MSN virus?

1

MSN virus?

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Ovako, dobio sam izgleda neki virus preko MSN-a. Sad kad god se ulogujem izgleda da se taj virus svim mojim kontaktima salje, tj. posalje im link na koji bi oni trebalo da kliknu da bi postali zarazeni. Dal neko zna kako da ga odstranim?

Pozz

offline
  • Piksi  Male
  • Elitni građanin
  • Pridružio: 13 Nov 2003
  • Poruke: 2435

Izvinjavam se sto pisem u ovom delu foruma,ali vidim da niko iz AMF tima nije online...

Pre svega,trebalo bi da promenis password svog accounta.Zatim isprati ovo upustvo i postavi log ovde ->
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Imam jedan problem, nemogu da promenim password. Dobijam gresku:
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.

Nisam siguran dal samo ja nemogu da promenim password ili je to trenutno svima tako (registrovan sam na hotmail.com).

evo loga:

Logfile of HijackThis v1.99.1
Scan saved at 2:16:31 AM, on 3/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\mnoGoSearch\MnoGoService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\msn.com
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\wincmd\TOTALCMD.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
C:\Documents and Settings\HOME\Desktop\New Folder\TR3.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2A598A07-F2E4-463C-952B-B6C3FE042304} - C:\WINDOWS\system32\mljgh.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AB0578AE-853A-41BE-B81E-069EECA9FDB8} - C:\WINDOWS\system32\vtutt.dll (file missing)
O2 - BHO: (no name) - {C5D1C0C0-500D-42F8-890F-868282C24CA5} - C:\WINDOWS\system32\ddayx.dll (file missing)
O2 - BHO: {167465d4-ff9b-dfc9-0454-7bcbebcd0a3d} - {d3a0dcbe-bcb7-4540-9cfd-b9ff4d564761} - C:\WINDOWS\system32\ruojabpq.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows live Messenger] msn.com
O4 - HKLM\..\Run: [38fefc8e] rundll32.exe "C:\WINDOWS\system32\neqdhgva.dll",b
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C99FC6AE-2726-487C-AFAE-35C8A3278F43}: NameServer = 80.74.164.249 80.74.160.38
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: ddcbbca - ddcbbca.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O20 - Winlogon Notify: wvuvstt - wvuvstt.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InterBase Guardian (InterBaseGuardian) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibguard.exe
O23 - Service: InterBase Server (InterBaseServer) - Borland Software Corporation - C:\Program Files\Borland\InterBase\bin\ibserver.exe
O23 - Service: MnoGoService - Unknown owner - C:\Program Files\mnoGoSearch\MnoGoService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Što se passworda tiče probaj malo kasnije da ga zameniš. Možda je problem do hotmail servisa.

Na sistemu se vide tragovi infekcije, mada to ne mora da znači da si je to posledica tkz. "msn virusa". Reci mi kakvu tačno poruku dobijaju tvoji kontakti? Da se nisi u skorije vreme registrovao na nekom sajtu gde ti je traženo da ostaviš msn user i pass? [read --> http://www.mycity.rs/Zastita/MSN-Phishing-adresa.html ]

---------------
A sad da rešimo ovo..

Prvo:
Na upload zapakuj u zip/rar i pošalji fajlove sa sledećih putanja:
C:\Program Files\mnoGoSearch\MnoGoService.exe
C:\WINDOWS\msn.com

Link za upload ---> http://www.mycity.rs/ambulanta-upload.php

Zatim:
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Ovako,
Evo poruke koju dobijaju moji kontakti:
Hey, this looks alot like you hxxp://msnxxx.gigacities.net/viewimage.php?=xxxxxxx@yahoo.com
edit linka by demian

Naravno svaki kontakt dobija sve isto osim sto na kraju pise njegova adresa. Nisam se nigde registrovao u skorije vreme, problem je nastao jer je moj drug izgleda bio zarazen. Tj. pre 2 dana mi je na chatu reko pogledaj ovaj link: a onda sam ja u medjuvremenu od njega dobio slican link gore navedenom i kliknuo. A on mi je kasno rekao da ne klikcem na njega to je pogresan link Sad

Prvi file, tj. MnoGoService.exe je uploadovan.

A sto se tice file-a C:\WINDOWS\msn.com ne mogu da ga pronadjem. Izgleda da ne postoji vise.

Evo loga ComboFix.txt:


ComboFix 08-03-22.3 - HOME 2008-03-23 17:32:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1538 [GMT 1:00]
Running from: C:\Documents and Settings\HOME\Desktop\New Folder\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
-- Other TimeOuts --
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF29899.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-23 "C:\Program Files\*"
CF29899.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\avghdqen.ini
C:\WINDOWS\system32\Cfx32.lic
C:\WINDOWS\system32\cfx32.ocx
C:\WINDOWS\system32\dylxsoca.dll
C:\WINDOWS\system32\hgjlm.ini
C:\WINDOWS\system32\hgjlm.ini2
C:\WINDOWS\system32\neqdhgva.dll
C:\WINDOWS\system32\qomnklj.dll
C:\WINDOWS\system32\ruojabpq.dll
C:\WINDOWS\system32\ttutv.ini
C:\WINDOWS\system32\ttutv.ini2
C:\WINDOWS\system32\tuvspnk.dll
C:\WINDOWS\system32\winsys.exe
C:\WINDOWS\system32\xxyxusq.dll
C:\WINDOWS\system32\xyadd.ini
C:\WINDOWS\system32\xyadd.ini2

