Imam virusa, spyware. Komp se ledi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-27.3 - Bojan 2008-04-01 11:03:17.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.449 [GMT 2:00]
Running from: C:\Documents and Settings\Bojan\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-03-01 to 2008-04-01 )))))))))))))))))))))))))))))))
.

2008-03-29 12:07 . 2008-03-29 12:07 <DIR> d-------- C:\VundoFix Backups
2008-03-29 12:04 . 2008-03-29 12:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 16:27 . 2008-03-28 16:27 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-28 07:56 . 2008-03-28 07:56 <DIR> d-------- C:\Program Files\180searchassistant
2008-03-28 07:56 . 2008-03-28 07:56 <DIR> d-------- C:\Program Files\180search assistant
2008-03-27 17:38 . 2008-03-27 17:38 <DIR> d-------- C:\Program Files\180solutions
2008-03-27 17:25 . 2008-03-29 13:19 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Web Page Maker V2
2008-03-27 17:24 . 2008-03-27 17:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-27 17:24 . 2008-03-27 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 17:23 . 2008-03-27 17:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 00:27 . 2008-03-27 00:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-27 00:26 . 2003-06-18 18:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-27 00:25 . 2008-03-27 00:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-27 00:25 . 2008-03-27 00:25 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-27 00:22 . 2008-03-27 00:22 <DIR> dr-h----- C:\MSOCache
2008-03-26 16:33 . 2008-03-26 16:33 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\IM-Names
2008-03-26 12:40 . 2008-03-26 12:40 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Grisoft
2008-03-26 12:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-26 12:34 . 2008-03-26 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-26 08:14 . 2008-03-26 08:14 <DIR> d-------- C:\Program Files\zango
2008-03-26 08:14 . 2008-03-26 08:14 <DIR> d-------- C:\Program Files\Sysmnt
2008-03-26 08:14 . 2008-03-26 08:14 <DIR> d-------- C:\Program Files\stc
2008-03-26 08:01 . 2008-03-26 08:01 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Syntrillium
2008-03-26 07:59 . 2008-03-26 07:59 90,537 --a------ C:\WINDOWS\system32\sbwltbxa.exe
2008-03-24 00:38 . 2008-03-24 00:38 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-24 00:38 . 2008-03-24 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-24 00:37 . 2008-03-24 00:40 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-24 00:29 . 2008-03-31 13:06 619 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-23 23:53 . 2008-04-01 09:23 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-23 23:51 . 2008-03-23 23:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-23 23:49 . 2008-04-01 10:30 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Ahead
2008-03-23 23:43 . 2008-03-23 23:43 <DIR> d-------- C:\Program Files\Nero
2008-03-23 23:43 . 2008-03-23 23:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-23 23:43 . 2008-03-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-22 18:17 . 2008-03-22 18:17 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-22 16:55 . 2008-03-22 18:17 <DIR> d-------- C:\Program Files\Macromedia
2008-03-22 16:55 . 2008-03-22 17:41 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-03-22 16:54 . 2008-03-22 18:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-22 16:52 . 2008-03-22 16:52 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Media Player Classic
2008-03-22 16:44 . 2008-03-22 16:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-22 13:18 . 2008-03-22 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-22 11:40 . 2007-12-07 04:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-22 11:40 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-22 11:40 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-22 11:40 . 2007-12-07 04:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-22 11:40 . 2007-12-07 04:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-22 11:40 . 2007-12-07 04:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-22 11:40 . 2007-12-07 04:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-22 11:40 . 2007-12-07 04:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-22 11:40 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-22 04:05 . 2004-09-01 10:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 19:05 . 2008-03-22 13:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-21 19:05 . 2006-09-06 18:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-21 15:40 . 2008-03-21 15:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-21 15:40 . 2008-04-01 08:00 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\AVG7
