Poslao: 15 Dec 2008 14:21
- rradovan
- Građanin
- Pridružio: 15 Dec 2008
- Poruke: 177
- Gde živiš: Beograd
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06:07 PM, on 12/15/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\TimeLeft3\TimeLeft.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Everything\Everything.exe
C:\Documents and Settings\RR\Desktop\lecenje\TR3.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = krstarica.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - (no file)
O2 - BHO: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: globaladsolution - {c587848c-ab1c-bdd3-142f-36e6ba836864} - C:\WINDOWS\system32\nsh20.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: Raketa Krstarice - {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\2.bin\ASKSBAR.DLL
O3 - Toolbar: AVGTOOLBAR - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: TimeLeft.lnk = C:\Program Files\TimeLeft3\TimeLeft.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - ?p=ZCfox000
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Desktop Manager 5.8.809.23506 (GoogleDesktopManager-092308-165331) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
End of file - 7359 bytes
Na brauzeru Firefox i na IE u gornjem desnom boksu gde je doskora stajala naznaka Google kao search engine, pojavljuje se Yoog search koji ne funcioniše već samo istakne neku svoju home page - izgleda da je malware. Ne može da se očisti, a AVG ga ne vidi, niti ga vidi Ad Aware. Šta je to, zasad samo smeta, jer moram ručno da vraćam google, ali možda nosi i neku nevolju ?
Poslao: 15 Dec 2008 14:54
- rradovan
- Građanin
- Pridružio: 15 Dec 2008
- Poruke: 177
- Gde živiš: Beograd
ComboFix 08-12-14.04 - RR 2008-12-15 14:45:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1165 [GMT 1:00]
Running from: c:\documents and settings\RR\Desktop\lecenje\ComboFix.exe
((((((((((((((((((((((((( Files Created from 2008-11-15 to 2008-12-15 )))))))))))))))))))))))))))))))
2008-12-14 13:27 . 2008-12-14 13:27 203,776 --a------ c:\windows\system32\clrviddc.dll
2008-12-14 13:27 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2008-12-14 13:27 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2008-12-14 13:27 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll
2008-12-14 13:27 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe
2008-12-14 05:27 . 2008-12-15 02:40 146 --a------ c:\windows\cdplayer.ini
2008-12-14 05:24 . 2008-12-14 05:24 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-14 04:26 . 2008-12-14 05:24 <DIR> d-------- c:\program files\Common Files\Real
2008-12-14 04:25 . 2008-12-14 04:25 <DIR> d-------- c:\program files\Real
2008-12-13 22:48 . 2008-12-13 22:48 <DIR> d--h----- c:\windows\PIF
2008-12-09 13:29 . 2008-12-09 13:30 <DIR> d-------- c:\documents and settings\RR\Application Data\vlc
2008-12-03 12:10 . 2008-12-03 12:10 <DIR> d-------- c:\documents and settings\RR\Application Data\DonationCoder
2008-12-03 12:10 . 2008-12-03 12:10 46 --a------ c:\windows\system32\DonationCoder_findrunrobot_InstallInfo.dat
2008-12-03 12:09 . 2008-12-03 12:34 <DIR> d-------- c:\program files\FindAndRunRobot
2008-12-02 18:32 . 2008-12-02 18:32 674,304 --a------ c:\windows\system32\nsh20.dll
2008-12-01 12:54 . 2008-12-01 12:54 <DIR> d-------- c:\program files\JoshMadison
2008-12-01 10:51 . 2008-12-01 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\201D4
2008-11-30 18:27 . 2008-11-30 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\18138
2008-11-30 02:38 . 2008-11-30 02:38 <DIR> d-------- c:\windows\Sun
2008-11-29 21:09 . 2008-11-29 21:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\2C271
2008-11-29 12:43 . 2008-11-29 12:43 <DIR> d-------- c:\documents and settings\RR\Application Data\Foxit
2008-11-27 03:03 . 2008-11-27 03:03 25 --a------ c:\windows\entpack.ini
2008-11-27 02:54 . 2008-11-27 02:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\31FA
2008-11-22 12:46 . 2008-11-22 12:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\3B3B9
2008-11-21 18:17 . 2008-11-21 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\2F32C
2008-11-20 03:03 . 2008-11-20 03:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\AAB
2008-11-19 23:42 . 2008-11-19 23:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\20261
2008-11-19 23:41 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-19 15:21 . 2008-12-15 13:52 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-19 11:31 . 2008-11-19 11:31 <DIR> d-------- c:\documents and settings\RR\Application Data\Pmcc
