Provera loga

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-08.03 - Milos 05/10/2009 0:42.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.290 [GMT 2:00]
Running from: c:\documents and settings\Milos\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milos\Desktop\CFScript.txt
AV: Kaspersky Internet Security *On-access scanning disabled* (Updated)
FW: Kaspersky Internet Security *disabled*

FILE ::
c:\windows\system32\sfaob.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\sfaob.exe

.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\spoolsv.exe --> c:\windows\system32\spoolsv.exe
c:\windows\ServicePackFiles\i386\svchost.exe --> c:\windows\system32\svchost.exe
c:\windows\ServicePackFiles\i386\explorer.exe --> c:\windows\explorer.exe
c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe --> c:\windows\system32\services.exe
c:\windows\ServicePackFiles\i386\lsass.exe --> c:\windows\system32\lsass.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ZDMLEBNJC
-------\Service_zdmlebnjc


((((((((((((((((((((((((( Files Created from 2009-04-09 to 2009-05-09 )))))))))))))))))))))))))))))))
.

2009-05-09 07:58 . 2009-05-09 07:58 245 ----a-w c:\windows\tmp73431046.bat
2009-05-09 07:58 . 2009-05-09 07:58 578560 -c--a-w c:\windows\system32\dllcache\user32.dll
2009-05-08 17:58 . 2009-05-08 17:58 -------- d-sh--w c:\documents and settings\Milos\PrivacIE
2009-05-08 11:43 . 2009-05-08 11:43 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-05-08 11:35 . 2009-05-08 11:35 -------- d-sh--w c:\documents and settings\Milos\IETldCache
2009-05-08 11:25 . 2009-05-08 11:27 -------- dc-h--w c:\windows\ie8
2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Opera
2009-05-08 02:34 . 2009-05-08 02:34 -------- d-----w c:\program files\Opera
2009-05-07 11:54 . 2009-05-09 16:31 -------- d-----w c:\program files\Mozilla Firefox 3.5 Beta 4
2009-05-02 08:13 . 2009-05-02 08:13 -------- d-----w c:\documents and settings\All Users\Application Data\3B271
2009-05-01 23:53 . 2008-09-20 20:19 213504 ----a-w c:\windows\system32\libssl32.dll
2009-05-01 18:25 . 2009-05-04 12:41 -------- d-----w c:\program files\No-IP
2009-05-01 14:33 . 2009-05-01 14:33 2 ---h--w c:\windows\t55ft2692f44.dat
2009-05-01 14:33 . 2009-05-01 15:55 -------- d-----w c:\windows\system32\796525
2009-05-01 14:30 . 2009-05-07 12:44 -------- d-----w c:\program files\ACSPMonitor
2009-05-01 00:56 . 2003-11-04 13:11 159744 ----a-w c:\windows\system32\lfpng13n.dll
2009-04-30 20:31 . 1999-04-08 09:18 49152 ----a-w c:\windows\system32\_ISREG32.DLL
2009-04-30 20:31 . 1999-08-18 07:54 180224 ----a-w c:\windows\system32\Ijl11.dll
2009-04-30 20:31 . 2000-03-06 13:17 32768 ----a-w c:\windows\system32\kbhook.dll
2009-04-30 20:31 . 2002-04-04 15:16 32768 ----a-w c:\windows\system32\nsutil.exe
2009-04-30 20:31 . 2004-03-04 09:13 110592 ----a-w c:\windows\system32\nsys.exe
2009-04-30 20:31 . 1999-03-23 07:12 299520 ----a-w c:\windows\uninst.exe
2009-04-30 18:03 . 2009-04-30 18:03 -------- d-----w c:\documents and settings\Milos\2009-04-30-21-03-51
2009-04-30 17:46 . 2009-04-30 17:46 -------- d-----w c:\documents and settings\Milos\2009-04-30-20-46-40
2009-04-30 17:24 . 2009-04-30 17:24 -------- d-----w c:\program files\SnadBoy's Revelation v2
