08 -------- d-----w- c:\program files\Opera
2009-09-26 12:20 . 2009-09-26 12:50 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-09-26 12:20 . 2009-09-26 12:50 107547 ----a-w- c:\windows\system32\drivers\klin.dat
2009-09-26 12:19 . 2009-09-29 15:34 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-26 12:19 . 2009-09-29 08:33 3354656 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-26 12:19 . 2009-09-26 12:19 -------- d-----w- c:\program files\Kaspersky Lab
2009-09-24 11:12 . 2009-09-24 11:18 -------- d-----w- c:\program files\Super Internet TV
2009-09-23 09:55 . 2009-09-23 09:55 -------- d---a-w- c:\windows\rundll16.exe
2009-09-23 09:55 . 2009-09-23 09:55 -------- d---a-w- c:\windows\logo1_.exe
2009-09-21 16:31 . 2009-09-21 16:31 -------- d-----w- c:\windows\MsTemp
2009-09-21 16:31 . 2009-09-21 16:31 -------- d-----w- c:\windows\IN
2009-09-21 15:46 . 2009-09-21 15:47 5455261 ----a-w- c:\windows\REGBK00.ZIP
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\VDLL.DLL
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\system32\runouce.exe
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\RUNDL132.EXE
2009-09-21 15:10 . 2009-09-21 15:10 -------- d---a-w- c:\windows\logo_1.exe
2009-09-21 15:04 . 2009-09-21 15:04 632064 ----a-w- c:\windows\system32\msvcr80.dll
2009-09-21 15:04 . 2009-09-21 15:04 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-09-21 15:04 . 2009-05-08 14:39 270472 ------w- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-21 15:01 . 2009-07-30 22:51 125448 ----a-w- c:\windows\killproc.exe
2009-09-19 15:01 . 2009-09-19 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-14 17:00 . 2007-01-29 16:03 118784 ------w- c:\windows\system32\fppr232.dll
2009-09-14 17:00 . 2007-01-29 16:00 311296 ------w- c:\windows\system32\fppmon2.dll
2009-09-14 16:47 . 2009-09-14 16:47 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-09-14 16:47 . 2009-09-14 16:49 51716 ----a-w- c:\windows\system32\pdf995mon.dll
2009-09-14 16:47 . 2009-09-14 16:49 249856 ----a-w- c:\windows\system32\pdfmona.dll
2009-09-14 16:47 . 2009-09-14 16:48 -------- d-----w- c:\program files\pdf995
2009-09-09 11:14 . 2006-06-28 09:54 49152 ----a-r- c:\windows\Domino.EXE
2009-09-09 11:14 . 2005-08-08 08:36 114688 ----a-r- c:\windows\VM305Cap.exe
2009-09-09 11:14 . 2006-06-28 09:39 49152 ----a-r- c:\windows\VMSnap5.EXE
2009-09-09 11:14 . 2005-05-03 07:51 176128 ----a-r- c:\windows\amcap.exe
2009-09-09 11:14 . 2005-08-05 10:36 81920 ----a-r- c:\windows\system32\VM305STI.dll
2009-09-09 11:14 . 2006-08-10 04:32 391737 ----a-r- c:\windows\system32\drivers\usbVM305.sys
2009-09-09 11:14 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2009-09-09 11:14 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2009-09-08 19:47 . 2001-08-17 20:36 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2009-09-08 19:47 . 2001-08-17 20:36 175104 ----a-w- c:\windows\system32\csamsp.dll
2009-09-08 19:47 . 2001-08-17 11:57 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2009-09-08 19:47 . 2001-08-17 11:57 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2009-09-08 19:40 . 2009-09-08 19:40 -------- d-----w- c:\windows\system32\drivers\SLDRV
2009-09-08 19:40 . 2005-05-10 10:54 77824 ----a-w- c:\windows\system32\slmdmco.dll
2009-09-08 19:40 . 2005-05-10 10:53 61440 ----a-w- c:\windows\system32\slmdmsr.exe
2009-09-08 19:40 . 2005-05-10 10:50 192512 ----a-w- c:\windows\system32\slmdmgx.dll
2009-09-08 19:40 . 2005-05-10 10:49 221184 ----a-w- c:\windows\system32\slmdmsp.dll
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\documents and settings\Luxon\Local Settings\Application Data\Innovative Solutions