2008-11-18 23:17 . 2008-11-18 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\A196
2008-11-18 02:17 . 2008-11-18 02:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\162DF
2008-11-17 21:04 . 2008-11-17 21:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-17 02:07 . 2008-11-17 02:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\28399
2008-11-16 23:32 . 2008-11-16 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\29FA
2008-11-16 23:29 . 2008-11-19 23:42 <DIR> d-------- c:\program files\iMesh Applications
2008-11-15 20:48 . 2008-11-15 20:48 22 --a------ c:\windows\system32\ati64hl2.stb
2008-11-15 20:34 . 2008-11-15 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\ATI
2008-11-15 19:49 . 2008-11-15 19:49 22 --a------ c:\windows\system32\ati64hlp.stb
2008-11-15 19:46 . 2008-11-15 19:46 <DIR> d-------- C:\pnp
2008-11-15 00:26 . 2008-11-20 23:52 <DIR> d-------- c:\documents and settings\RR\Application Data\ACD Systems
2008-11-15 00:25 . 2008-11-15 00:25 <DIR> d-------- c:\program files\ACD Systems
2008-11-15 00:25 . 2008-11-15 00:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-12-15 13:42 --------- d-----w c:\documents and settings\RR\Application Data\Skype
2008-12-15 13:26 --------- d-----w c:\program files\Everything
2008-12-15 09:37 --------- d-----w c:\documents and settings\RR\Application Data\skypePM
2008-12-14 04:24 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-14 04:24 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-13 15:40 --------- d-----w c:\documents and settings\RR\Application Data\FrostWire
2008-12-13 15:26 --------- d-----w c:\documents and settings\RR\Application Data\LimeWire
2008-12-13 13:00 --------- d-----w c:\program files\DAP
2008-12-11 15:58 --------- d-----w c:\documents and settings\RR\Application Data\uTorrent
2008-12-10 09:32 --------- d-----w c:\program files\TimeLeft3
2008-12-07 16:25 --------- d-----w c:\program files\Google
2008-12-05 23:46 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-12-05 23:40 --------- d-----w c:\program files\Glary Utilities
2008-11-30 14:58 --------- d-----w c:\program files\FrostWire
2008-11-30 13:19 --------- d-----w c:\documents and settings\RR\Application Data\IObit
2008-11-30 13:15 --------- d-----w c:\program files\SpeedBit Video Accelerator
2008-11-30 13:15 --------- d-----w c:\program files\LimeWire
2008-11-30 13:15 --------- d-----w c:\documents and settings\RR\Application Data\Wildfire
2008-11-29 11:48 --------- d-----w c:\program files\SpeedFan
2008-11-29 11:00 --------- d-----w c:\program files\IObit
2008-11-19 10:33 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-19 10:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 10:33 --------- d-----w c:\program files\Winamp
2008-11-19 10:33 --------- d-----w c:\program files\Paint.NET
2008-11-19 10:33 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:33 --------- d-----w c:\program files\DivX
2008-11-19 10:33 --------- d-----w c:\program files\Dictionary
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\Orbit
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\dvdcss
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\DivX
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-15 19:30 --------- d-----w c:\program files\ATI Technologies
2008-11-14 23:25 --------- d-----w c:\program files\Common Files\ACD Systems
2008-11-14 22:11 --------- d-----w c:\program files\IrfanView
2008-11-12 21:54 --------- d-----w c:\documents and settings\RR\Application Data\XnView
2008-11-12 10:33 196,608 ----a-w c:\windows\system32nvideo.dll
2008-11-12 10:33 167,936 ----a-w c:\windows\system32GSearchTB.dll
2008-11-11 23:37 78,636 ----a-w c:\windows\system32\aaczskrxqmmkpyus.exe
2008-11-11 22:50 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-11 22:49 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-11 22:49 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-11-11 22:49 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-11 22:24 --------- d-----w c:\program files\AVG
2008-11-08 01:46 --------- d-----w c:\program files\XnView
2008-11-01 21:14 --------- d-----w c:\program files\ESET
2008-11-01 03:56 --------- d-----w c:\program files\Lavalys
2008-10-30 16:46 --------- d-----w c:\program files\Opera
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-28 16:33 --------- d-----w c:\program files\Java
2008-10-28 16:24 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-28 16:24 --------- d-----w c:\program files\MSECache
2008-10-28 02:35 --------- d---a-w c:\program files\AskSBar