2009-04-28 12:46 . 2009-04-28 12:46 -------- d-----w c:\documents and settings\All Users\Application Data\03D8
2009-04-28 12:44 . 2009-05-04 11:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\BearShare
2009-04-28 12:43 . 2009-04-28 12:45 -------- d-----w c:\program files\BearShare Applications
2009-04-27 13:27 . 2009-04-30 23:28 -------- d-----w c:\documents and settings\Milos\Application Data\Hamachi
2009-04-27 13:26 . 2009-04-27 13:26 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-04-26 20:52 . 2002-06-19 10:19 91136 ----a-w c:\windows\system32\msls2.dll
2009-04-25 12:06 . 2009-04-25 12:28 -------- d-----w c:\program files\SHOUTcast
2009-04-23 15:23 . 2009-04-23 15:23 -------- d-----w c:\program files\Mz_CpuAcc
2009-04-19 15:24 . 2001-08-17 12:55 382592 -c--a-w c:\windows\system32\dllcache\atidrab.dll
2009-04-19 15:24 . 2004-08-04 12:00 29184 -c--a-w c:\windows\system32\dllcache\asptxn.dll
2009-04-19 15:24 . 2004-08-04 12:00 10240 -c--a-w c:\windows\system32\dllcache\aspperf.dll
2009-04-19 15:24 . 2001-08-17 10:12 97354 -c--a-w c:\windows\system32\dllcache\aspndis3.sys
2009-04-19 15:22 . 2001-08-17 10:20 96256 -c--a-w c:\windows\system32\dllcache\ac97intc.sys
2009-04-19 15:20 . 2008-04-13 20:06 231552 -c--a-w c:\windows\system32\dllcache\ac97ali.sys
2009-04-19 15:20 . 2004-08-04 12:00 23552 -c--a-w c:\windows\system32\dllcache\abp480n5.sys
2009-04-19 15:20 . 2001-08-17 20:36 462848 -c--a-w c:\windows\system32\dllcache\a3dapi.dll
2009-04-19 15:20 . 2001-08-17 20:36 98304 -c--a-w c:\windows\system32\dllcache\a3d.dll
2009-04-19 15:20 . 2001-08-17 12:55 38400 -c--a-w c:\windows\system32\dllcache\8514a.dll
2009-04-19 15:20 . 2008-04-13 22:16 48128 -c--a-w c:\windows\system32\dllcache\61883.sys
2009-04-19 15:20 . 2008-04-13 22:10 12288 -c--a-w c:\windows\system32\dllcache\4mmdat.sys
2009-04-19 15:20 . 2001-08-17 10:48 148352 -c--a-w c:\windows\system32\dllcache\3dfxvsm.sys
2009-04-19 15:20 . 2001-08-17 12:55 689216 -c--a-w c:\windows\system32\dllcache\3dfxvs.dll
2009-04-19 15:20 . 2001-08-17 11:28 762780 -c--a-w c:\windows\system32\dllcache\3cwmcru.sys
2009-04-19 15:20 . 2004-08-04 12:00 11264 -c--a-w c:\windows\system32\dllcache\1394vdbg.sys
2009-04-19 15:20 . 2008-04-13 22:16 53376 -c--a-w c:\windows\system32\dllcache\1394bus.sys
2009-04-19 15:19 . 2004-08-04 12:00 7168 -c--a-w c:\windows\system32\dllcache\wamregps.dll
2009-04-19 15:19 . 2001-08-17 12:56 66048 -c--a-w c:\windows\system32\dllcache\s3legacy.dll
2009-04-19 15:19 . 2009-02-06 11:06 2145280 -c--a-w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-19 15:18 . 2004-08-04 12:00 19968 -c--a-w c:\windows\system32\dllcache\inetsloc.dll
2009-04-19 15:18 . 2004-08-04 12:00 7680 -c--a-w c:\windows\system32\dllcache\inetmgr.exe
2009-04-19 15:18 . 2004-08-04 12:00 169984 -c--a-w c:\windows\system32\dllcache\iisui.dll
2009-04-19 15:18 . 2004-08-04 12:00 5632 -c--a-w c:\windows\system32\dllcache\iisrstap.dll
2009-04-19 15:18 . 2004-08-04 12:00 14336 -c--a-w c:\windows\system32\dllcache\iisreset.exe
2009-04-19 15:18 . 2004-08-04 12:00 6144 -c--a-w c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-15 11:22 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 11:22 . 2009-02-06 10:39 35328 -c----w c:\windows\system32\dllcache\sc.exe
