[es] - HJT log sa previse hostova

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

^{10.01.2010. u 22:14 - pre 174 meseci}

ComboFix 10-01-04.01 - User 10.01.2010 22:48:10.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.499 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\khq
c:\windows\system32\msvcrt2.dll
c:\windows\system32\twain.dll
D:\khq

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ICF

((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\scripting
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\l2schemas
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\en
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\bits
2010-01-10 14:20 . 2010-01-10 14:20 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-01-10 14:19 . 2010-01-10 14:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-10 14:17 . 2010-01-10 14:17 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-01-10 14:12 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-10 14:12 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-10 14:12 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-10 14:12 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-10 14:12 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-10 14:12 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-10 14:12 . 2010-01-10 14:13 -------- d-----w- c:\windows\ie8updates
2010-01-10 14:12 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-10 14:09 . 2010-01-10 14:11 -------- dc-h--w- c:\windows\ie8
2010-01-10 13:39 . 2004-08-03 21:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-01-10 13:39 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-01-10 13:39 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-01-10 13:39 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-01-10 13:11 . 2010-01-10 13:11 -------- d-----w- c:\program files\MSXML 6.0
2010-01-10 13:02 . 2010-01-10 15:21 -------- d-----w- c:\windows\ServicePackFiles
2010-01-10 12:09 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-10 12:09 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-10 12:09 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-10 12:09 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-10 12:09 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-10 12:09 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-10 12:09 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-10 12:09 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-10 12:09 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-10 12:09 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-10 12:09 . 2009-08-04 19:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-10 12:09 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-10 11:58 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-10 11:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-10 11:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-10 11:46 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-10 11:45 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-10 11:45 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-10 11:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-10 11:12 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-10 11:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-10 11:05 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-10 10:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 10:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 10:08 . 2001-08-17 11:11 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys
2010-01-10 10:08 . 2001-08-17 11:11 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2010-01-05 22:07 . 2010-01-10 13:23 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-05 21:59 . 2010-01-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-05 21:56 . 2010-01-10 13:41 -------- d-----w- c:\program files\Common Files\Softwin
2010-01-04 08:55 . 2010-01-05 23:00 -------- d-----w- c:\windows\system32\Z

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 22:00 . 2009-04-18 08:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-10 18:07 . 2007-06-19 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-10 15:29 . 2007-06-15 10:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-07 16:17 . 2009-04-18 08:30 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-07 16:17 . 2009-04-18 08:30 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-06 11:07 . 2008-03-21 14:42 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-06 11:06 . 2007-12-18 19:14 26 ----a-w- c:\windows\popcinfo.dat
2010-01-05 21:18 . 2009-06-22 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-26 14:16 . 2008-01-19 18:11 -------- d-----w- c:\program files\Ricochet Lost Worlds
2009-12-24 07:18 . 2007-06-16 09:22 434120 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-23 08:35 . 2009-05-01 18:25 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-20 13:49 . 2008-01-29 13:52 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-12-20 10:36 . 2009-04-19 13:34 -------- d-----w- c:\program files\Star Defender 4
2009-12-01 08:46 . 2009-08-18 10:45 471040 ----a-w- c:\windows\HarryPotter Hogwarts.scr
2009-12-01 08:46 . 2009-08-18 10:45 12288 ----a-w- c:\windows\impborl.dll
2009-11-24 23:54 . 2009-04-18 07:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-18 07:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-18 07:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-03 07:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-03 07:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-18 07:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-18 07:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-18 07:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-18 07:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-11 22:04 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2003-05-28 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-20 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8014:TCP"= 8014:TCP:nemgo

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/3/2009 8:10 AM 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [5/28/2003 6:01 PM 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/3/2009 8:10 AM 20560]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [9/10/2003 4:26 AM 81920]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/30/2007 9:37 AM 7196]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [6/15/2007 1:45 PM 747392]
S2 dawnzyo;Network Update;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 1:00 PM 14336]
S3 ZD1211U(OvisLink);OvisLink WL-5480USB WLAN USB Driver(OvisLink);c:\windows\system32\drivers\ZD1211U.sys [6/18/2007 10:59 AM 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [6/18/2007 10:59 AM 19200]
S4 OneStepSrch Service;OneStepSrch Service;"c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe" "c:\program files\OneStepSrch\onestep.dll" Service --> c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe [?]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dawnzyo
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-19 20:23]

