Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:31:44, on 18.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Zoki\Desktop\Ambulanta\TR3.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=66010
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=66010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=66010
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = crawler.com/search/ie.aspx?tb_id=66010
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=66010
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: InlineSearchHandleHotKey - {B6FFE2AE-4D12-451F-B457-FE6125FFB1CF} - C:\Program Files\IEForge\Inline Search\InlineSearch.dll
O2 - BHO: QUICKfind BHO Object - {C08DF07A-3E49-4E25-9AB0-D3882835F153} - C:\PROGRA~1\TEXTware\QUICKfind\PlugIns\IEHelp.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ciko] C:\WINDOWS\system32\nydooryt.exe
O4 - HKLM\..\RunServices: [Speed Driver] sbthost.exe
O4 - HKLM\..\RunServices: [ciko] C:\WINDOWS\system32\nydooryt.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_02\bin\npjpi141_02.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {76326493-E84F-4D4B-939C-1E07B50037F2} (ProxyModule Class) - online.bancaintesabeograd.com/RetailDLL/SGCMSCCD.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\mzvkbd3.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\adialhk.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Internet Security 2009\kloehk.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Blue Coat K9 Web Protection (zaefnat7zy4jy) - Unknown owner - C:\WINDOWS\system32\quaryhoobou.exe (file missing)
End of file - 7301 bytes
U zadnje vreme imam problem sa računarom koji navodi na neki virus:
1. "Automatic updates " opcija mi je uvek isključena, a kad pokušam da je aktiviriram windows mi saopštava da to nije u mogućnosti. Kada probam sa "Microsoft Windows Update" putem interneta dobijam sledeću poruku "The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem. "
2. Drugarica se žali da joj preko "Windows Live Messenger-a" stižu virusi sa mog računara.
3. U procesima u Task manager-u se javljaju procesi čudnog imena.
Koristim WinXP professional SP3, ADSL Eunet 512/64 flat
Poslao sam fajl C:\WINDOWS\system32\rtclmg32.dll
zorane, cekamo jos uvek na analizu onog fajla koji si poslao. Ja nisam uspeo sam da dodjem do bilo kakvog zakljucka u vezi njega, pa sam morao da ga posaljem dalje nekim ljudima da ga pogledaju.
Otvori Notepad i unesi sledeci tekst:
attrib -S -H C:\WINDOWS\system32\sbthost.exe
Fajl snimi negde kao Look.bat
Startuj taj programcic duplim klikom. Samo ce na trenutak da se pojavi prozor programa, i odmah ce nestati.
Sada bi sledeci fajl trebao da bude vidljiv u exploreru:
Uploaduj ga na proveru preko sledece forme:
Sto se tice onog fajla na ciju analizu cekamo, dobio sam informaciju da je kriptovan i da nije pravi DLL. Jos uvek cekam na info kojem programu pripada. Tip mi kaze da mozda pripada Zone Alarmu, ali ti nemas instaliran Zone Alarm, tako da to otpada.
ComboFix 08-10-18.03 - Zoki 2008-10-19 18:20:17.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2580 [GMT 2:00]
Running from: C:\Documents and Settings\Zoki\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Zoki\Desktop\CFScript.txt
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
((((((((((((((((((((((((( Files Created from 2008-09-19 to 2008-10-19 )))))))))))))))))))))))))))))))
2008-10-19 17:06 . 2008-10-19 17:25 13,030 --a------ C:\PDOXUSRS.NET
2008-10-17 19:08 . 2008-10-19 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-10-17 19:08 . 2008-10-17 19:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-10-16 19:05 . 2008-10-16 19:25 96,976 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-10-16 19:05 . 2008-10-16 19:05 87,855 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-10-16 19:04 . 2008-10-16 19:04 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-10-16 19:04 . 2008-10-19 17:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-10-16 19:04 . 2008-10-18 22:03 6,583,840 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-10-16 19:04 . 2008-10-19 17:07 466,976 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-10-16 19:04 . 2008-10-18 22:03 55,660 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-10-16 19:04 . 2008-10-19 17:07 5,820 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-10-13 20:35 . 2008-10-17 19:10 9,221 --a------ C:\WINDOWS\system32\QuickTimeFavorites.qtr