2008-03-21 15:40 . 2008-03-21 15:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-21 15:39 . 2008-03-26 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-21 15:39 . 2008-03-21 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-21 15:30 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-21 15:30 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-21 14:29 . 2008-03-21 14:29 <DIR> d-------- C:\Program Files\uTorrent
2008-03-21 14:29 . 2008-04-01 11:07 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\uTorrent
2008-03-21 14:04 . 2008-03-21 14:04 12,736 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-20 23:42 . 2008-03-20 23:42 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-20 23:14 . 2008-03-20 23:32 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\vlc
2008-03-20 21:22 . 2008-03-31 13:10 2,644 --a------ C:\WINDOWS\WINCMD.INI
2008-03-20 21:20 . 2008-03-20 21:22 <DIR> d-------- C:\Program Files\TotalCmd
2008-03-20 21:20 . 2008-03-31 20:24 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\skypePM
2008-03-20 21:20 . 2008-03-20 21:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-20 21:19 . 2008-03-31 22:30 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Skype
2008-03-20 21:18 . 2008-03-20 21:19 <DIR> d-------- C:\Program Files\Skype
2008-03-20 21:18 . 2008-03-20 21:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-20 21:18 . 2008-03-20 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-20 21:13 . 2008-03-20 21:13 <DIR> d-------- C:\Program Files\Notepad++
2008-03-20 21:13 . 2008-03-20 23:41 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-20 21:13 . 2008-03-21 14:04 <DIR> d-------- C:\Program Files\mIRC
2008-03-20 21:13 . 2008-03-24 01:05 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Notepad++
2008-03-20 21:13 . 2008-03-21 14:07 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\mIRC
2008-03-20 20:59 . 2008-03-20 20:59 304 --ah----- C:\sqmdata03.sqm
2008-03-20 20:59 . 2008-03-20 20:59 244 --ah----- C:\sqmnoopt03.sqm
2008-03-20 20:57 . 2008-03-20 20:57 268 --ah----- C:\sqmdata02.sqm
2008-03-20 20:57 . 2008-03-20 20:57 244 --ah----- C:\sqmnoopt02.sqm
2008-03-20 20:29 . 2008-03-20 20:29 268 --ah----- C:\sqmdata01.sqm
2008-03-20 20:29 . 2008-03-20 20:29 244 --ah----- C:\sqmnoopt01.sqm
2008-03-20 19:46 . 2008-03-20 19:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-20 19:46 . 2008-03-20 19:46 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-20 19:46 . 2008-03-26 22:44 <DIR> d-------- C:\Documents and Settings\Bojan\Contacts
2008-03-20 19:46 . 2008-03-20 19:46 268 --ah----- C:\sqmdata00.sqm
2008-03-20 19:46 . 2008-03-20 19:46 244 --ah----- C:\sqmnoopt00.sqm
2008-03-20 19:01 . 2008-03-20 19:01 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 19:01 . 2003-06-27 15:11 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2008-03-20 19:01 . 2000-05-18 15:43 108,978 --a------ C:\WINDOWS\TTTest.wav
2008-03-20 17:46 . 2008-03-20 17:46 16 --a------ C:\WINDOWS\wininit.ini
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 17:09 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-20 17:09 . 2006-06-14 10:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-03-20 17:07 . 2000-10-20 19:28 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-03-20 17:06 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-03-20 17:05 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 14:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-20 14:31 --------- d-----w C:\Program Files\Opera
2008-03-20 14:31 --------- d-----w C:\Program Files\Foxit Software
2008-03-20 14:31 --------- d-----w C:\Program Files\Ares
2008-03-20 14:30 --------- d-----w C:\Program Files\Winamp
2008-03-20 14:30 --------- d-----w C:\Program Files\VideoLAN
2008-03-20 14:30 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Winamp
2008-03-20 14:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-20 14:27 --------- d-----w C:\Program Files\Java
2008-03-20 14:27 --------- d-----w C:\Program Files\Common Files\Java
2008-03-20 14:19 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-03-29_11.57.50.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-22 02:17:14 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 09:09:03 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-22 02:17:14 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 09:09:03 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 23:54 961536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 10:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-21 15:39 411648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-21 15:39 145920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-01 11:08:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-04-01 11:12:55 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-01 09:12:50
ComboFix2.txt 2008-03-29 10:58:20
Pre-Run: 10,627,829,760 bytes free
Post-Run: 10,614,153,216 bytes free
.