2008-10-27 13:33 69,232 -c--a-w c:\documents and settings\RR\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 14:30 --------- d-----w c:\program files\MSBuild
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:03 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 00:13 --------- d-----w c:\documents and settings\RR\Application Data\GlarySoft
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-20 11:17 --------- d-----w c:\program files\Total Video Player
2008-10-19 15:05 36,928 ----a-w c:\windows\system32\drivers\pssdk41.sys
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 15:17 8,192 ----a-w c:\windows\system32\NetFerret.dll
2008-10-13 15:17 17,920 ----a-w c:\windows\WebFerretUninstall.exe
2008-10-03 10:02 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-12-05 23:47 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
2008-10-08 12:30 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-24 17:10 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-28 66912]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-10-28 03:35 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 15:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c587848c-ab1c-bdd3-142f-36e6ba836864}]
2008-12-02 18:32 674304 --a------ c:\windows\system32\nsh20.dll
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-06 3114496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-14 185872]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]
c:\documents and settings\RR\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-12-22 1984688]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^ppcb_32.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-12-06 00:47 3114496 c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 12:13 133104 c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
"Everything"="c:\program files\Everything\Everything.exe" -startup
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\RR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\RR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-11 12936]
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-05-01 15172]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-11 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-11 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 231704]
R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [2008-11-01 22640]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-05 30192]
S3 PsSdk41;PsSdk41;\??\c:\windows\system32\Drivers\pssdk41.sys [2008-10-19 36928]
S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\DRIVERS\w940nd.sys [2007-12-21 16925]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
\Shell\AutoRun\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 05:51]
2008-12-15 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
2008-12-15 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:13]
------- Supplementary Scan -------
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\RR\Application Data\Mozilla\Firefox\Profiles\ne96dqmr.default\
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.speedbit.com/search/searchresults.asp?src=default&q=
FF - plugin: c:\documents and settings\RR\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\RR\Local Settings\Application Data\Google\Update\\npGoogleOneClick6.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-15 14:47:23
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548-)
Completion time: 2008-12-15 14:48:16
ComboFix-quarantined-files.txt 2008-12-15 13:48:09
ComboFix2.txt 2008-12-15 12:40:03
Pre-Run: 11,954,913,280 bytes free
Post-Run: 11,941,486,592 bytes free
Poslao: 15 Dec 2008 15:26
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Pre nego sto pocnemo sa ciscenjem, jesi probao da ga nadjes u Tools -> Add - ons?
Poslao: 15 Dec 2008 15:49
- rradovan
- Građanin
- Pridružio: 15 Dec 2008
- Poruke: 177
- Gde živiš: Beograd
Trazzio sam ga svugde uzalud, ali on se vidi samo kao - Yoog Searc.xm u putanji C, Documets and Settings, RR, Application Data, Mozilla, Firefox, Profiles, ne96dqmr.default, searchplugins
Dopuna: 15 Dec 2008 15:49
Izvini, tačno treba da piše: Yoog Searc.xml (tu sam bio pogrešno upisao samo xm, a pravilno je xml), pa onda sledi da se to nalazi u C, Documets and Settings, RR, Application Data, Mozilla, Firefox, Profiles, ne96dqmr.default, searchplugins
Poslao: 16 Dec 2008 07:52
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Prijatelju, ne beri brige, bice reseno, ali sutra. Sad moram da idem.