2008-10-13 20:34 . 2008-10-13 20:35 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-10-13 20:34 . 2004-03-22 07:52 12,276,904 --a------ C:\temp\QuickTimeInstaller.exe
2008-10-13 20:34 . 2008-10-17 19:11 10,308 --a------ C:\WINDOWS\system32\QuickTime.qtp
2008-10-13 20:31 . 2008-10-13 20:32 <DIR> d-------- C:\temp\QT6
2008-10-13 20:15 . 2008-10-13 20:15 <DIR> d-------- C:\Program Files\TEXTware
2008-10-13 20:15 . 2003-09-24 20:24 327,680 --a------ C:\WINDOWS\system32\QFClient2.dll
2008-10-13 20:10 . 2008-10-13 20:10 <DIR> d-------- C:\Program Files\Longman
2008-10-11 15:37 . 2008-10-11 15:37 <DIR> d--h----- C:\WINDOWS\PIF
2008-10-07 18:05 . 2008-10-07 18:05 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\Ahead
2008-10-07 17:46 . 2008-10-07 17:46 <DIR> d-------- C:\Program Files\Valve
2008-10-07 17:45 . 2008-10-16 19:16 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-07 13:39 . 2008-10-07 13:39 <DIR> d-------- C:\Program Files\MSN Messenger
2008-10-04 21:29 . 2002-04-01 17:53 102,400 --a------ C:\WINDOWS\system32\TrackerNET.dll
2008-10-04 21:27 . 2001-07-31 10:55 217,088 --a------ C:\WINDOWS\system32\libmySQL.dll
2008-10-03 16:41 . 1996-11-08 02:48 368,912 --a------ C:\WINDOWS\system32\vbar332.dll
2008-10-03 16:41 . 2006-08-23 14:00 163,840 --a------ C:\WINDOWS\system32\egusound.ocx
2008-10-03 16:41 . 1999-03-13 00:00 127,488 --a------ C:\WINDOWS\system32\Ccrpsld.ocx
2008-09-29 22:19 . 2008-09-29 22:19 134 --a------ C:\WINDOWS\system32\CTSTATUS.FCS
2008-09-29 22:10 . 2008-10-03 17:09 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\F-Secure
2008-09-29 21:41 . 2008-10-16 19:02 <DIR> d-------- C:\Program Files\PC Protection Plus
2008-09-29 21:41 . 2008-09-29 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\fssg
2008-09-29 21:41 . 2008-10-16 19:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\F-Secure
2008-09-29 21:38 . 2008-09-25 16:08 86,169,440 --a------ C:\temp\PC-Protection-Plus-700-387.exe
2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a------ C:\WINDOWS\system32\drivers\MSIRCOMM.sys
2008-09-25 14:04 . 2008-04-14 00:24 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-09-24 15:47 . 2008-09-24 15:47 <DIR> d-------- C:\Program Files\Cambridge
2008-09-24 15:46 . 2008-09-24 15:46 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\cld3-lookup
2008-09-24 15:45 . 2008-09-24 15:45 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-09-24 15:45 . 2008-10-03 23:25 <DIR> d-------- C:\Documents and Settings\Zoki\Application Data\EssentialGrammarInUse
2008-09-20 10:41 . 2008-09-20 10:41 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-10-19 15:03 --------- d-----w C:\Documents and Settings\Zoki\Application Data\uTorrent
2008-10-18 14:11 495 ----a-w C:\Program Files\Professional
2008-10-18 14:11 --------- d-----w C:\Program Files\Professional §©®ÎŢt v.4 Black
2008-10-18 10:32 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-15 17:10 --------- d-----w C:\Documents and Settings\Zoki\Application Data\XnView
2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\skypePM
2008-10-14 06:42 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Skype
2008-10-13 18:35 --------- d-----w C:\Program Files\QuickTime
2008-10-13 18:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-10-10 18:54 --------- d-----w C:\Documents and Settings\Zoki\Application Data\dvdcss
2008-10-08 19:24 --------- d-----w C:\Program Files\Achilles-Script 5.0 Black
2008-10-07 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-29 12:29 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Wildfire
2008-09-28 06:39 --------- d-----w C:\Program Files\GIMPPortable
2008-09-26 12:07 --------- d-----w C:\Program Files\EA Sports
2008-09-23 19:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-09-22 17:41 --------- d-----w C:\Program Files\Common Files\Adobe
2008-09-20 07:46 2,828 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-09-20 07:45 88 --sh--r C:\Documents and Settings\All Users\Application Data\B7CBA65A96.sys
2008-09-17 18:25 --------- d-----w C:\Documents and Settings\Zoki\Application Data\FarStone
2008-09-17 18:12 --------- d-----w C:\Program Files\FarStone
2008-09-17 18:11 81,920 ----a-w C:\WINDOWS\system32\Dversion.dll
2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrvNTInterface.dll
2008-09-17 18:11 61,440 ----a-w C:\WINDOWS\system32\RDrv2KInterface.dll
2008-09-17 18:11 28,672 ----a-w C:\WINDOWS\system32\RDrv9xInterface.dll
2008-09-17 18:11 24,576 ----a-w C:\WINDOWS\system32\RDrvInterface.dll
2008-09-17 18:11 114,688 ----a-w C:\WINDOWS\system32\DVC.dll
2008-09-15 17:28 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Corel