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 15:58 . 2008-03-23 16:06 <DIR> d-------- C:\TPW
2008-03-23 15:58 . 1992-06-08 01:50 130,224 --a------ C:\WINDOWS\system\BWCC.DLL
2008-03-23 15:58 . 1992-06-08 01:50 26,960 --a------ C:\WINDOWS\WINHELP.HLP
2008-03-23 15:58 . 1992-06-08 01:50 9,279 --a------ C:\WINDOWS\system\TDDEBUG.386
2008-03-23 15:58 . 2008-03-23 15:58 137 --a------ C:\WINDOWS\TDW.INI
2008-03-23 15:58 . 2008-03-23 16:06 89 --a------ C:\WINDOWS\TPW.INI
2008-03-23 15:58 . 2008-03-23 15:58 41 --a------ C:\WINDOWS\WORKSHOP.INI
2008-03-23 15:36 . 2008-03-23 16:37 <DIR> d-------- C:\lazarus
2008-03-23 15:33 . 2008-03-23 15:33 <DIR> d-------- C:\FPC
2008-03-23 02:51 . 2008-03-23 02:51 <DIR> d-------- C:\Program Files\Willems Soft
2008-03-23 02:51 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-23 01:07 . 2008-03-23 01:07 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\MSNInstaller
2008-03-22 21:51 . 2008-03-22 21:51 <DIR> d-------- C:\Program Files\proDAD
2008-03-22 21:47 . 2008-03-22 21:47 <DIR> d-------- C:\Program Files\Outerspace Software
2008-03-22 21:47 . 2008-03-22 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-22 14:19 . 2008-03-22 19:45 1,543,459 --ahs---- C:\WINDOWS\system32\spxejkbd.ini
2008-03-21 20:14 . 2008-03-21 20:14 442,446 -r-hs---- C:\WINDOWS\msn.com
2008-03-19 12:39 . 2008-03-19 23:02 <DIR> d-------- C:\Program Files\The Logo Creator v5
2008-03-18 23:29 . 2008-03-22 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 23:29 . 2008-03-18 23:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 03:19 . 2008-03-16 03:19 <DIR> d-------- C:\Program Files\Hack the Universe Demo
2008-03-16 03:08 . 2008-03-16 03:08 <DIR> d-------- C:\john1701
2008-03-13 22:35 . 2008-03-13 22:35 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Uniblue
2008-03-13 22:27 . 2008-03-13 22:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-13 22:27 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-13 22:26 . 2008-03-13 22:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-13 11:28 . 2008-03-13 11:28 19,099,116 --a------ C:\za acu.zip
2008-03-13 11:24 . 2008-03-13 18:32 <DIR> d-------- C:\za acu
2008-03-13 11:24 . 2008-03-13 11:24 <DIR> d-------- C:\New Folder
2008-03-12 21:29 . 2008-03-12 21:29 <DIR> d-------- C:\SAMSUNG G810
2008-03-12 21:27 . 2008-03-12 21:29 <DIR> d-------- C:\maki
2008-03-12 18:54 . 2008-03-12 18:54 131 --a------ C:\WINDOWS\chess.ini
2008-03-11 19:29 . 2008-03-17 09:09 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-11 10:56 . 2008-03-11 10:56 4,508,206 --a------ C:\uspesno stojiljkovic.wav
2008-03-09 21:45 . 2008-03-09 21:45 116 -r-hs---- C:\PCGWIN32.LI3
2008-03-09 21:36 . 2008-03-14 23:44 <DIR> d-------- C:\Program Files\particleIllusion_3
2008-03-09 21:36 . 2008-03-09 21:36 <DIR> d-------- C:\Documents and Settings\HOME\WINDOWS
2008-03-08 11:18 . 2008-03-08 11:18 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-08 10:08 . 2008-02-26 16:00 40,046 --a------ C:\WINDOWS\Pagelet.ico
2008-03-08 10:04 . 2008-03-08 10:04 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Publish Providers
2008-03-08 10:03 . 2008-02-26 16:00 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-03-08 09:44 . 2008-03-08 09:44 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-08 09:44 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-08 09:44 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-03-08 09:43 . 2008-03-08 09:43 <DIR> d-------- C:\Program Files\Vstplugins
2008-03-08 09:43 . 2008-03-08 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-03-08 09:18 . 2008-03-08 09:19 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Sony Setup
2008-03-07 20:08 . 2008-03-07 20:09 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-07 20:08 . 2008-03-07 20:10 76,131 --a------ C:\WINDOWS\War3Unin.dat
2008-03-07 20:08 . 2008-03-07 20:09 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-07 20:07 . 2008-03-07 20:12 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-05 22:13 . 2008-03-05 22:13 <DIR> d-------- C:\Program Files\e-Campaign 6
2008-03-05 22:13 . 2008-03-05 22:36 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\e-Campaign
2008-03-05 11:03 . 2008-03-05 11:03 <DIR> d-------- C:\Program Files\mnoGoSearch
2008-03-03 12:37 . 2008-03-06 18:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-03 12:36 . 2008-03-03 12:37 <DIR> d-------- C:\Program Files\Amara - Menu Builder
2008-03-02 11:01 . 2008-03-02 11:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-02 02:28 . 2008-03-02 02:28 <DIR> d-------- C:\Program Files\uTorrent
2008-03-01 23:59 . 2008-03-01 23:59 65 --a------ C:\WINDOWS\GeneralEffect.INI
2008-03-01 19:49 . 2008-03-01 19:49 <DIR> d-------- C:\Documents and Settings\HOME\.borland
2008-03-01 19:46 . 2008-03-01 19:48 <DIR> d-------- C:\WINDOWS\vf_hip
2008-03-01 19:46 . 2008-03-01 19:48 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-03-01 19:46 . 2008-03-01 19:46 32 --a------ C:\WINDOWS\go
2008-03-01 19:11 . 2008-03-03 07:18 <DIR> d-------- C:\BASKETABALL
2008-02-29 19:00 . 2008-02-29 19:00 617 --a------ C:\WINDOWS\eReg.dat
2008-02-29 18:58 . 2008-02-29 18:59 3,608,296 --a------ C:\distorzija_krive.cdr
2008-02-29 18:53 . 2008-02-29 18:53 <DIR> d-------- C:\Program Files\EA Games
2008-02-28 23:19 . 2008-03-11 19:29 <DIR> d-------- C:\www
2008-02-28 17:22 . 2008-02-28 17:22 1,585,469 --a------ C:\GoogleTalk.zip
2008-02-27 17:07 . 2008-02-27 17:07 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Corel
2008-02-27 14:36 . 2008-02-27 14:36 <DIR> d-------- C:\Program Files\Macromedia
2008-02-27 14:36 . 2008-02-27 14:37 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-02-24 23:31 . 2008-03-23 17:37 53 --a------ C:\biosinfo
2008-02-24 18:02 . 2008-02-24 18:02 <DIR> d-------- C:\Program Files\Java
2008-02-24 18:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 17:58 . 2008-02-24 17:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 16:32 . 2008-02-24 17:00 <DIR> d-------- C:\OKK VLASOTINCE DVD MY
2008-02-24 00:45 . 2008-02-24 00:45 111 --a------ C:\WINDOWS\ChssBase.ini
2008-02-24 00:40 . 2008-02-24 00:40 <DIR> d-------- C:\Program Files\ChessBase
2008-02-24 00:40 . 2008-02-24 00:51 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\ChessBase
2008-02-23 23:48 . 2008-02-23 23:48 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-02-23 23:45 . 2008-02-23 23:45 <DIR> d-------- C:\Documents and Settings\HOME\Builds
2008-02-23 23:39 . 2008-02-23 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-23 23:38 . 2008-02-23 23:43 <DIR> d-------- C:\Program Files\Outspark
2008-02-23 19:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-02-23 19:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-02-23 19:54 . 2008-03-21 19:39 <DIR> d-------- C:\Program Files\Cheat Engine
2008-02-23 19:31 . 2007-12-30 16:09 321,536 --a------ C:\WINDOWS\system32\SDL.dll
2008-02-23 19:27 . 2008-02-23 19:27 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Dev-Cpp
2008-02-23 19:26 . 2008-02-23 21:49 <DIR> d-------- C:\Dev-Cpp
2008-02-23 19:01 . 2008-02-23 19:04 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-23 19:01 . 2008-02-23 19:05 <DIR> d-------- C:\Program Files\Borland