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions
2009-09-08 19:29 . 2009-09-08 19:29 -------- d-----w- c:\program files\Innovative Solutions
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-29 15:33 . 2009-09-26 12:19 3920 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-29 14:57 . 2009-06-16 21:15 -------- d-----w- c:\documents and settings\Luxon\Application Data\.purple
2009-09-29 14:37 . 2009-06-17 15:07 -------- d-----w- c:\program files\Medjed-Skript v1.5 Black
2009-09-29 12:28 . 2009-08-01 12:31 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-09-29 10:20 . 2009-08-24 11:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-09-29 08:33 . 2009-09-26 12:19 28336 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-28 10:54 . 2009-06-16 21:13 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-28 10:42 . 2009-06-16 20:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-09-27 13:59 . 2009-06-16 20:17 -------- d-----w- c:\documents and settings\Luxon\Application Data\Skype
2009-09-27 13:32 . 2009-06-17 20:14 -------- d-----w- c:\documents and settings\Luxon\Application Data\skypePM
2009-09-27 09:02 . 2009-06-16 20:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-26 17:28 . 2009-07-11 12:14 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-09-26 17:28 . 2009-07-11 12:14 88 --sh--r- c:\documents and settings\All Users\Application Data\196C603409.sys
2009-09-26 17:17 . 2009-06-17 16:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-09-26 17:17 . 2009-06-17 16:27 -------- d-----w- c:\program files\Lavasoft
2009-09-26 14:56 . 2009-06-16 21:13 -------- d-----w- c:\program files\SpywareBlaster
2009-09-26 13:06 . 2008-01-29 16:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-09-26 12:16 . 2009-08-20 13:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-09-24 10:23 . 2009-09-21 15:02 -------- d-----w- c:\documents and settings\All Users\Application Data\MicroWorld
2009-09-21 15:11 . 2009-09-21 15:01 1124872 ----a-w- c:\windows\system32\contfilt.dll
2009-09-21 15:11 . 2009-09-21 15:01 178696 ----a-w- c:\windows\system32\mwnsp.dll
2009-09-21 15:11 . 2009-09-21 15:01 539144 ----a-w- c:\windows\system32\mwtsp.dll
2009-09-21 15:02 . 2009-09-21 15:02 -------- d-----w- c:\documents and settings\Luxon\Application Data\MicroWorld
2009-09-21 15:02 . 2009-09-21 15:01 -------- d-----w- c:\program files\Common Files\MicroWorld
2009-09-21 15:02 . 2009-09-21 15:02 105944 ----a-w- c:\windows\winsbak2.reg
2009-09-08 15:23 . 2009-07-12 23:31 -------- d-----w- c:\documents and settings\Luxon\Application Data\gtk-2.0
2009-08-30 14:40 . 2009-08-30 14:40 -------- d-----w- c:\program files\Common Files\Vbox
2009-08-28 11:26 . 2009-08-28 11:20 -------- d-----w- c:\program files\Wise Registry Cleaner
2009-08-26 16:32 . 2009-08-26 16:32 -------- d-----w- c:\program files\Microsoft Virtual PC
2009-08-24 19:24 . 2009-08-24 18:59 -------- d-----w- c:\program files\Google
2009-08-23 14:20 . 2009-08-23 14:20 -------- d-----w- c:\program files\Free WMV to AVI MPEG Converter
2009-08-23 14:03 . 2009-08-05 19:56 -------- d-----w- c:\program files\Free Video Converter
2009-08-23 14:03 . 2009-06-16 22:11 20328 ----a-w- c:\documents and settings\Luxon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-22 14:27 . 2009-08-09 21:56 -------- d-----w- c:\program files\ApexDC++
2009-08-21 17:06 . 2009-08-20 23:05 -------- d-----w- c:\program files\fastcall
2009-08-20 22:30 . 2009-08-20 22:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-08-20 22:28 . 2009-08-20 22:28 -------- d-----w- c:\program files\Yahoo!