Dopuna: 16 Dec 2008 7:52
ponovo iskljuci antivirus i uradi sledece:
Otvoriti Notepad i iskopirati sledeci tekst:
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{F8B9E5C0-4DCC-CFCF-ABA5-00401D608516}]
c:\documents and settings\All Users\Application Data\201D4
c:\documents and settings\All Users\Application Data\18138
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
Poslao: 16 Dec 2008 12:52
- rradovan
- Građanin
- Pridružio: 15 Dec 2008
- Poruke: 177
- Gde živiš: Beograd
ComboFix 08-12-15.04 - RR 2008-12-16 12:41:56.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.1293 [GMT 1:00]
Running from: c:\documents and settings\RR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\RR\Desktop\CFScript.txt
* Created a new restore point
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin\kdja.exe
((((((((((((((((((((((((( Files Created from 2008-11-16 to 2008-12-16 )))))))))))))))))))))))))))))))
2008-12-14 13:27 . 2008-12-14 13:27 203,776 --a------ c:\windows\system32\clrviddc.dll
2008-12-14 13:27 . 1999-09-10 13:06 45,056 --a------ c:\windows\system32\wnaspi32.dll
2008-12-14 13:27 . 1999-09-10 13:06 25,244 --a------ c:\windows\system32\drivers\aspi32.sys
2008-12-14 13:27 . 1999-09-10 13:06 5,600 --a------ c:\windows\system\winaspi.dll
2008-12-14 13:27 . 1999-09-10 13:06 4,672 --a------ c:\windows\system\wowpost.exe
2008-12-14 05:27 . 2008-12-15 02:40 146 --a------ c:\windows\cdplayer.ini
2008-12-14 05:24 . 2008-12-14 05:24 <DIR> d-------- c:\program files\Common Files\xing shared
2008-12-14 04:26 . 2008-12-14 05:24 <DIR> d-------- c:\program files\Common Files\Real
2008-12-14 04:25 . 2008-12-14 04:25 <DIR> d-------- c:\program files\Real
2008-12-13 22:48 . 2008-12-13 22:48 <DIR> d--h----- c:\windows\PIF
2008-12-09 13:29 . 2008-12-09 13:30 <DIR> d-------- c:\documents and settings\RR\Application Data\vlc
2008-12-03 12:10 . 2008-12-03 12:10 <DIR> d-------- c:\documents and settings\RR\Application Data\DonationCoder
2008-12-03 12:10 . 2008-12-03 12:10 46 --a------ c:\windows\system32\DonationCoder_findrunrobot_InstallInfo.dat
2008-12-03 12:09 . 2008-12-03 12:34 <DIR> d-------- c:\program files\FindAndRunRobot
2008-12-01 12:54 . 2008-12-01 12:54 <DIR> d-------- c:\program files\JoshMadison
2008-12-01 10:51 . 2008-12-01 10:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\201D4
2008-11-30 18:27 . 2008-11-30 18:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\18138
2008-11-30 02:38 . 2008-11-30 02:38 <DIR> d-------- c:\windows\Sun
2008-11-29 21:09 . 2008-11-29 21:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\2C271
2008-11-29 12:43 . 2008-11-29 12:43 <DIR> d-------- c:\documents and settings\RR\Application Data\Foxit
2008-11-27 03:03 . 2008-11-27 03:03 25 --a------ c:\windows\entpack.ini
2008-11-27 02:54 . 2008-11-27 02:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\31FA
2008-11-22 12:46 . 2008-11-22 12:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\3B3B9
2008-11-21 18:17 . 2008-11-21 18:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\2F32C
2008-11-20 03:03 . 2008-11-20 03:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\AAB
2008-11-19 23:42 . 2008-11-19 23:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\20261
2008-11-19 23:41 . 2008-09-25 14:20 483,328 --a------ c:\windows\system32\actskn45.ocx
2008-11-19 15:21 . 2008-12-16 12:34 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-19 11:31 . 2008-11-19 11:31 <DIR> d-------- c:\documents and settings\RR\Application Data\Pmcc
2008-11-18 23:17 . 2008-11-18 23:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\A196
2008-11-18 02:17 . 2008-11-18 02:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\162DF
2008-11-17 21:04 . 2008-11-17 21:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr
2008-11-17 02:07 . 2008-11-17 02:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\28399
2008-11-16 23:32 . 2008-11-16 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\29FA
2008-11-16 23:29 . 2008-11-19 23:42 <DIR> d-------- c:\program files\iMesh Applications
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-12-16 11:44 --------- d-----w c:\documents and settings\RR\Application Data\Skype
2008-12-16 10:43 --------- d-----w c:\documents and settings\RR\Application Data\skypePM
2008-12-15 14:52 --------- d-----w c:\program files\Everything