2010-01-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 18:16]

2009-10-20 c:\windows\Tasks\NSSstub.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-04-22 13:37]

2010-01-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-07-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-BitTorrent - c:\program files\BitTorrent\bittorrent.exe
SafeBoot-gdesjvru.sys
SafeBoot-qinxzmkt.sys
ActiveSetup-{YMS03AB-B707-11d2-9CBD-0000F87A369E} - c:\windows\conime.exe
AddRemove-HijackThis - c:\documents and settings\User\Desktop\HijackThis.exe
AddRemove-ElectroAirHockey - c:\program files\Electrotank\ElectroAirHockey\uninstall.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 23:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dawnzyo]
"ServiceDll"="c:\windows\system32\zfcfft.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-01-10 23:10:50 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 22:10

Pre-Run: 7.728.431.104 bytes free
Post-Run: 7.608.274.944 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - BA20B1B3DA6A0E420883AF863554A763

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: HJT log sa previse hostova

^{10.01.2010. u 22:45 - pre 174 meseci}

Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Citat:

Driver::
dawnzyo

NetSvcs::
dawnzyo

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\dawnzyo]

File::
c:\windows\system32\zfcfft.dll

Klikni na File\Save as i sacuvaj tekst kao CFScript na Desktop

Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log

*Kopiraj taj log na forum i reci mi kakvo je sad stanje:

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{10.01.2010. u 23:19 - pre 174 meseci}

evo ga novi log od CF

za sada puno bolje- usao u safe mode, MBAM bez problema ocistio to zadnje smece, a poslacu ti i novi HJT log pa mi, ako nije problem reci da li trebam jos nesto da fix-iram jer vidim i neke "no name file"

ComboFix 10-01-04.01 - User 10.01.2010 23:55:28.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.436 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100110-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::
"c:\windows\system32\zfcfft.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_DAWNZYO
-------\Service_dawnzyo

((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\scripting
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\l2schemas
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\en
2010-01-10 15:25 . 2010-01-10 15:25 -------- d-----w- c:\windows\system32\bits
2010-01-10 14:20 . 2010-01-10 14:20 -------- d-sh--w- c:\documents and settings\User\PrivacIE
2010-01-10 14:19 . 2010-01-10 14:19 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-10 14:17 . 2010-01-10 14:17 -------- d-sh--w- c:\documents and settings\User\IETldCache
2010-01-10 14:12 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-01-10 14:12 . 2009-10-29 07:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-01-10 14:12 . 2009-10-29 07:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-01-10 14:12 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-01-10 14:12 . 2009-10-29 07:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-01-10 14:12 . 2009-10-29 07:45 11069952 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-01-10 14:12 . 2010-01-10 14:13 -------- d-----w- c:\windows\ie8updates
2010-01-10 14:12 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-01-10 14:09 . 2010-01-10 14:11 -------- dc-h--w- c:\windows\ie8
2010-01-10 13:39 . 2004-08-03 21:41 11868 ------w- c:\windows\system32\drivers\mdmxsdk.sys
2010-01-10 13:39 . 2004-08-03 21:41 1041536 ------w- c:\windows\system32\drivers\hsfdpsp2.sys
2010-01-10 13:39 . 2004-08-03 21:41 685056 ------w- c:\windows\system32\drivers\hsfcxts2.sys
2010-01-10 13:39 . 2004-08-03 21:41 220032 ------w- c:\windows\system32\drivers\hsfbs2s2.sys
2010-01-10 13:11 . 2010-01-10 13:11 -------- d-----w- c:\program files\MSXML 6.0
2010-01-10 13:02 . 2010-01-10 15:21 -------- d-----w- c:\windows\ServicePackFiles
2010-01-10 12:09 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-01-10 12:09 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-01-10 12:09 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-01-10 12:09 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-01-10 12:09 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-01-10 12:09 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-01-10 12:09 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-01-10 12:09 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-01-10 12:09 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-01-10 12:09 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-01-10 12:09 . 2009-08-04 19:44 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-01-10 12:09 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-01-10 11:58 . 2008-04-11 19:04 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2010-01-10 11:55 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-01-10 11:55 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2010-01-10 11:46 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-01-10 11:45 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-01-10 11:45 . 2008-12-11 10:57 333952 -c----w- c:\windows\system32\dllcache\srv.sys
2010-01-10 11:44 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-01-10 11:12 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-01-10 11:05 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-01-10 11:05 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\documents and settings\User\Application Data\Malwarebytes
2010-01-10 10:32 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-10 10:32 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 10:32 . 2010-01-10 10:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 10:08 . 2001-08-17 11:11 66591 -c--a-w- c:\windows\system32\dllcache\el90xbc5.sys
2010-01-10 10:08 . 2001-08-17 11:11 66591 ----a-w- c:\windows\system32\drivers\el90xbc5.sys
2010-01-05 22:07 . 2010-01-10 13:23 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-05 21:59 . 2010-01-10 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-05 21:56 . 2010-01-10 13:41 -------- d-----w- c:\program files\Common Files\Softwin
2010-01-04 08:55 . 2010-01-05 23:00 -------- d-----w- c:\windows\system32\Z