2008-09-15 17:27 --------- d-----w C:\Program Files\Common Files\Protexis
2008-09-15 17:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-09-15 17:25 --------- d-----w C:\Program Files\Corel
2008-09-15 17:25 --------- d-----w C:\Program Files\Common Files\Corel
2008-09-15 09:43 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-09-15 09:43 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-09-14 07:53 --------- d-----w C:\Program Files\Common Files\DVDVideoSoft
2008-09-13 21:23 --------- d-----w C:\Program Files\Pristy Utils
2008-09-11 12:54 --------- d-----w C:\Program Files\Common Files\INCA Shared
2008-09-10 16:47 --------- d-----w C:\Program Files\Games-Masters.com
2008-09-06 10:21 --------- d-----w C:\Documents and Settings\Zoki\Application Data\U3
2008-09-06 05:53 --------- d-----w C:\Documents and Settings\Zoki\Application Data\Bret Taylor
2008-09-05 14:46 --------- d-----w C:\Program Files\Google
2008-09-02 18:56 --------- d-----w C:\Program Files\Sierra On-Line
2008-09-02 18:49 --------- d-----w C:\Program Files\cstrike
2008-09-02 18:44 --------- d-----w C:\Program Files\D-Tools
2008-09-01 08:47 --------- d-----w C:\Program Files\TeamViewer3
2008-09-01 08:47 --------- d-----w C:\Documents and Settings\Zoki\Application Data\TeamViewer
2008-08-26 16:23 --------- d-----w C:\Program Files\Mv2Player
2008-08-26 15:40 --------- d-----w C:\Program Files\The Simpsons Hit 'n' run
2008-08-25 17:21 --------- d-----w C:\Program Files\registracija.programa
2008-08-25 17:07 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-25 17:06 --------- d-----w C:\Program Files\InstallShield
2008-08-25 17:05 --------- d-----w C:\Program Files\InstallShield Express - Borland Limited Edition
2008-08-20 08:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\U3
2008-08-19 18:21 --------- d-----w C:\Program Files\NotesSQL
2008-08-19 18:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-19 18:20 --------- d-----w C:\Program Files\Crystal Decisions
2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Merge Modules
2008-08-19 18:20 --------- d-----w C:\Program Files\Common Files\Crystal Decisions
2008-08-19 14:35 --------- d-----w C:\Program Files\MSXML 4.0
2008-08-19 10:05 --------- d-----w C:\Program Files\NBA 2008
2008-08-03 15:06 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-01 10:21 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2008-07-31 19:51 14,290 ----a-w C:\Program Files\settings.dat
2008-07-31 17:20 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-07-29 18:21 218,376 ----a-w C:\WINDOWS\system32\klogon.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"openvpn-gui"="C:\Program Files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="C:\Program Files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-07-29 206088]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"NoResolveSearch"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"EnableFirewall"= 0 (0x0)
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security\\English\\setup.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 pnpshark;pnpshark;C:\WINDOWS\system32\DRIVERS\pnpshark.sys [2003-10-02 119552]
R0 st3shark;st3shark;C:\WINDOWS\system32\DRIVERS\st3shark.sys [2003-09-27 5504]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R3 FVDSCSI;FVDSCSI;C:\WINDOWS\system32\DRIVERS\fvdscsi.sys [2003-08-09 60008]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-04-30 24592]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2007-04-09 12039552]
R3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 dump_wmimmc;dump_wmimmc;C:\Program Files\Games-Masters.com\CABAL Online (Europe)\GameGuard\dump_wmimmc.sys [ ]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);C:\WINDOWS\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [ ]
S3 usnjsvc;Usluga Messenger Sharing Folders USN Journal Reader;C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
Contents of the 'Scheduled Tasks' folder
2008-10-19 C:\WINDOWS\Tasks\GoogleUpdateTaskUser.job
- C:\Documents and Settings\Zoki\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-04 16:46]
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-19 18:21:41
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
Completion time: 2008-10-19 18:22:12
ComboFix-quarantined-files.txt 2008-10-19 16:22:10
Pre-Run: bytes free
Post-Run: 171,017,646,080 bytes free
196 --- E O F --- 2008-09-10 16:40:07
Nisi mi odgovorio na pitanje da li jos ima vidljivih simptoma (posto je log sada cist)?