2008-02-23 14:52 . 2008-02-23 14:52 <DIR> d-------- C:\OKK VLASOTINCE DVD - komentar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 16:36 32,342,048 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-23 16:35 458,192 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-23 16:35 111,212 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-23 16:35 1,063,968 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-23 11:35 --------- d-----w C:\Program Files\Knight Online
2008-03-23 08:38 --------- d-----w C:\Documents and Settings\HOME\Application Data\uTorrent
2008-03-22 21:36 43,920 ----a-w C:\WINDOWS\AVI32HLM.DLL
2008-03-19 11:51 --------- d-----w C:\Program Files\Google
2008-03-08 09:08 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-03-08 09:03 --------- d-----w C:\Program Files\SourceTec
2008-03-08 09:03 --------- d-----w C:\Documents and Settings\HOME\Application Data\Sony
2008-03-08 08:43 --------- d-----w C:\Program Files\Sony
2008-03-08 08:18 --------- d-----w C:\Program Files\Sony Setup
2008-03-04 22:14 --------- d-----w C:\Documents and Settings\HOME\Application Data\InternetCalls
2008-02-29 18:43 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-29 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 13:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-22 21:46 --------- d-----w C:\Program Files\DVD Shrink
2008-02-22 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-20 12:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 12:36 --------- d-----w C:\Program Files\Nero
2008-02-20 12:36 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-20 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-19 22:26 --------- d-----w C:\Documents and Settings\HOME\Application Data\AdobeUM
2008-02-19 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-02-17 21:25 --------- d-----w C:\Program Files\Mv2Player
2008-02-17 16:53 --------- d-----w C:\Program Files\Common Files\PAC7302
2008-02-17 16:52 --------- d-----w C:\Program Files\KYE
2008-02-17 15:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-17 11:43 --------- d-----w C:\Documents and Settings\HOME\Application Data\Xara
2008-02-17 11:29 --------- d-----w C:\Documents and Settings\HOME\Application Data\Nero
2008-02-17 00:53 --------- d-----w C:\Program Files\InternetCalls.com
2008-02-16 19:46 --------- d-----w C:\Documents and Settings\HOME\Application Data\Winamp
2008-02-16 19:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 19:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-16 19:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-16 19:19 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 17:54 --------- d-----w C:\Documents and Settings\HOME\Application Data\DivX
2008-02-16 10:12 --------- d-----w C:\Documents and Settings\HOME\Application Data\Talkback
2008-02-16 00:27 --------- d-----w C:\Program Files\Real
2008-02-16 00:27 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-16 00:27 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 00:12 --------- d-----w C:\Program Files\DivX
2008-02-16 00:08 --------- d-----w C:\Documents and Settings\HOME\Application Data\Ahead
2008-02-15 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-15 23:40 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
2008-02-15 23:40 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-02-15 23:37 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-15 23:36 109,568 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-15 23:36 108,544 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-15 23:34 --------- d-----w C:\Program Files\Corel
2008-02-15 23:33 --------- d-----w C:\Program Files\RadLight Company
2008-02-15 23:33 --------- d-----w C:\Documents and Settings\HOME\Application Data\RadLight Company
2008-02-15 23:31 --------- d-----w C:\Program Files\Xvid
2008-02-15 23:27 --------- d-----w C:\Program Files\URUSoft
2008-02-15 23:10 --------- d-----w C:\Program Files\AC3Filter
2008-02-15 23:09 286,720 ----a-w C:\WINDOWS\iun507.exe
2008-02-15 23:09 --------- d-----w C:\Program Files\Fraunhofer MP3 Codec Pro
2008-02-15 22:53 29,280 ----a-w C:\WINDOWS\MSWHLP16.DLL
2008-02-15 22:09 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-15 22:04 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-15 20:51 91,700 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-02-15 20:51 85,860 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-02-15 20:35 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-15 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-15 20:09 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-15 20:09 --------- d-----w C:\Program Files\SAGEM
2008-02-15 20:09 --------- d-----w C:\Documents and Settings\HOME\Application Data\InstallShield
2008-02-15 20:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 20:07 --------- d-----w C:\Program Files\QuickTime
2008-02-15 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-15 20:06 --------- d-----w C:\Program Files\Winamp
2008-02-15 20:06 --------- d-----w C:\Program Files\Opera
2008-02-15 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-02-15 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 18:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A598A07-F2E4-463C-952B-B6C3FE042304}]
C:\WINDOWS\system32\mljgh.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB0578AE-853A-41BE-B81E-069EECA9FDB8}]
C:\WINDOWS\system32\vtutt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D1C0C0-500D-42F8-890F-868282C24CA5}]
C:\WINDOWS\system32\ddayx.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-18 16:24 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"P17Helper"="P17.dll" [2005-04-12 09:53 64512 C:\WINDOWS\system32\P17.dll]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 01:27 185784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows live Messenger"="msn.com" [2008-03-21 20:14 442446 C:\WINDOWS\msn.com]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-15 21:09:22 1205840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbbca]
ddcbbca.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstt]
wvuvstt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HOME\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-06-28 12:51 218376 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\wincmd\\TOTALCMD.EXE"=
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\HOME\\Desktop\\uTorrent.exe"=
"C:\\Program Files\\e-Campaign 6\\eCampaign.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe [2001-11-28 14:50]
R2 MnoGoService;MnoGoService;C:\Program Files\mnoGoSearch\MnoGoService.exe [2007-04-12 09:28]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe [2001-11-28 14:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0817097c-dbf6-11dc-9353-806d6172696f}]
\Shell\AutoRun\command - N:\Setup.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 17:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-23 17:36:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\Rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-23 17:41:28 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 16:41:24