2009-08-20 22:21 . 2009-08-20 21:47 -------- d-----w- c:\documents and settings\Luxon\Application Data\FreeCall
2009-08-20 21:42 . 2009-08-20 21:01 -------- d-----w- c:\documents and settings\Luxon\Application Data\VoipBuster
2009-08-20 15:14 . 2009-08-20 15:14 -------- d-----w- c:\documents and settings\Luxon\Application Data\Sony Ericsson
2009-08-20 15:14 . 2009-08-20 15:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-08-20 13:24 . 2009-08-19 14:50 -------- d-----w- c:\program files\COMODO
2009-08-20 10:32 . 2009-08-19 15:56 280016 ----a-w- c:\windows\system32\drivers\sfi.dat
2009-08-19 15:56 . 2009-06-16 20:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-19 11:30 . 2009-08-19 11:30 -------- d-----w- c:\program files\Alcohol Soft
2009-08-19 11:29 . 2009-08-14 15:06 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-08-19 11:29 . 2009-08-15 13:14 -------- d-----w- c:\program files\IRCXpro
2009-08-19 11:29 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-17 21:38 . 2009-06-16 19:37 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-16 13:24 . 2009-08-16 13:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-14 13:42 . 2009-08-02 10:15 -------- d-----w- c:\documents and settings\Luxon\Application Data\Download Manager
2009-08-12 22:48 . 2009-08-09 19:37 20328 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-08-09 19:22 . 2009-08-09 19:22 -------- d-----w- c:\program files\Torbutton
2009-08-07 22:58 . 2009-08-07 22:58 -------- d-----w- c:\program files\MSBuild
2009-08-07 22:58 . 2009-08-07 22:58 -------- d-----w- c:\program files\Reference Assemblies
2009-08-07 08:32 . 2009-08-24 17:28 1076 ----a-w- c:\windows\GenuineXP.reg
2009-08-06 22:26 . 2009-08-06 22:26 -------- d-----w- c:\program files\avijoin
2009-08-05 20:35 . 2009-08-05 20:35 -------- d-----w- c:\program files\URUSoft
2009-08-05 14:23 . 2009-07-25 14:51 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-08-05 12:42 . 2009-08-05 12:32 -------- d-----w- c:\documents and settings\Luxon\Application Data\Ahead
2009-08-05 12:36 . 2009-08-05 12:36 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2009-08-05 12:34 . 2009-08-05 12:34 -------- d-----w- c:\program files\Common Files\LightScribe
2009-08-05 12:34 . 2009-08-05 12:29 -------- d-----w- c:\program files\Common Files\Ahead
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-08-05 12:29 . 2009-08-05 12:29 -------- d-----w- c:\program files\Nero
2009-08-05 11:11 . 2009-06-16 20:34 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-05 09:01 . 2004-08-04 01:07 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-02 10:19 . 2009-08-02 10:19 -------- d-----w- c:\program files\YouTube Downloader
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Common Files\xing shared
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Common Files\Real
2009-08-01 21:20 . 2003-03-18 18:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-08-01 21:20 . 2003-02-21 02:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-08-01 21:20 . 2009-08-01 21:20 -------- d-----w- c:\program files\Real
2009-08-01 18:28 . 2009-08-01 18:28 -------- d-----w- c:\program files\MSXML 4.0
2009-08-01 14:01 . 2009-08-01 13:43 -------- d-----w- c:\documents and settings\Luxon\Application Data\TeamViewer
2009-08-01 13:43 . 2009-08-01 13:43 -------- d-----w- c:\program files\TeamViewer
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Microsoft
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Windows Live
2009-08-01 12:40 . 2009-08-01 12:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-01 12:31 . 2009-08-01 12:31 -------- d-----w- c:\documents and settings\Luxon\Application Data\Thunderbird
2009-08-01 12:28 . 2009-08-01 12:28 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-30 23:01 . 2009-09-21 15:01 182792 ----a-w- c:\windows\system32\BACKUP.16677845.mwnsp.dll
2009-07-30 23:00 . 2009-09-21 15:01 1124872 ----a-w- c:\windows\system32\BACKUP.10122138.contfilt.dll
2009-07-30 22:52 . 2009-09-21 15:01 543240 ----a-w- c:\windows\system32\BACKUP.47394011.mwtsp.dll
2009-07-30 22:52 . 2009-09-21 15:01 237576 ----a-w- c:\windows\inst_tspx.exe
2009-07-30 22:52 . 2009-09-21 15:01 178696 ----a-w- c:\windows\inst_tsp.exe
2009-07-30 18:17 . 2009-07-30 18:18 410976 ----a-w- c:\windows\system32\deploytk.dll
2009-07-30 17:51 . 2009-07-30 17:51 604488 ----a-w- c:\windows\system32\TUProgSt.exe
2009-07-30 17:51 . 2009-07-30 17:51 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-27 11:42 . 2009-07-27 11:42 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-07-25 14:20 . 2009-07-25 14:20 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-07-17 19:01 . 2004-08-04 01:07 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 17:09 . 2009-09-21 15:01 135936 ----a-w- c:\windows\system32\ZIPDLL.DLL