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-10 23:08 . 2009-04-18 08:05 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-01-10 18:07 . 2007-06-19 08:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-10 15:29 . 2007-06-15 10:56 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-01-07 16:17 . 2009-04-18 08:30 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-07 16:17 . 2009-04-18 08:30 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-06 11:07 . 2008-03-21 14:42 1632 ----a-w- c:\windows\system32\d3d8caps.dat
2010-01-06 11:06 . 2007-12-18 19:14 26 ----a-w- c:\windows\popcinfo.dat
2010-01-05 21:18 . 2009-06-22 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-26 14:16 . 2008-01-19 18:11 -------- d-----w- c:\program files\Ricochet Lost Worlds
2009-12-24 07:18 . 2007-06-16 09:22 434120 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-23 08:35 . 2009-05-01 18:25 1744 ----a-w- c:\windows\system32\d3d9caps.dat
2009-12-20 13:49 . 2008-01-29 13:52 45056 ----a-w- c:\windows\NCUNINST.EXE
2009-12-20 10:36 . 2009-04-19 13:34 -------- d-----w- c:\program files\Star Defender 4
2009-12-01 08:46 . 2009-08-18 10:45 471040 ----a-w- c:\windows\HarryPotter Hogwarts.scr
2009-12-01 08:46 . 2009-08-18 10:45 12288 ----a-w- c:\windows\impborl.dll
2009-11-24 23:54 . 2009-04-18 07:58 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-18 07:59 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-18 07:59 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-09-03 07:10 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-09-03 07:10 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-18 07:59 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-18 07:59 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-18 07:59 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-18 07:59 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-10-29 07:45 . 2004-08-04 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]
2009-11-11 22:04 2166296 ----a-w- c:\program files\MyPlayCity\tbMyP1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{4724C5D8-DFA7-417A-A2F5-1EABFEE9B4AC}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-11-11 2166296]

[HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-19 68856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2007-03-30 25263144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GhostStartTrayApp"="c:\program files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe" [2003-05-28 94208]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-24 132496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-10-20 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-6-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Updater\\GoogleUpdater.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"8014:TCP"= 8014:TCP:nemgo