2009-04-15 11:22 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 11:22 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 11:22 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 11:22 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 11:22 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-15 11:20 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-04-15 11:20 . 2008-04-21 12:08 215552 -c----w c:\windows\system32\dllcache\wordpad.exe
2009-04-13 14:11 . 2009-04-13 14:11 180224 ----a-w c:\windows\system32\WinVd32.sys
2009-04-13 14:11 . 2009-04-13 14:11 16896 ----a-w c:\windows\system32\WinFl32.sys
2009-04-11 19:45 . 2001-08-17 20:36 8192 -c--a-w c:\windows\system32\dllcache\tsbyuv.dll
2009-04-11 19:45 . 2001-08-17 20:36 8192 ----a-w c:\windows\system32\tsbyuv.dll
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\EffectResources
2009-04-11 15:29 . 2000-10-31 10:00 307200 ----a-w c:\windows\vidcap32.Exe
2009-04-11 15:29 . 2005-08-08 12:37 24576 ----a-w c:\windows\VMPipe.dll
2009-04-11 15:29 . 2006-10-11 16:40 57344 ----a-w c:\windows\Sti305.exe
2009-04-11 15:29 . 2005-05-18 08:55 32768 ----a-w c:\windows\VMZoom.exe
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\windows\CatRoot
2009-04-11 15:29 . 2009-04-11 15:29 -------- d-----w c:\program files\Vimicro
2009-04-11 15:26 . 2005-08-08 08:36 114688 ----a-r c:\windows\VM305Cap.exe
2009-04-11 15:26 . 2006-06-28 09:54 49152 ----a-w c:\windows\Domino.EXE
2009-04-11 15:26 . 2006-06-28 09:39 49152 ----a-w c:\windows\VMSnap5.EXE
2009-04-11 15:26 . 2005-05-03 07:51 176128 ----a-r c:\windows\amcap.exe
2009-04-11 15:26 . 2005-08-05 10:36 81920 ----a-r c:\windows\system32\VM305STI.dll
2009-04-11 15:26 . 2006-08-10 04:32 391737 ----a-r c:\windows\system32\drivers\usbVM305.sys
2009-04-11 15:12 . 2008-04-13 22:46 141056 -c--a-w c:\windows\system32\dllcache\ks.sys
2009-04-11 15:12 . 2008-04-13 22:46 141056 ----a-w c:\windows\system32\drivers\ks.sys
2009-04-11 15:12 . 2008-04-14 03:42 294912 ----a-w c:\windows\system32\msh263.drv
2009-04-11 15:12 . 2008-04-14 03:42 53760 -c--a-w c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-11 15:12 . 2008-04-14 03:42 53760 ----a-w c:\windows\system32\vfwwdm32.dll
2009-04-11 15:12 . 2008-04-14 03:42 16896 -c--a-w c:\windows\system32\dllcache\msyuv.dll
2009-04-11 15:12 . 2008-04-14 03:42 16896 ----a-w c:\windows\system32\msyuv.dll
2009-04-11 15:12 . 2008-04-14 04:41 4096 ----a-w c:\windows\system32\ksuser.dll
2009-04-11 15:12 . 2008-04-14 03:41 47616 -c--a-w c:\windows\system32\dllcache\iyuv_32.dll
2009-04-11 15:12 . 2008-04-14 03:41 47616 ----a-w c:\windows\system32\iyuv_32.dll
2009-04-10 17:20 . 2009-04-10 17:20 -------- d-----w c:\documents and settings\Milos\Application Data\Sports Interactive
2009-04-10 11:14 . 2009-04-10 11:14 -------- d-----w c:\program files\Sports Interactive
2009-04-10 04:54 . 2009-04-10 10:24 -------- d-----w c:\documents and settings\All Users\Application Data\Electronic Arts
2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w C:\ProgramData
2009-04-10 04:47 . 2009-04-10 04:47 816 ----a-w c:\windows\system32\ealregsnapshot1.reg
2009-04-10 04:47 . 2009-04-10 04:47 -------- d-----w c:\documents and settings\Milos\Local Settings\Application Data\Downloaded Installations