2009-07-15 17:08 . 2009-09-21 15:01 130816 ----a-w- c:\windows\system32\UNZDLL.DLL
2009-07-15 17:08 . 2009-09-21 15:01 13840 ----a-w- c:\windows\system32\sporder.dll
2009-07-15 17:08 . 2009-09-21 15:01 13840 ----a-w- c:\windows\sporder.dll
2009-07-15 09:48 . 2009-07-30 17:51 29000 ----a-w- c:\windows\system32\uxtuneup.dll
2009-07-13 21:43 . 2004-08-04 01:07 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 01:07 915456 ------w- c:\windows\system32\wininet.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-09-26 208616]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-07-27 7184384]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2005-07-22 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"LoginPrompt"= 94988A829E818C9B848C94988ADDDE
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
[HKLM\~\startupfolder\C:^Documents and Settings^Luxon^Start Menu^Programs^Startup^BitTorrent Turbo Accelerator.lnk]
path=c:\documents and settings\Luxon\Start Menu\Programs\Startup\BitTorrent Turbo Accelerator.lnk
backup=c:\windows\pss\BitTorrent Turbo Accelerator.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDog305
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Corel File Shell Monitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Medjed-Skript v1.5 Black\\mirc.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\PROGRA~1\\COMMON~1\\MICROW~1\\Agent\\MWAGENT.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [9/15/2009 11:42 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 74480]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 6:06 PM 24592]
R3 SbieDrv;SbieDrv;c:\program files\Sandboxie\SbieDrv.sys [5/28/2009 3:32 PM 108032]
S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [7/30/2009 7:51 PM 604488]
S3 econceal;MicroWorld Technologies Network Service;c:\windows\system32\DRIVERS\econceal.sys --> c:\windows\system32\DRIVERS\econceal.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 7408]
S3 ZSMC0305;Vimicro USB PC Camera (VC0305);c:\windows\system32\drivers\usbVM305.sys [9/9/2009 1:14 PM 391737]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - PGFILTER
*NewlyCreated* - PXTDAPOB
*Deregistered* - pxtdapob
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = plimus.com,www.plimus.com,regnow.com,www.regnow.com,
IE: &Clean Traces
IE: &Download with &DAP
IE: Add to Banner Ad Blocker - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: Download &all with DAP
LSP: c:\progra~1\SPEEDB~1\sblsp.dll
FF - ProfilePath - c:\documents and settings\Luxon\Application Data\Mozilla\Firefox\Profiles\bjeykgh2.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.
- - - - ORPHANS REMOVED - - - -
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-29 17:40
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1229272821-1482476501-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{FD711827-7373-FF5C-AB83-18E4E4C97ED3}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iakfmjkambomibpkfj"=hex:6b,61,6e,66,6e,68,68,69,69,63,70,68,70,6f,66,6c,69,61,
64,67,67,6b,00,00
"jakgaegpjddjgogcdmee"=hex:62,61,6d,61,00,00
"jakgaegpjddjgogcdmie"=hex:62,61,66,61,00,00
"haegojmeebjolijd"=hex:6b,61,6e,66,6e,68,68,69,69,63,70,68,70,6f,66,6c,69,61,
64,67,67,6b,00,00
"iaegojjjmdknddbean"=hex:68,61,6a,66,63,6b,6e,61,70,6e,61,6c,6f,61,6c,64,00,21
"haodeenkdmkpbklg"=hex:61,61,00,7c
"jalgjdfnpedbbaflenln"=hex:61,61,00,7c
"jabglllgdfhclieckgng"=hex:62,61,61,67,00,e6
"baie"=hex:63,61,6d,61,70,68,00,00
"bafe"=hex:63,61,6a,61,61,6a,00,00
"caldog"=hex:64,61,66,61,63,64,69,67,00,7d
"caldng"=hex:64,61,6b,61,68,63,6c,70,00,7d
"ialedbiopaiglfmaal"=hex:65,61,6e,66,70,68,6c,68,6c,61,00,77
"ialedbiopaiglfmabl"=hex:64,61,68,61,67,6a,6b,68,00,61
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FD711827-7373-FF5C-AB83-18E4E4C97ED3}\InProcServer32*]
"jaahagonobicmdgehilk"=hex:63,61,63,67,6f,6b,00,77
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1356)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
- - - - - - - > 'explorer.exe'(1292)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\ADFSMenu.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\BIB.dll
c:\windows\system32\nvcpl.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2009-09-29 17:42
ComboFix-quarantined-files.txt 2009-09-29 15:42
Pre-Run: 14,375,190,528 bytes free
Post-Run: 14,334,545,920 bytes free
351 --- E O F --- 2009-09-26 13:29
I jos nesto....Zasto mene bilo ko napada? :S Primetio sam da su dve ip iz moje drzave...Da li da ih prijavim provajderu?
|