Dopuna: 23 Mar 2008 17:56

Uspeo sam da promenim password.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ti si očito pokrenuo ono sa linka.. Ukloniću to iz gornje poruke da se neko ne "upeca". Fajl msn.com ti je i dalje na kompu ali je sa super hidden atibutom pa ga ne vidiš iz win explorer-a. Nemaš brige ni potrebe da ga tražiš obrisaćemo ga samo da ti napišem skriptu. Ono što me je zanimalo u vezi njega izvukao sam sa linka/poruke koji si postavio..

Čitamo se dalje za max pola sata..

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Ok. Hvala puno.

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\spxejkbd.ini
C:\WINDOWS\msn.com
C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\drivers\klick.dat

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2A598A07-F2E4-463C-952B-B6C3FE042304}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AB0578AE-853A-41BE-B81E-069EECA9FDB8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C5D1C0C0-500D-42F8-890F-868282C24CA5}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ddcbbca]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvstt]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0817097c-dbf6-11dc-9353-806d6172696f}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
-----------------

Uradi ovo što ti je napisano pa testiraj kao se komp ponaša, da li i dalje imaš neke simptome koje bi asocirali na početni problem. Uporediću logove kasnije večeras pa ću ti reći treba li eventualno još šta da se uradi.

offline
  • Pridružio: 23 Mar 2008
  • Poruke: 68

Izvinjavam se sto kasnim. Evo loga:

ComboFix 08-03-22.3 - HOME 2008-03-23 20:15:03.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1582 [GMT 1:00]
Running from: C:\Documents and Settings\HOME\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\HOME\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\msn.com
C:\WINDOWS\system32\drivers\klick.dat
C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\spxejkbd.ini
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\msn.com
C:\WINDOWS\system32\drivers\klick.dat
C:\WINDOWS\system32\drivers\klin.dat
C:\WINDOWS\system32\spxejkbd.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-23 to 2008-03-23 )))))))))))))))))))))))))))))))
.