2008-03-27 15:48:32 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\sbwltbxa.exe
Folder::
C:\Program Files\180searchassistant
C:\Program Files\180search assistant
C:\Program Files\180solutions
C:\Program Files\zango
C:\Program Files\stc
C:\Program Files\Sysmnt



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-03-27.3 - Bojan 2008-04-02 9:53:29.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.190 [GMT 2:00]
Running from: C:\Documents and Settings\Bojan\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Bojan\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\sbwltbxa.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\180search assistant
C:\Program Files\180search assistant\180sa.exe
C:\Program Files\180search assistant\sau.exe
C:\Program Files\180searchassistant
C:\Program Files\180searchassistant\saap.exe
C:\Program Files\180searchassistant\sac.exe
C:\Program Files\180solutions
C:\Program Files\180solutions\sais.exe
C:\Program Files\stc
C:\Program Files\stc\csv5p070.exe
C:\Program Files\Sysmnt
C:\Program Files\Sysmnt\Ssmgr.exe
C:\Program Files\zango
C:\Program Files\zango\zango.exe
C:\WINDOWS\recover.reg
C:\WINDOWS\system32\sbwltbxa.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_npf


((((((((((((((((((((((((( Files Created from 2008-03-02 to 2008-04-02 )))))))))))))))))))))))))))))))
.

2008-04-01 19:58 . 2008-04-01 19:58 0 --a------ C:\dump_dvd.vob
2008-03-29 12:07 . 2008-03-29 12:07 <DIR> d-------- C:\VundoFix Backups
2008-03-29 12:04 . 2008-03-29 12:04 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-28 16:27 . 2008-03-28 16:27 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-03-27 17:25 . 2008-03-29 13:19 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Web Page Maker V2
2008-03-27 17:24 . 2008-03-27 17:24 <DIR> d-------- C:\Program Files\Lavasoft
2008-03-27 17:24 . 2008-03-27 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-27 17:23 . 2008-03-27 17:23 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-27 00:27 . 2008-03-27 00:27 376 --a------ C:\WINDOWS\ODBC.INI
2008-03-27 00:26 . 2003-06-18 18:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-03-27 00:25 . 2008-03-27 00:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-27 00:25 . 2008-03-27 00:25 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-03-27 00:22 . 2008-03-27 00:22 <DIR> dr-h----- C:\MSOCache
2008-03-26 16:33 . 2008-03-26 16:33 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\IM-Names
2008-03-26 12:40 . 2008-03-26 12:40 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Grisoft
2008-03-26 12:40 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-26 12:34 . 2008-03-26 12:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
2008-03-26 08:01 . 2008-03-26 08:01 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Syntrillium
2008-03-24 00:38 . 2008-03-24 00:38 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-03-24 00:38 . 2008-03-24 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-03-24 00:37 . 2008-03-24 00:40 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-24 00:29 . 2008-04-01 16:11 619 --a------ C:\WINDOWS\wcx_ftp.ini
2008-03-23 23:53 . 2008-04-02 09:30 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-23 23:51 . 2008-03-23 23:51 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2008-03-23 23:49 . 2008-04-01 10:30 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Ahead
2008-03-23 23:43 . 2008-03-23 23:43 <DIR> d-------- C:\Program Files\Nero
2008-03-23 23:43 . 2008-03-23 23:50 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-03-23 23:43 . 2008-03-23 23:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-03-22 18:17 . 2008-03-22 18:17 <DIR> d-------- C:\WINDOWS\system32\QuickTime
2008-03-22 16:55 . 2008-03-22 18:17 <DIR> d-------- C:\Program Files\Macromedia
2008-03-22 16:55 . 2008-03-22 17:41 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-03-22 16:54 . 2008-03-22 18:15 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-03-22 16:52 . 2008-03-22 16:52 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Media Player Classic
2008-03-22 16:44 . 2008-03-22 16:44 <DIR> d--h----- C:\WINDOWS\PIF