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-09 22:45 . 2008-12-05 11:36 950304 --sha-w c:\windows\system32\drivers\fidbox2.dat
2009-05-09 22:45 . 2008-12-05 11:36 5376 --sha-w c:\windows\system32\drivers\fidbox2.idx
2009-05-09 22:45 . 2008-12-05 11:36 4469280 --sha-w c:\windows\system32\drivers\fidbox.dat
2009-05-09 22:45 . 2008-12-05 11:36 37044 --sha-w c:\windows\system32\drivers\fidbox.idx
2009-05-09 15:46 . 2004-08-04 12:00 67 --sha-w c:\windows\Fonts\desktop.ini
2009-05-09 15:21 . 2009-01-28 00:33 33808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-05-09 08:01 . 2004-08-04 12:00 578560 ----a-w c:\windows\system32\user32.DLL
2009-05-08 18:03 . 2009-01-08 03:28 -------- d-----w c:\program files\Mozilla Thunderbird
2009-05-07 18:05 . 2009-01-16 20:38 -------- d-----w c:\program files\Xilisoft
2009-05-07 11:53 . 2008-12-09 00:23 -------- d-----w c:\program files\Notepad++
2009-05-07 00:24 . 2008-11-09 17:21 -------- d-----w c:\program files\MessengerDiscovery
2009-05-04 12:44 . 2008-11-13 13:02 -------- d-----w c:\program files\EA SPORTS
2009-05-04 12:42 . 2009-04-09 15:36 -------- d-----w c:\program files\PokerRoom.com
2009-05-02 01:03 . 2009-03-18 21:38 5 ----a-w c:\windows\sbacknt.bin
2009-05-01 14:36 . 2004-08-04 12:00 182656 ----a-w c:\windows\system32\drivers\ndis.sys
2009-04-25 12:06 . 2008-11-10 00:22 -------- d-----w c:\program files\Winamp
2009-04-19 16:46 . 2008-12-13 14:43 -------- d-----w c:\program files\AlienGUIse
2009-04-18 12:35 . 2008-12-05 11:37 89601 ----a-w c:\windows\system32\drivers\klick.dat
2009-04-18 12:35 . 2008-12-05 11:37 101287 ----a-w c:\windows\system32\drivers\klin.dat
2009-04-11 15:29 . 2008-11-09 15:48 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 15:29 . 2008-11-09 15:47 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-09 19:52 . 2009-02-27 12:37 -------- d-----w c:\program files\Pool Sharks
2009-04-09 15:35 . 2009-04-09 15:33 -------- d-----w c:\program files\VPHoldem
2009-04-09 15:32 . 2009-04-09 15:29 -------- d-----w c:\program files\PacificPoker
2009-04-01 13:10 . 2008-11-09 17:11 -------- d-----w c:\program files\Google
2009-03-29 19:38 . 2009-03-29 19:38 -------- d-----w c:\program files\Ventrilo
2009-03-29 19:37 . 2009-03-29 19:37 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-03-23 17:23 . 2009-03-23 17:18 -------- d-----w c:\program files\Counter-Strike 1.6
2009-03-18 21:36 . 2009-03-18 21:36 -------- d-----w c:\program files\vghd
2009-03-18 21:36 . 2009-03-18 21:36 152904 ----a-w c:\windows\system32\vghd.scr
2009-03-16 02:09 . 2009-03-16 02:09 -------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 02:03 . 2008-11-29 00:01 -------- d-----w c:\program files\Skype
2009-03-14 16:59 . 2009-03-14 16:59 -------- d-----w c:\program files\MSN Content Plus Inc
2009-03-14 15:13 . 2008-11-09 17:18 -------- d-----w c:\program files\Windows Live
2009-03-14 15:10 . 2008-11-09 15:47 47296 ----a-w c:\documents and settings\Milos\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-08 02:34 . 2004-08-04 12:00 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2004-08-04 12:00 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:33 . 2004-08-04 12:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2004-08-04 12:00 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:32 . 2004-08-04 12:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2004-08-04 12:00 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:31 . 2004-08-04 12:00 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 02:31 . 2004-08-04 12:00 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 02:31 . 2004-08-04 12:00 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 02:22 . 2004-08-04 12:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2004-08-04 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-12 12:42 . 2009-02-12 12:42 5501 ----a-w c:\windows\system32\rtclcmg32.dll
2009-02-09 12:10 . 2004-08-04 12:00 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2004-08-04 12:00 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2004-08-04 12:00 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 12:10 . 2004-08-04 12:00 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 11:13 . 2004-08-04 12:00 1846784 ----a-w c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-05-09_16.14.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-09 22:47 . 2009-05-09 22:47 16384 c:\windows\temp\Perflib_Perfdata_130.dat
+ 2004-08-04 12:00 . 2008-04-14 04:42 14336 c:\windows\system32\dllcache\svchost.exe
+ 2004-08-04 12:00 . 2008-04-14 04:42 57856 c:\windows\system32\dllcache\spoolsv.exe
+ 2004-08-04 12:00 . 2008-04-14 04:42 13312 c:\windows\system32\dllcache\lsass.exe
+ 2004-08-04 12:00 . 2009-02-06 11:06 110592 c:\windows\system32\dllcache\services.exe
+ 2004-08-04 12:00 . 2008-04-14 04:42 1033728 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2008-07-16 1266992]
"{9CB65206-89C4-402c-BA80-02D8C59F9B1D}"= "c:\program files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL" [2008-11-10 57344]