2008-03-23 15:58 . 2008-03-23 16:06 <DIR> d-------- C:\TPW
2008-03-23 15:58 . 1992-06-08 01:50 130,224 --a------ C:\WINDOWS\system\BWCC.DLL
2008-03-23 15:58 . 1992-06-08 01:50 26,960 --a------ C:\WINDOWS\WINHELP.HLP
2008-03-23 15:58 . 1992-06-08 01:50 9,279 --a------ C:\WINDOWS\system\TDDEBUG.386
2008-03-23 15:58 . 2008-03-23 15:58 137 --a------ C:\WINDOWS\TDW.INI
2008-03-23 15:58 . 2008-03-23 16:06 89 --a------ C:\WINDOWS\TPW.INI
2008-03-23 15:58 . 2008-03-23 15:58 41 --a------ C:\WINDOWS\WORKSHOP.INI
2008-03-23 15:36 . 2008-03-23 16:37 <DIR> d-------- C:\lazarus
2008-03-23 15:33 . 2008-03-23 15:33 <DIR> d-------- C:\FPC
2008-03-23 02:51 . 2008-03-23 02:51 <DIR> d-------- C:\Program Files\Willems Soft
2008-03-23 02:51 . 1999-03-23 10:12 299,520 --a------ C:\WINDOWS\uninst.exe
2008-03-23 01:07 . 2008-03-23 01:07 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\MSNInstaller
2008-03-22 21:51 . 2008-03-22 21:51 <DIR> d-------- C:\Program Files\proDAD
2008-03-22 21:47 . 2008-03-22 21:47 <DIR> d-------- C:\Program Files\Outerspace Software
2008-03-22 21:47 . 2008-03-22 21:47 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-19 12:39 . 2008-03-19 23:02 <DIR> d-------- C:\Program Files\The Logo Creator v5
2008-03-18 23:29 . 2008-03-22 20:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-18 23:29 . 2008-03-18 23:29 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-16 03:19 . 2008-03-16 03:19 <DIR> d-------- C:\Program Files\Hack the Universe Demo
2008-03-16 03:08 . 2008-03-16 03:08 <DIR> d-------- C:\john1701
2008-03-13 22:35 . 2008-03-13 22:35 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Uniblue
2008-03-13 22:27 . 2008-03-13 22:27 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-03-13 22:27 . 2006-09-06 17:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-13 22:26 . 2008-03-13 22:26 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-13 11:28 . 2008-03-13 11:28 19,099,116 --a------ C:\za acu.zip
2008-03-13 11:24 . 2008-03-13 18:32 <DIR> d-------- C:\za acu
2008-03-13 11:24 . 2008-03-13 11:24 <DIR> d-------- C:\New Folder
2008-03-12 21:29 . 2008-03-12 21:29 <DIR> d-------- C:\SAMSUNG G810
2008-03-12 21:27 . 2008-03-12 21:29 <DIR> d-------- C:\maki
2008-03-12 18:54 . 2008-03-12 18:54 131 --a------ C:\WINDOWS\chess.ini
2008-03-11 19:29 . 2008-03-17 09:09 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-11 10:56 . 2008-03-11 10:56 4,508,206 --a------ C:\uspesno stojiljkovic.wav
2008-03-09 21:45 . 2008-03-09 21:45 116 -r-hs---- C:\PCGWIN32.LI3
2008-03-09 21:36 . 2008-03-14 23:44 <DIR> d-------- C:\Program Files\particleIllusion_3
2008-03-09 21:36 . 2008-03-09 21:36 <DIR> d-------- C:\Documents and Settings\HOME\WINDOWS
2008-03-08 11:18 . 2008-03-08 11:18 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-03-08 10:08 . 2008-02-26 16:00 40,046 --a------ C:\WINDOWS\Pagelet.ico
2008-03-08 10:04 . 2008-03-08 10:04 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Publish Providers
2008-03-08 10:03 . 2008-02-26 16:00 140,288 --a------ C:\WINDOWS\system32\COMDLG32.OCX
2008-03-08 09:44 . 2008-03-08 09:44 <DIR> d-------- C:\Program Files\Microsoft SQL Server
2008-03-08 09:44 . 2002-12-17 16:23 33,340 --a------ C:\WINDOWS\system32\dbmsqlgc.dll
2008-03-08 09:44 . 2002-10-20 14:05 24,576 --a------ C:\WINDOWS\system32\dbmsgnet.dll
2008-03-08 09:43 . 2008-03-08 09:43 <DIR> d-------- C:\Program Files\Vstplugins
2008-03-08 09:43 . 2008-03-08 09:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sony
2008-03-08 09:18 . 2008-03-08 09:19 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Sony Setup
2008-03-07 20:08 . 2008-03-07 20:09 139,264 --a------ C:\WINDOWS\War3Unin.exe