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [9/3/2009 8:10 AM 114768]
R1 GhPciScan;GhostPciScanner;c:\program files\Norton SystemWorks\Norton Ghost\GhPciScan.sys [5/28/2003 6:01 PM 5632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [9/3/2009 8:10 AM 20560]
R2 NProtectService;Norton Unerase Protection;c:\progra~1\NORTON~1\NORTON~2\NPROTECT.EXE [9/10/2003 4:26 AM 81920]
R2 V7;V7;c:\windows\system32\drivers\V7.SYS [8/30/2007 9:37 AM 7196]
R3 wdm_au8830;Aureal Vortex 8830 Audio Driver (WDM);c:\windows\system32\drivers\adm8830.sys [6/15/2007 1:45 PM 747392]
S3 ZD1211U(OvisLink);OvisLink WL-5480USB WLAN USB Driver(OvisLink);c:\windows\system32\drivers\ZD1211U.sys [6/18/2007 10:59 AM 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [6/18/2007 10:59 AM 19200]
S4 OneStepSrch Service;OneStepSrch Service;"c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe" "c:\program files\OneStepSrch\onestep.dll" Service --> c:\documents and settings\All Users\Application Data\OneStepSrch\onestep210.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-01-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-19 20:23]

2010-01-01 c:\windows\Tasks\Norton SystemWorks One Button Checkup.job
- c:\program files\Norton SystemWorks\OBC.exe [2003-09-12 18:16]

2010-01-10 c:\windows\Tasks\Symantec NetDetect.job
- c:\program files\Symantec\LiveUpdate\NDETECT.EXE [2007-07-30 16:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-11 00:07
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(728)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\progra~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\Java\jre1.6.0_03\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2010-01-11 00:15:17 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 23:15
ComboFix2.txt 2010-01-10 22:10

Pre-Run: 7.534.718.976 bytes free
Post-Run: 7.544.516.608 bytes free

Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - DB9EBD690A99D13BDCB27BB2F59E6173

_{[Ovu poruku je menjao comkm dana 11.01.2010. u 01:09 GMT+1]}

_{[Ovu poruku je menjao comkm dana 11.01.2010. u 01:14 GMT+1]}

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{11.01.2010. u 00:15 - pre 174 meseci}

evo ga HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:08:14, on 11.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\User\Desktop\bla bla.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O3 - Toolbar: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/wi...t/wuweb_site.cab?1263120940011
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O17 - HKLM\System\CS1\Services\Tcpip\..\{1210A449-63BA-4E02-A39E-959A505160E8}: NameServer = 192.168.1.2
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7462 bytes

Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.

+89 Profil

Re: HJT log sa previse hostova

^{11.01.2010. u 00:52 - pre 174 meseci}

Video sam tvoj post,nisi trebao da otvaras novu temu,ali sad je gotovo...te hostove inace mozes sve da fiksiras sa HijackThis-om...mada,jos bolje je sa ComboFix-om,vec ste zapoceli tako da...magna86,izvolite... :)))

A wolf is weaker than a lion and a tiger, but doesn't play in the circus.

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: HJT log sa previse hostova

^{11.01.2010. u 01:11 - pre 174 meseci}

Ja sam zamolio coveka da otvori novu temu za svoj problem.

Imao je rootkit u sistemu i jos podosta malware-a podosta njih HijackThis program ne moze da vidi.
Svi ti (no name ) i (no file ) stavke ( CLSID ) su legitimne. Ja ih vidim u Combofix logu.
Da su kljucevi maliciozni ja bi ih uklonio CFScript-om

host je resetovao Combofix i sad je sve u redu,nema vise tragova infekcije.

Potrebno je jos unistalirati Combofix da bi zavrsili sa ciscenjem:

Start >>> Run

Code:
Combofix /Uninstall

Ok

i zamolio bi te da uz poruku prikacis te logove od Malwarebytes Antimalware-a cisto da bih nesto proverio

hvala

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{11.01.2010. u 09:34 - pre 174 meseci}

Combofix je uninstaliran. Kompjuter se ponasa odlicno. Veliko hvala na saradnji i pomoci i nadam se da cemo se jos vidjeti na forumu, jer pocesto imam potrebu da rijesim ljudima problem, a da im ne formatiram disk. Evo jos ti saljem zipovan folder u kojem su svi mbam logovi.