2008-03-22 13:18 . 2008-03-22 13:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-03-22 11:40 . 2007-12-07 04:21 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-22 11:40 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-22 11:40 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-22 11:40 . 2007-12-07 04:21 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-22 11:40 . 2007-12-07 04:21 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-22 11:40 . 2007-12-07 04:21 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-22 11:40 . 2007-12-07 04:21 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-22 11:40 . 2007-12-07 04:21 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-22 11:40 . 2007-12-06 13:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-22 04:05 . 2004-09-01 10:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-21 19:05 . 2008-03-22 13:12 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-21 19:05 . 2006-09-06 18:43 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-03-21 15:40 . 2008-03-21 15:40 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-21 15:40 . 2008-04-02 09:28 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\AVG7
2008-03-21 15:40 . 2008-03-21 15:40 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-03-21 15:39 . 2008-03-26 12:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-21 15:39 . 2008-03-21 15:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-03-21 15:30 . 2004-08-04 00:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-03-21 15:30 . 2004-08-04 00:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-03-21 14:29 . 2008-03-21 14:29 <DIR> d-------- C:\Program Files\uTorrent
2008-03-21 14:29 . 2008-04-02 09:56 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\uTorrent
2008-03-21 14:04 . 2008-03-21 14:04 12,736 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-03-20 23:42 . 2008-03-20 23:42 38 --a------ C:\WINDOWS\avisplitter.INI
2008-03-20 23:14 . 2008-03-20 23:32 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\vlc
2008-03-20 21:22 . 2008-04-01 18:37 3,196 --a------ C:\WINDOWS\WINCMD.INI
2008-03-20 21:20 . 2008-03-20 21:22 <DIR> d-------- C:\Program Files\TotalCmd
2008-03-20 21:20 . 2008-03-31 20:24 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\skypePM
2008-03-20 21:20 . 2008-03-20 21:20 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-20 21:19 . 2008-03-31 22:30 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Skype
2008-03-20 21:18 . 2008-03-20 21:19 <DIR> d-------- C:\Program Files\Skype
2008-03-20 21:18 . 2008-03-20 21:18 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-03-20 21:18 . 2008-03-20 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-20 21:13 . 2008-03-20 21:13 <DIR> d-------- C:\Program Files\Notepad++
2008-03-20 21:13 . 2008-03-20 23:41 <DIR> d-------- C:\Program Files\Mv2Player
2008-03-20 21:13 . 2008-03-21 14:04 <DIR> d-------- C:\Program Files\mIRC
2008-03-20 21:13 . 2008-03-24 01:05 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\Notepad++
2008-03-20 21:13 . 2008-03-21 14:07 <DIR> d-------- C:\Documents and Settings\Bojan\Application Data\mIRC
2008-03-20 20:59 . 2008-03-20 20:59 304 --ah----- C:\sqmdata03.sqm
2008-03-20 20:59 . 2008-03-20 20:59 244 --ah----- C:\sqmnoopt03.sqm
2008-03-20 20:57 . 2008-03-20 20:57 268 --ah----- C:\sqmdata02.sqm
2008-03-20 20:57 . 2008-03-20 20:57 244 --ah----- C:\sqmnoopt02.sqm
2008-03-20 20:29 . 2008-03-20 20:29 268 --ah----- C:\sqmdata01.sqm
2008-03-20 20:29 . 2008-03-20 20:29 244 --ah----- C:\sqmnoopt01.sqm
2008-03-20 19:46 . 2008-03-20 19:46 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-20 19:46 . 2008-03-20 19:46 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-20 19:46 . 2008-03-26 22:44 <DIR> d-------- C:\Documents and Settings\Bojan\Contacts
2008-03-20 19:46 . 2008-03-20 19:46 268 --ah----- C:\sqmdata00.sqm
2008-03-20 19:46 . 2008-03-20 19:46 244 --ah----- C:\sqmnoopt00.sqm
2008-03-20 19:01 . 2008-03-20 19:01 <DIR> d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 19:01 . 2003-06-27 15:11 491,520 --a------ C:\WINDOWS\Au51Fun.exe
2008-03-20 19:01 . 2000-05-18 15:43 108,978 --a------ C:\WINDOWS\TTTest.wav
2008-03-20 17:46 . 2008-03-20 17:46 16 --a------ C:\WINDOWS\wininit.ini
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Program Files\Yahoo!