2008-03-07 20:08 . 2008-03-07 20:10 76,131 --a------ C:\WINDOWS\War3Unin.dat
2008-03-07 20:08 . 2008-03-07 20:09 2,829 --a------ C:\WINDOWS\War3Unin.pif
2008-03-07 20:07 . 2008-03-07 20:12 <DIR> d-------- C:\Program Files\Warcraft III
2008-03-05 22:13 . 2008-03-05 22:13 <DIR> d-------- C:\Program Files\e-Campaign 6
2008-03-05 22:13 . 2008-03-05 22:36 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\e-Campaign
2008-03-05 11:03 . 2008-03-05 11:03 <DIR> d-------- C:\Program Files\mnoGoSearch
2008-03-03 12:37 . 2008-03-06 18:01 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-03 12:36 . 2008-03-03 12:37 <DIR> d-------- C:\Program Files\Amara - Menu Builder
2008-03-02 11:01 . 2008-03-02 11:01 <DIR> d-------- C:\Program Files\Electronic Arts
2008-03-02 02:28 . 2008-03-02 02:28 <DIR> d-------- C:\Program Files\uTorrent
2008-03-01 23:59 . 2008-03-01 23:59 65 --a------ C:\WINDOWS\GeneralEffect.INI
2008-03-01 19:49 . 2008-03-01 19:49 <DIR> d-------- C:\Documents and Settings\HOME\.borland
2008-03-01 19:46 . 2008-03-01 19:48 <DIR> d-------- C:\WINDOWS\vf_hip
2008-03-01 19:46 . 2008-03-01 19:48 <DIR> d-------- C:\Program Files\Hide IP Platinum
2008-03-01 19:46 . 2008-03-01 19:46 32 --a------ C:\WINDOWS\go
2008-03-01 19:11 . 2008-03-03 07:18 <DIR> d-------- C:\BASKETABALL
2008-02-29 19:00 . 2008-02-29 19:00 617 --a------ C:\WINDOWS\eReg.dat
2008-02-29 18:58 . 2008-02-29 18:59 3,608,296 --a------ C:\distorzija_krive.cdr
2008-02-29 18:53 . 2008-02-29 18:53 <DIR> d-------- C:\Program Files\EA Games
2008-02-28 23:19 . 2008-03-11 19:29 <DIR> d-------- C:\www
2008-02-28 17:22 . 2008-02-28 17:22 1,585,469 --a------ C:\GoogleTalk.zip
2008-02-27 17:07 . 2008-02-27 17:07 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Corel
2008-02-27 14:36 . 2008-02-27 14:36 <DIR> d-------- C:\Program Files\Macromedia
2008-02-27 14:36 . 2008-02-27 14:37 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-02-24 23:31 . 2008-03-23 17:37 53 --a------ C:\biosinfo
2008-02-24 18:02 . 2008-02-24 18:02 <DIR> d-------- C:\Program Files\Java
2008-02-24 18:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-24 17:58 . 2008-02-24 17:58 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-24 16:32 . 2008-02-24 17:00 <DIR> d-------- C:\OKK VLASOTINCE DVD MY
2008-02-24 00:45 . 2008-02-24 00:45 111 --a------ C:\WINDOWS\ChssBase.ini
2008-02-24 00:40 . 2008-02-24 00:40 <DIR> d-------- C:\Program Files\ChessBase
2008-02-24 00:40 . 2008-02-24 00:51 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\ChessBase
2008-02-23 23:48 . 2008-02-23 23:48 <DIR> d-------- C:\Program Files\Common Files\DirectX
2008-02-23 23:45 . 2008-02-23 23:45 <DIR> d-------- C:\Documents and Settings\HOME\Builds
2008-02-23 23:39 . 2008-02-23 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Outspark
2008-02-23 23:38 . 2008-02-23 23:43 <DIR> d-------- C:\Program Files\Outspark
2008-02-23 19:55 . 2007-12-26 17:30 1,970,176 --a------ C:\WINDOWS\system32\d3dx9.dll
2008-02-23 19:55 . 2007-12-26 17:30 679,936 --a------ C:\WINDOWS\system32\D3DX81ab.dll
2008-02-23 19:54 . 2008-03-21 19:39 <DIR> d-------- C:\Program Files\Cheat Engine
2008-02-23 19:31 . 2007-12-30 16:09 321,536 --a------ C:\WINDOWS\system32\SDL.dll
2008-02-23 19:27 . 2008-02-23 19:27 <DIR> d-------- C:\Documents and Settings\HOME\Application Data\Dev-Cpp
2008-02-23 19:26 . 2008-02-23 21:49 <DIR> d-------- C:\Dev-Cpp
2008-02-23 19:01 . 2008-02-23 19:04 <DIR> d-------- C:\Program Files\Common Files\Borland Shared
2008-02-23 19:01 . 2008-02-23 19:05 <DIR> d-------- C:\Program Files\Borland
2008-02-23 14:52 . 2008-02-23 14:52 <DIR> d-------- C:\OKK VLASOTINCE DVD - komentar

