offline
- Pridružio: 17 Jul 2008
- Poruke: 41
- Gde živiš: Pirot/Nis
|
ComboFix 08-07-26.1 - My PC 2008-07-27 0:24:36.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.649 [GMT 2:00]
Running from: C:\Documents and Settings\My PC\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kdgxz.exe
C:\WINDOWS\system32\MSINET.oca
.
((((((((((((((((((((((((( Files Created from 2008-06-26 to 2008-07-26 )))))))))))))))))))))))))))))))
.
2008-07-26 12:04 . 2008-07-26 12:04 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-25 13:34 . 2008-07-26 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-24 00:53 . 2008-07-24 21:27 8,192 --ahs---- C:\WINDOWS\Thumbs.db
2008-07-23 12:29 . 2008-07-23 12:29 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-23 12:29 . 2008-07-23 12:37 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-23 00:00 . 2008-07-23 00:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-22 23:36 . 2008-07-22 23:47 <DIR> d-------- C:\unzipped
2008-07-20 01:28 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2008-07-20 01:27 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2008-07-20 01:27 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2008-07-18 17:58 . 2008-07-18 17:58 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Uniblue
2008-07-18 10:36 . 2008-07-18 10:36 <DIR> d-------- C:\Program Files\AGEIA Technologies
2008-07-17 18:14 . 2008-07-17 19:25 <DIR> d-------- C:\Program Files\Safari
2008-07-17 18:14 . 2008-07-17 18:14 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Apple Computer
2008-07-17 15:26 . 2008-07-17 15:28 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\RegistryBot
2008-07-10 11:35 . 2008-07-10 11:35 2,401,296 --a------ C:\Program Files\WLinstaller.exe
2008-07-02 18:05 . 2008-07-02 18:05 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Command & Conquer 3 Tiberium Wars
2008-07-02 17:52 . 2008-07-02 17:52 <DIR> d-------- C:\Program Files\DAEMON Tools
2008-07-02 17:51 . 2008-07-02 17:51 639,224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-02 17:37 . 2008-07-02 17:37 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-07-02 16:41 . 2008-07-02 16:41 <DIR> d-------- C:\Program Files\CONEXANT
2008-07-02 16:41 . 2006-11-08 10:00 989,696 -ra------ C:\WINDOWS\system32\drivers\HSF_DPV.sys
2008-07-02 16:41 . 2006-11-08 09:59 730,112 -ra------ C:\WINDOWS\system32\drivers\HSF_CNXT.sys
2008-07-02 16:41 . 2006-11-08 09:59 257,408 -ra------ C:\WINDOWS\system32\drivers\HSFHWBS2.sys
2008-07-02 16:41 . 2006-11-08 12:10 144,201 -ra------ C:\WINDOWS\system32\drivers\HSFProf.cty
2008-07-02 16:41 . 2006-06-19 07:26 94,208 -ra------ C:\WINDOWS\system32\mdmxsdk.dll
2008-07-02 16:41 . 2006-06-19 07:26 12,672 -ra------ C:\WINDOWS\system32\drivers\mdmxsdk.sys
2008-07-02 16:40 . 2007-03-06 06:27 921,984 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2008-07-02 16:40 . 2007-02-01 11:44 356,352 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-07-02 16:40 . 2007-03-06 06:26 261,632 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2008-07-02 16:40 . 2007-03-06 06:25 196,096 -ra------ C:\WINDOWS\system32\fdco1.dll
2008-07-02 16:40 . 2007-03-06 06:27 110,592 -ra------ C:\WINDOWS\system32\drivers\nvtcp.sys
2008-07-02 16:40 . 2007-03-06 06:27 58,752 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2008-07-02 16:40 . 2007-02-01 11:44 36,352 -ra------ C:\WINDOWS\system32\nvconrm.dll
2008-07-02 16:40 . 2007-03-06 06:27 19,968 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2008-07-02 16:40 . 2007-03-06 06:25 9,216 -ra------ C:\WINDOWS\system32\bdco1.dll
2008-07-02 16:40 . 2006-11-30 10:37 3,903 -ra------ C:\WINDOWS\system32\nvnrm.nvu
2008-06-30 11:07 . 2008-06-30 11:07 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp
2008-06-26 11:44 . 2008-06-26 11:44 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\Leadertech
2008-06-26 11:37 . 2008-06-26 11:37 <DIR> d-------- C:\Documents and Settings\My PC\Application Data\AdobeUM
2008-06-26 11:29 . 2008-06-26 11:29 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-06-26 11:29 . 2008-06-26 11:29 <DIR> d-------- C:\Program Files\Common Files\Nokia
2008-06-26 11:29 . 2006-05-29 08:26 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-06-26 11:29 . 2006-05-29 08:26 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-06-26 11:29 . 2006-05-29 08:26 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-06-26 11:29 . 2006-05-29 08:26 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-06-26 11:29 . 2006-05-29 08:26 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-25 11:34 --------- d-----w C:\Program Files\Google
2008-07-24 15:55 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 19:51 --------- d-----w C:\Program Files\Opera
2008-07-18 17:10 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-18 08:31 --------- d-----w C:\Program Files\Winamp
2008-07-17 15:51 --------- d-----w C:\Program Files\Eset
2008-06-29 23:11 --------- d-----w C:\Documents and Settings\My PC\Application Data\Winamp
2008-06-26 09:29 --------- d-----w C:\Program Files\Nokia
2008-06-26 09:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-06-26 08:56 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia Multimedia Player
2008-06-25 17:22 --------- d-----w C:\Program Files\My Downloads
2008-06-25 12:51 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-25 12:51 22,328 ----a-w C:\Documents and Settings\My PC\Application Data\PnkBstrK.sys
2008-06-25 09:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-06-25 08:59 --------- d-----w C:\Documents and Settings\My PC\Application Data\Datalayer
2008-06-25 08:39 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nokia
2008-06-23 06:51 --------- d-----w C:\Program Files\DIFX