2008-12-14 04:24 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-14 04:24 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-13 15:40 --------- d-----w c:\documents and settings\RR\Application Data\FrostWire
2008-12-13 15:26 --------- d-----w c:\documents and settings\RR\Application Data\LimeWire
2008-12-13 13:00 --------- d-----w c:\program files\DAP
2008-12-11 15:58 --------- d-----w c:\documents and settings\RR\Application Data\uTorrent
2008-12-10 09:32 --------- d-----w c:\program files\TimeLeft3
2008-12-07 16:25 --------- d-----w c:\program files\Google
2008-12-05 23:46 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-12-05 23:40 --------- d-----w c:\program files\Glary Utilities
2008-11-30 14:58 --------- d-----w c:\program files\FrostWire
2008-11-30 13:19 --------- d-----w c:\documents and settings\RR\Application Data\IObit
2008-11-30 13:15 --------- d-----w c:\program files\SpeedBit Video Accelerator
2008-11-30 13:15 --------- d-----w c:\program files\LimeWire
2008-11-30 13:15 --------- d-----w c:\documents and settings\RR\Application Data\Wildfire
2008-11-29 11:48 --------- d-----w c:\program files\SpeedFan
2008-11-29 11:00 --------- d-----w c:\program files\IObit
2008-11-20 22:52 --------- d-----w c:\documents and settings\RR\Application Data\ACD Systems
2008-11-19 10:33 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2008-11-19 10:33 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-19 10:33 --------- d-----w c:\program files\Winamp
2008-11-19 10:33 --------- d-----w c:\program files\Paint.NET
2008-11-19 10:33 --------- d-----w c:\program files\Mv2Player
2008-11-19 10:33 --------- d-----w c:\program files\DivX
2008-11-19 10:33 --------- d-----w c:\program files\Dictionary
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\Orbit
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\dvdcss
2008-11-19 10:32 --------- d-----w c:\documents and settings\RR\Application Data\DivX
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2008-11-19 10:32 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-11-15 19:34 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2008-11-15 19:30 --------- d-----w c:\program files\ATI Technologies
2008-11-14 23:25 --------- d-----w c:\program files\Common Files\ACD Systems
2008-11-14 23:25 --------- d-----w c:\program files\ACD Systems
2008-11-14 23:25 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-11-14 22:11 --------- d-----w c:\program files\IrfanView
2008-11-12 21:54 --------- d-----w c:\documents and settings\RR\Application Data\XnView
2008-11-11 23:37 78,636 ----a-w c:\windows\system32\aaczskrxqmmkpyus.exe
2008-11-11 22:50 90,632 ----a-w c:\windows\system32\drivers\avgtdix.sys
2008-11-11 22:49 98,440 ----a-w c:\windows\system32\drivers\avgldx86.sys
2008-11-11 22:49 12,936 ----a-w c:\windows\system32\drivers\avgrkx86.sys
2008-11-11 22:49 10,520 ----a-w c:\windows\system32\avgrsstx.dll
2008-11-11 22:24 --------- d-----w c:\program files\AVG
2008-11-08 01:46 --------- d-----w c:\program files\XnView
2008-11-01 21:14 --------- d-----w c:\program files\ESET
2008-11-01 03:56 --------- d-----w c:\program files\Lavalys
2008-10-30 16:46 --------- d-----w c:\program files\Opera
2008-10-29 03:10 3,341,824 ----a-w c:\windows\system32\drivers\ati2mtag.sys
2008-10-29 02:23 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-10-29 02:22 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-10-29 02:11 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-10-29 02:11 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-10-29 02:11 188,416 ----a-w c:\windows\system32\atipdlxx.dll
2008-10-29 02:11 147,456 ----a-w c:\windows\system32\Oemdspif.dll
2008-10-29 02:10 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-10-29 02:10 10,973,184 ----a-w c:\windows\system32\atioglxx.dll
2008-10-29 02:09 585,728 ----a-w c:\windows\system32\ati2evxx.exe
2008-10-29 02:07 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-10-29 01:57 4,041,472 ----a-w c:\windows\system32\ati3duag.dll
2008-10-29 01:49 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-10-29 01:41 2,472,832 ----a-w c:\windows\system32\ativvaxx.dll
2008-10-29 01:25 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-10-29 01:21 389,120 ----a-w c:\windows\system32\atikvmag.dll
2008-10-29 01:19 44,032 ----a-w c:\windows\system32\atiadlxx.dll
2008-10-29 01:19 17,408 ----a-w c:\windows\system32\atitvo32.dll