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 19:17 32,480,032 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-03-23 19:17 1,068,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-03-23 19:16 460,064 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-03-23 19:16 111,620 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-03-23 19:10 --------- d-----w C:\Program Files\Knight Online
2008-03-23 16:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-03-23 08:38 --------- d-----w C:\Documents and Settings\HOME\Application Data\uTorrent
2008-03-22 21:36 43,920 ----a-w C:\WINDOWS\AVI32HLM.DLL
2008-03-19 11:51 --------- d-----w C:\Program Files\Google
2008-03-08 09:08 --------- d-----w C:\Program Files\Common Files\SourceTec
2008-03-08 09:03 --------- d-----w C:\Program Files\SourceTec
2008-03-08 09:03 --------- d-----w C:\Documents and Settings\HOME\Application Data\Sony
2008-03-08 08:43 --------- d-----w C:\Program Files\Sony
2008-03-08 08:18 --------- d-----w C:\Program Files\Sony Setup
2008-03-04 22:14 --------- d-----w C:\Documents and Settings\HOME\Application Data\InternetCalls
2008-02-29 18:43 12,464 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2008-02-29 18:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-27 13:00 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-22 21:46 --------- d-----w C:\Program Files\DVD Shrink
2008-02-22 21:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-02-20 12:40 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-20 12:36 --------- d-----w C:\Program Files\Nero
2008-02-20 12:36 --------- d-----w C:\Program Files\Common Files\Nero
2008-02-20 12:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-02-19 22:26 --------- d-----w C:\Documents and Settings\HOME\Application Data\AdobeUM
2008-02-19 14:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Minnetonka Audio Software
2008-02-17 21:25 --------- d-----w C:\Program Files\Mv2Player
2008-02-17 16:53 --------- d-----w C:\Program Files\Common Files\PAC7302
2008-02-17 16:52 --------- d-----w C:\Program Files\KYE
2008-02-17 15:49 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-17 11:43 --------- d-----w C:\Documents and Settings\HOME\Application Data\Xara
2008-02-17 11:29 --------- d-----w C:\Documents and Settings\HOME\Application Data\Nero
2008-02-17 00:53 --------- d-----w C:\Program Files\InternetCalls.com
2008-02-16 19:46 --------- d-----w C:\Documents and Settings\HOME\Application Data\Winamp
2008-02-16 19:20 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 19:20 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-02-16 19:20 --------- d-----w C:\Program Files\Common Files\L&H
2008-02-16 19:19 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 17:54 --------- d-----w C:\Documents and Settings\HOME\Application Data\DivX
2008-02-16 10:12 --------- d-----w C:\Documents and Settings\HOME\Application Data\Talkback
2008-02-16 00:27 --------- d-----w C:\Program Files\Real
2008-02-16 00:27 --------- d-----w C:\Program Files\Common Files\xing shared
2008-02-16 00:27 --------- d-----w C:\Program Files\Common Files\Real
2008-02-16 00:12 --------- d-----w C:\Program Files\DivX
2008-02-16 00:08 --------- d-----w C:\Documents and Settings\HOME\Application Data\Ahead
2008-02-15 23:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-15 23:40 82,432 ----a-w C:\WINDOWS\system32\msxml4r.dll
2008-02-15 23:40 1,233,920 ----a-w C:\WINDOWS\system32\msxml4.dll
2008-02-15 23:37 --------- d-----w C:\Program Files\Common Files\Corel
2008-02-15 23:36 109,568 ----a-w C:\WINDOWS\system32\pxinsi64.exe
2008-02-15 23:36 108,544 ----a-w C:\WINDOWS\system32\pxcpyi64.exe
2008-02-15 23:34 --------- d-----w C:\Program Files\Corel
2008-02-15 23:33 --------- d-----w C:\Program Files\RadLight Company
2008-02-15 23:33 --------- d-----w C:\Documents and Settings\HOME\Application Data\RadLight Company
2008-02-15 23:31 --------- d-----w C:\Program Files\Xvid
2008-02-15 23:27 --------- d-----w C:\Program Files\URUSoft
2008-02-15 23:10 --------- d-----w C:\Program Files\AC3Filter
2008-02-15 23:09 286,720 ----a-w C:\WINDOWS\iun507.exe
2008-02-15 23:09 --------- d-----w C:\Program Files\Fraunhofer MP3 Codec Pro
2008-02-15 22:53 29,280 ----a-w C:\WINDOWS\MSWHLP16.DLL
2008-02-15 22:09 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-02-15 22:04 --------- d-----w C:\Program Files\Alcohol Soft
2008-02-15 20:35 --------- d-----w C:\Program Files\Kaspersky Lab
2008-02-15 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-02-15 20:09 32 ----a-w C:\WINDOWS\system32\drivers\adidsl.cfg
2008-02-15 20:09 --------- d-----w C:\Program Files\SAGEM
2008-02-15 20:09 --------- d-----w C:\Documents and Settings\HOME\Application Data\InstallShield
2008-02-15 20:08 --------- d-----w C:\Program Files\MSN Messenger
2008-02-15 20:07 --------- d-----w C:\Program Files\QuickTime
2008-02-15 20:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-02-15 20:06 --------- d-----w C:\Program Files\Winamp
2008-02-15 20:06 --------- d-----w C:\Program Files\Opera
2008-02-15 20:06 --------- d-----w C:\Program Files\Apple Software Update
2008-02-15 20:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-02-15 18:18 --------- d-----w C:\Program Files\microsoft frontpage
2008-01-04 21:59 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-01-04 21:58 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 21:58 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-01-04 21:58 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 21:56 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-18 16:24 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 10:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 10:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"SW20"="C:\WINDOWS\system32\sw20.exe" [2006-05-18 02:15 208896]
"SW24"="C:\WINDOWS\system32\sw24.exe" [2006-05-17 03:37 69632]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 10:22 86016 C:\WINDOWS\system32\nvmctray.dll]
"P17Helper"="P17.dll" [2005-04-12 09:53 64512 C:\WINDOWS\system32\P17.dll]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-02-16 01:27 185784]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2007-06-28 12:51 218376]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [ ]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows live Messenger"="msn.com" []