2008-06-23 06:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-23 06:50 --------- d-----w C:\Documents and Settings\My PC\Application Data\PC Suite
2008-06-13 14:18 --------- d-----w C:\Program Files\Ubi Soft
2008-06-13 13:30 --------- d-----w C:\Program Files\Common Files\Bcgsoft
2008-06-13 13:24 --------- d-----w C:\Program Files\OpenAL
2008-06-13 13:05 271,360 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-06-13 13:05 18,048 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-06-13 13:04 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-13 12:56 48,928 ----a-w C:\WINDOWS\system32\drivers\Tetris.sys
2008-06-13 12:55 162,432 ----a-w C:\WINDOWS\system32\drivers\ithsgt.sys
2008-06-13 12:55 12,032 ----a-w C:\WINDOWS\system32\drivers\lilsgt.sys
2008-06-06 20:22 --------- d-----w C:\Documents and Settings\My PC\Application Data\Nero
2008-06-06 15:26 --------- d-----w C:\Program Files\audiograbber
2008-06-06 14:30 --------- d-----w C:\Documents and Settings\My PC\Application Data\Media Player Classic
2008-06-06 13:41 --------- d-----w C:\Documents and Settings\My PC\Application Data\CyberLink
2008-06-06 13:33 --------- d-----w C:\Documents and Settings\My PC\Application Data\ACD Systems
2008-06-06 12:10 502,368 ----a-w C:\WINDOWS\system32\drivers\amon.sys
2008-06-06 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-06-06 12:09 --------- d-----w C:\Program Files\CyberLink
2008-06-06 12:08 --------- d-----w C:\Program Files\Nero
2008-06-06 12:08 --------- d-----w C:\Program Files\lame-3.97
2008-06-06 12:08 --------- d-----w C:\Program Files\Common Files\Nero
2008-06-06 12:06 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-06-06 12:06 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-06-06 12:06 --------- d-----w C:\Program Files\ACD Systems
2008-06-06 12:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-06-06 12:05 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-06-06 11:58 --------- d-----w C:\Documents and Settings\My PC\Application Data\ATI
2008-06-06 11:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-06-06 11:54 --------- d-----w C:\Program Files\My Company Name
2008-06-06 11:53 --------- d-----w C:\Program Files\ATI Technologies
2008-06-06 11:51 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-06-06 11:45 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-06-06 11:40 --------- d-----w C:\Program Files\Realtek
2008-06-06 11:40 --------- d-----w C:\Program Files\Driver
2008-06-06 11:39 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-06-06 11:39 --------- d-----w C:\Documents and Settings\My PC\Application Data\InstallShield
2008-06-06 11:34 --------- d-----w C:\Program Files\Common Files\L&H
2008-06-06 11:33 --------- d-----w C:\Program Files\Microsoft.NET
2008-06-06 11:33 --------- d-----w C:\Program Files\Microsoft Works
2008-06-06 11:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-06-06 11:25 --------- d-----w C:\Program Files\microsoft frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-25 13:34 68856]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-04 01:06 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2006-09-14 10:34 921600]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"VIDC.ACDV"= ACDV.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:\WINDOWS\system32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 00:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2006-11-12 12:48 157592 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
--------- 2007-02-07 16:21 54832 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-08-04 01:06 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2006-06-15 12:36 229376 C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2006-06-27 16:21 1449984 C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--------- 2007-03-14 21:01 71216 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
-rahs---- 2008-01-28 11:43 2097488 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-03-27 08:35 36352 C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-10-16 18:30 16855552 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2007-10-11 11:04 1826816 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 08:23]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Program Files\CyberLink\PowerDVD\000.fcl [2006-11-02 16:51]
R2 ithsgt;ithsgt;C:\WINDOWS\system32\DRIVERS\ithsgt.sys [2008-06-13 14:55]
R2 lilsgt;lilsgt;C:\WINDOWS\system32\DRIVERS\lilsgt.sys [2008-06-13 14:55]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-06-13 14:56]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-C:\WINDOWS\system32\kdgxz.exe - C:\WINDOWS\system32\kdgxz.exe
HKLM-Run-runservices - C:\WINDOWS\services.exe
HKLM-Explorer_Run-this - C:\Program Files\Web Technologies\wcs.exe
MSConfigStartUp-BearShare - C:\Program Files\BearShare\BearShare.exe
MSConfigStartUp-kdgxz - C:\WINDOWS\system32\kdgxz.exe
MSConfigStartUp-runservices - C:\WINDOWS\services.exe
MSConfigStartUp-swg - C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe
MSConfigStartUp-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R0 -: HKLM-Main,Default_Search_URL = hxxp://www.google.com/ie
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
R0 -: HKCU-Search,SearchAssistant = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
R0 -: HKLM-Search,SearchAssistant = hxxp://www.google.com/ie
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-07-27 00:27:48
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Program Files\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2008-07-27 0:31:10 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-26 22:30:41
Pre-Run: 22,420,709,376 bytes free
Post-Run: 22,551,998,464 bytes free
251
Dopuna: 27 Jul 2008 0:40
i sta sad?
Dopuna: 27 Jul 2008 0:45
halo.,molim ,rambo ja te volim
CUJE LI ME NEKO....
DIAL-UP
|
) u donjem desnom uglu ekrana).