2008-10-29 01:18 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll
2008-10-29 01:18 253,952 ----a-w c:\windows\system32\atiok3x2.dll
2008-10-29 01:12 577,536 ----a-w c:\windows\system32\ati2cqag.dll
2008-10-28 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
2008-10-28 16:33 --------- d-----w c:\program files\Java
2008-10-28 16:24 --------- d-----w c:\program files\Windows Installer Clean Up
2008-10-28 16:24 --------- d-----w c:\program files\MSECache
2008-10-28 02:35 --------- d---a-w c:\program files\AskSBar
2008-10-27 13:33 69,232 -c--a-w c:\documents and settings\RR\Application Data\GDIPFONTCACHEV1.DAT
2008-10-25 10:33 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-10-24 14:30 --------- d-----w c:\program files\MSBuild
2008-10-24 11:21 455,296 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 00:03 410,976 ----a-w c:\windows\system32\deploytk.dll
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 00:13 --------- d-----w c:\documents and settings\RR\Application Data\GlarySoft
2008-10-21 17:51 118,784 ----a-w c:\windows\system32\atibrtmon.exe
2008-10-20 11:17 --------- d-----w c:\program files\Total Video Player
2008-10-19 15:05 36,928 ----a-w c:\windows\system32\drivers\pssdk41.sys
2008-10-16 20:38 826,368 ----a-w c:\windows\system32\wininet.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 -c--a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 -c--a-w c:\windows\system32\wups.dll
2008-10-16 13:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 13:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-13 15:17 8,192 ----a-w c:\windows\system32\NetFerret.dll
2008-10-13 15:17 17,920 ----a-w c:\windows\WebFerretUninstall.exe
2008-12-05 23:47 251,392 ----a-w c:\program files\opera\program\plugins\dapop.dll
2008-10-08 12:30 122,880 ----a-w c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-05-24 17:10 32,768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008052420080525\index.dat
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
---- Directory of c:\documents and settings\All Users\Application Data\18138 ----
2008-11-19 23:42 4501 --a------ c:\documents and settings\All Users\Application Data\18138\{9EFB0BCD-4DED-43A7-AB42-B5BBA0107D39}.swf
---- Directory of c:\documents and settings\All Users\Application Data\201D4 ----
2008-11-19 23:42 4501 --a------ c:\documents and settings\All Users\Application Data\201D4\{85423BFA-2050-474B-87AC-E1271910C615}.swf
((((((((((((((((((((((((((((( snapshot@2008-12-16_12.11.24.17 )))))))))))))))))))))))))))))))))))))))))
+ 2008-12-16 11:34:54 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_168.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-10-28 66912]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}]
2008-10-28 03:35 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
2008-09-02 15:04 398768 --a------ c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-09-23 21755688]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2008-12-06 3114496]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"RTHDCPL"="RTHDCPL.EXE" [2006-01-11 c:\windows\RTHDCPL.exe]
c:\documents and settings\RR\Start Menu\Programs\Startup\
TimeLeft.lnk - c:\program files\TimeLeft3\TimeLeft.exe [2007-12-22 1984688]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-03-19 4742184]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^FrostWire On Startup.lnk]
backup=c:\windows\pss\FrostWire On Startup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^RR^Start Menu^Programs^Startup^ppcb_32.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 01:12 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
--a------ 2008-12-06 00:47 3114496 c:\program files\DAP\DAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
--a----t- 2008-09-03 12:13 133104 c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\K-Lite Codec Pack\\Media Player Classic\\mplayerc.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Documents and Settings\\RR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\RR\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\Drivers\avgrkx86.sys [2008-11-11 12936]
R0 PzWDM;PzWDM;c:\windows\system32\Drivers\PzWDM.sys [2008-05-01 15172]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-11 98440]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-11 90632]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 874776]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 231704]