[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLTBSearch]

[HKEY_CLASSES_ROOT\clsid\{9cb65206-89c4-402c-ba80-02d8c59f9b1d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-02-13 7557120]
"VMSnap5"="c:\windows\VMSnap5.EXE" [2006-06-28 49152]
"Domino"="c:\windows\Domino.EXE" [2006-06-28 49152]
"BigDog305"="c:\windows\VM305_STI.EXE" [BU]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-05 206088]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Milos\Start Menu\Programs\Startup\
Alienware News Feed.lnk - c:\program files\Stardock\DesktopGadgets\Alienware News Feed\Alienware News Feed.exe [2009-1-9 523952]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"MaxRecentDocs"= 15 (0xf)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 22:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\LSSrvc.exe]
"Debugger"=rundll32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"=
"d:\\Program Files\\Achilles-Script 4.5 White\\Mirc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"4357:TCP"= 4357:TCP:WWW

R0 HFXP2;HFXP2;c:\windows\system32\drivers\hfxp2.sys [10/12/2004 2:24 PM 11392]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/28/2009 2:33 AM 33808]
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys [11/9/2008 6:49 PM 59776]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys [11/9/2008 6:49 PM 19456]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kXbar.sys [11/9/2008 6:50 PM 9600]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [1/28/2009 2:32 AM 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [1/28/2009 2:32 AM 24592]
R3 ZSMC0305;Vimicro USB PC Camera (VC0305);c:\windows\system32\drivers\usbVM305.sys [4/11/2009 5:26 PM 391737]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [11/9/2008 6:54 PM 9446]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3f2a03aa-bf9f-11dd-a96f-001558156083}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60b49e34-c7cc-11d0-8953-00a0c90347ff}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-02-09 c:\windows\Tasks\WinXP Manager - Auto Shutdown.job
- d:\program files\Yamicsoft\WinXP Manager\ShutDownCommand.exe [2006-09-27 04:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Highlight - c:\windows\WEB\highlight.htm
IE: &Links List - c:\windows\WEB\urllist.htm
IE: &Web Search - c:\windows\WEB\selsearch.htm
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open Frame in &New Window - c:\windows\WEB\frm2new.htm
IE: Zoom &In - c:\windows\WEB\zoomin.htm
IE: Zoom &Out - c:\windows\WEB\zoomout.htm
Trusted Zone: microsoft.com\office
TCP: {F31FF05B-3EA6-4E06-8257-D4CC5B714568} = 195.66.160.1 195.66.160.2
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Milos\Application Data\Mozilla\Firefox\Profiles\mdqgtdii.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.5 Beta 4\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.5 Beta 4\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 00:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1036)
c:\program files\AlienGUIse\fastload.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'explorer.exe'(880)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Common Files\Nero\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-09 0:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-09 22:53
ComboFix2.txt 2009-05-09 16:19

Pre-Run: 18,626,101,248 bytes free
Post-Run: 18,669,772,800 bytes free

Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
349 --- E O F --- 2009-04-25 21:39

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zipuj ili raruj folder C:\qoobox i upload-uj preko oovog linka

http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

uspjesno je uploadovan file

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Skini ovaj fajl na desktop i pokreni ga dvoklikom, zatim klikni OK pa Yes.

https://www.mycity.rs/must-login.png

Posle mi referisi kakvo je stanje pa da privodimo kraju ako je sve ok.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

pa kad upalim kis pojavi mi se ovaj problem....






i ne mogu da se konektujem na internet, a kad pauziram kis2009 sve mi je oke tako da mi je od onda jos uvek kis na pauzi. inace sve ostalo je oke.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne mozes da se konektujes preko msn-a jel tako, da nisi mozda blokirao msn u KIS-u ?
A ovako normalno radi net, mislim na browser?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne nece da se konektuje na net uopste. pojavi mi se to dole sa uzvicnikom i ne mogu da se konektujem na net.. i cim stavim pause to se makne sa uzvicnikom i ja se konektujem na internet.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovako, sto se tice malware mi smo zavrsili, racunar je cist. Ostaje da deinstaliras Combofix.

Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.


Sto se tice problema sa KIS-om pokusaj sledece:

Desni klik na konekciju u tray-u pa Repair.
Ako to ne pomogne, odradi reinstalaciju AV-a
I treca mogucnost je da potrazis pomoc na odgovarajucem forumu

http://www.mycity.rs/viewforum.php?f=218

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

reinstalirao sam kis2009 i sada je sve uredu......

PUNO HVALA!!!!!
185 GODINA NAPUNIO