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 20:16:50 113664]
DSLMON.lnk - C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-02-15 21:09:22 1205840]

[HKLM\~\startupfolder\C:^Documents and Settings^HOME^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\HOME\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
--a------ 2007-06-28 12:51 218376 C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
--a------ 2007-01-01 22:22 3739648 C:\Program Files\Google\Google Talk\googletalk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-06-29 06:24 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 16:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"C:\\wincmd\\TOTALCMD.EXE"=
"C:\\Program Files\\InternetCalls.com\\InternetCalls\\InternetCalls.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Documents and Settings\\HOME\\Desktop\\uTorrent.exe"=
"C:\\Program Files\\e-Campaign 6\\eCampaign.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 7.0\\avp.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R0 sojubus;sojubus;C:\WINDOWS\system32\DRIVERS\sojubus.sys [2003-10-05 10:41]
R0 sojuscsi;sojuscsi;C:\WINDOWS\system32\DRIVERS\sojuscsi.sys [2003-09-28 10:57]
R2 InterBaseGuardian;InterBase Guardian;C:\Program Files\Borland\InterBase\bin\ibguard.exe [2001-11-28 14:50]
R2 MnoGoService;MnoGoService;C:\Program Files\mnoGoSearch\MnoGoService.exe [2007-04-12 09:28]
R3 e4usbaw;USB ADSL2 WAN Adapter;C:\WINDOWS\system32\DRIVERS\e4usbaw.sys [2007-01-04 13:48]
R3 InterBaseServer;InterBase Server;C:\Program Files\Borland\InterBase\bin\ibserver.exe [2001-11-28 14:50]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2007-04-04 14:58]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);C:\WINDOWS\system32\Drivers\e4ldr.sys [2007-01-04 13:47]
S3 SetupNTGLM7X;SetupNTGLM7X;J:\NTGLM7X.sys []
S3 XDva098;XDva098;C:\WINDOWS\system32\XDva098.sys []
S3 XDva099;XDva099;C:\WINDOWS\system32\XDva099.sys []
S3 XDva104;XDva104;C:\WINDOWS\system32\XDva104.sys []
S3 XDva114;XDva114;C:\WINDOWS\system32\XDva114.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-03-17 17:54:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-23 20:18:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-03-23 20:22:44 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-23 19:22:40
ComboFix2.txt 2008-03-23 16:41:29

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Ko je trenutno na forumu
 

Ukupno su 939 korisnika na forumu :: 34 registrovanih, 4 sakrivenih i 901 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., ajo baba, Aleksandar Tomić, amaterSRB, babaroga, bozomotika, cenejac111, darkangel, DragoslavS, dzoni19, Hexe, Ivica1102, jackreacher011011, janbo, Kaplar2, krokodokodil, Kubovac, kybonacci, ladro, laki_bb, loon123, mercedesamg, milutin134, Nemanja.M, Neutral-M, ozzy, powSrb, royst33, stegonosa, Tila Painen, Tvrtko I, vathra, zbazin, Žoržo