R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2008-03-17 35584]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm []
S3 EverestDriver;Lavalys EVEREST Kernel Driver;\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt [2008-11-01 22640]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-06-05 30192]
S3 PsSdk41;PsSdk41;\??\c:\windows\system32\Drivers\pssdk41.sys [2008-10-19 36928]
S3 w89c940;Winbond W89C940 PCI Ethernet Adapter Driver;c:\windows\system32\DRIVERS\w940nd.sys [2007-12-21 16925]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
\Shell\AutoRun\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
\Shell\open\command - e:\config\S-1-5-21-1482476501-1644491937-682003330-1013\Cfg.exe
Contents of the 'Scheduled Tasks' folder
2008-12-12 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 05:51]
2008-12-16 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-12-01 09:38]
2008-12-16 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\RR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-03 12:13]
------- Supplementary Scan -------
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.krstarica.com
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - ?p=ZCfox000
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - c:\progra~1\DAP\dapie.dll
FF - ProfilePath - c:\documents and settings\RR\Application Data\Mozilla\Firefox\Profiles\ne96dqmr.default\
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.notify.interval - 100000
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.switch.threshold - 650000
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www10.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-cclean&p=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.speedbit.com/search/searchresults.asp?src=default&q=
FF - plugin: c:\documents and settings\RR\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-12-16 12:44:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Corporate Edition\kerneld.wnt"
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548-)
Completion time: 2008-12-16 12:45:06
ComboFix-quarantined-files.txt 2008-12-16 11:45:03
ComboFix2.txt 2008-12-16 11:30:10
ComboFix3.txt 2008-12-16 11:12:03
ComboFix4.txt 2008-12-15 13:48:19
Pre-Run: 11,851,632,640 bytes free
Post-Run: 11,837,128,704 bytes free
Poslao: 16 Dec 2008 16:10
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Obrisi folder:
c:\documents and settings\All Users\Start Menu\Programs\Administrative Tools\Recycle Bin
Kakvo je sad stanje?
Poslao: 16 Dec 2008 17:11
- rradovan
- Građanin
- Pridružio: 15 Dec 2008
- Poruke: 177
- Gde živiš: Beograd
da obrišem folder? ili sadržaj?
Dopuna: 16 Dec 2008 16:50
Obrisan folder (kao da sadržaja tu nije ni bilo). Stanje ekstremno povoljno, tj. kad sam iz menija raznih engines (gornji desni ugao u brauzeru) izbrisao Yoog search, na restartovanju se to više ne pojavljuje. Kanda je uspelo. Proveravam ponovo.
Dopuna: 16 Dec 2008 17:11
Stvar je u redu. Fala, ti si car (carica). Ali još:
1. deistalirati ComboFix ?
2. kako ukloniti crni (DOS) ekran koji se sad pojavljuje pri butovanju na dve-tri sekunde, pa mi nudi da izabiram da li da se sistem diže sa Recoveri Console ili sa Windows XP (kad mu ništa ne odgovorima on se normalno diže dalje, pa zato i nije velik problem, samo malo nervira).
2. očistiti disk, deframentirati ?
Fala još jednom,
Poslao: 17 Dec 2008 07:56
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
Ajde molim te uradi ovo:
Skini sledeci program - http://amf.mycity.rs/personal/bobby/USB_blocker/usb_blocker.exe
- startuj ga i odaberi opciju Auto block
- ubaci USB stick u komp i sacekaj koji sekund (recimo 5-10 sekundi)
- program je sada uradio analizu sticka (vidi se u donjem delu programa, u logu)
- gore levo klikni duplo na slovo koje oznacava particiju, tj. tvoj USB stick
- dole kraj sata ce se pojaviti poruka da smes da izvadis USB stick iz kompa
- ne gasi program, vec ubaci sledeci USB stick i za njega isto sacekaj par sekundi, i tako redom za sve stickove, MP3 plejere, mobilni
- zapamti kojim redom su ubacivani stickovi
Kada sve to zavrsis, log u donjem delu programa ce sadrzati sve podatke koji su meni potrebni da bih video koji stick je zarazen.
Klikni desnim dugmetom misa na log/izvestaj i odaberi Save log.
Automatski ce se otvoriti Notepad i u njemu izvestaj.
Iskopiraj mi taj izvestaj ovde na forum.