2008-03-20 17:44 . 2008-03-20 17:44 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 17:09 . 2006-06-14 10:47 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-03-20 17:09 . 2006-06-14 10:47 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-03-20 17:07 . 2000-10-20 19:28 765,952 -ra------ C:\WINDOWS\system\crlds3d.dll
2008-03-20 17:06 . 2001-08-17 15:59 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2008-03-20 17:05 . 2004-08-04 00:59 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2008-03-20 17:05 . 2004-08-04 01:08 10,624 --a------ C:\WINDOWS\system32\drivers\gameenum.sys
2008-03-20 17:02 . 2008-04-01 11:12 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-03-20 17:02 . 2008-03-24 00:40 <DIR> dr------- C:\Documents and Settings\All Users\Documents
2008-03-20 17:01 . 2008-03-20 16:24 <DIR> d-------- C:\Documents and Settings
2008-03-20 17:00 . 2008-03-20 16:22 261 --a------ C:\WINDOWS\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-22 14:54 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-20 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-20 14:31 --------- d-----w C:\Program Files\Opera
2008-03-20 14:31 --------- d-----w C:\Program Files\Foxit Software
2008-03-20 14:31 --------- d-----w C:\Program Files\Ares
2008-03-20 14:30 --------- d-----w C:\Program Files\Winamp
2008-03-20 14:30 --------- d-----w C:\Program Files\VideoLAN
2008-03-20 14:30 --------- d-----w C:\Documents and Settings\Bojan\Application Data\Winamp
2008-03-20 14:28 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-20 14:27 --------- d-----w C:\Program Files\Java
2008-03-20 14:27 --------- d-----w C:\Program Files\Common Files\Java
2008-03-20 14:19 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-03-29_11.57.50.96 )))))))))))))))))))))))))))))))))))))))))
.
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2000-08-31 06:00:00 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 07:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,160 ----a-w C:\WINDOWS\Nircmd.exe
- 2008-03-22 02:17:14 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-03-30 09:09:03 40,196 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-03-22 02:17:14 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-03-30 09:09:03 311,934 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2000-08-31 07:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-07-16 23:54 961536]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 13:54 5674352]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-01 10:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 20:04 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 17:50 4620288]
"nwiz"="nwiz.exe" [2004-10-29 17:50 921600 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 17:50 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 00:54 37376]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-03-21 15:39 411648]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-21 15:39 145920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a7a2caf-fe3b-11dc-a6b0-000c6ec604a2}]
\Shell\auto\command - N:\Knight.exe open
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Knight.exe open
\Shell\explore\command - N:\Knight.exe open
\Shell\find\command - N:\Knight.exe open
\Shell\install\command - N:\Knight.exe open
\Shell\open\command - N:\Knight.exe open

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-02 09:58:45
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-04-02 10:03:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-02 08:03:01
ComboFix2.txt 2008-04-01 09:12:56
ComboFix3.txt 2008-03-29 10:58:20
Pre-Run: 9,148,432,384 bytes free
Post-Run: 9,266,917,376 bytes free
.
2008-03-27 15:48:32 --- E O F ---

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Imas li sad nekih problema sa kompjuterom?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nemam, mozda malo Opera steka, kad otvaram nove tabove zaledi ponekad na desnom kliknu. Ali do je vjerovatno do same Opere. Hvala jos jednom.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hvala sad je sve ok, radi kao svjetlica