Pozdrav i jos jednom Hvala

Prikačeni fajlovi

MBAM logs.zip - 3.18k

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: HJT log sa previse hostova

^{11.01.2010. u 09:37 - pre 174 meseci}

Hvala na logovima.
PozZ ;)

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{12.01.2010. u 22:08 - pre 174 meseci}

@ magna86
Ako nije problem volio bih da mi prekontrolises HJT log, jer se moj racunar sada jako cudno ponasa, a da jesam, jesam kopcao diskove sa onog zarazenog da bi ga prekontrolisao KIS-om, a sve prije nego smo poceli sa CF-om. Prije svega od tada vise ne mogu da update-ujem KIS, ne mogu pokrenuti outlook ex., kad pokrecem IE izbaci neku poruku ???....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:06:34, on 12.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files\IE7pro\IE7pro.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Pomoc za prijavu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files\IE7pro\IE7pro.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7081 bytes

Odgovor na temu

Aleksandar Maletic
System administrator

Moderator
Član broj: 235887
Poruke: 1138
*.mbb.telenor.rs.

+89 Profil

Re: HJT log sa previse hostova

^{12.01.2010. u 22:19 - pre 174 meseci}

Log je cist,osim jednog,taj Kaspersky mi je jako sumnjiv...jel to krekovan KAV???Cini mi se da je nesto upetljano sa njim...

A wolf is weaker than a lion and a tiger, but doesn't play in the circus.

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{12.01.2010. u 22:54 - pre 174 meseci}

Sam KIS je kupljen, ali je licenca davno istekla, pa se koristim dostupnim kljucevima. Ali nema veze, sad cu ga skinuti i inst. Avast free pa cu vidjeti kako se komp ponasa, ali cisto sumnjam. Ipak sve je moguce. Kada zavrsim postavicu ponovo log.

Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta

+16 Profil

Re: HJT log sa previse hostova

^{12.01.2010. u 23:42 - pre 174 meseci}

nista...ajd ponovo skini Combofix...odradi skeniranje...meni HJT bas i ne znaci mnogo.
kis tu nepravi problem...i nema tu krekovanog kasperskog...ili ima kljuca ili nema

http://www.itfix.biz/images/Malware.JPG

Odgovor na temu

comkm
Banjaluka, BiH

Član broj: 229943
Poruke: 54
*.teol.net.

+9 Profil

Re: HJT log sa previse hostova

^{13.01.2010. u 00:19 - pre 174 meseci}

Evo ga log CF

ComboFix 10-01-12.02 - rados 13.01.2010 1:06.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2039.1726 [GMT 1:00]
Running from: c:\documents and settings\rados\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-12-13 to 2010-01-13 )))))))))))))))))))))))))))))))
.

2010-01-12 23:41 . 2010-01-12 23:41 -------- d-----w- c:\program files\Alwil Software
2010-01-12 21:06 . 2010-01-12 21:08 -------- d-----w- c:\documents and settings\rados\Application Data\IE7pro
2010-01-12 21:06 . 2010-01-12 21:08 -------- d-----w- c:\program files\IE7pro
2010-01-11 19:13 . 2010-01-11 19:13 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-01-11 19:12 . 2010-01-11 19:13 -------- d-----w- c:\windows\SHELLNEW
2010-01-11 19:11 . 2010-01-11 19:11 -------- d-----w- c:\program files\Microsoft.NET
2010-01-11 11:58 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-01-11 11:57 . 2010-01-11 11:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-01-11 11:56 . 2010-01-11 11:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-11 11:56 . 2010-01-11 11:58 -------- d-----w- c:\program files\Windows Live
2010-01-11 10:18 . 2010-01-12 07:48 69824 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-01-10 12:46 . 2008-04-14 00:12 26624 ----a-r- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-01-10 12:28 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-01-10 12:27 . 2010-01-10 12:27 -------- d-----w- c:\program files\Windows Media Connect 2
2010-01-10 12:25 . 2010-01-10 12:26 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-01-10 12:25 . 2010-01-10 12:25 -------- d-----w- c:\windows\system32\LogFiles
2010-01-03 10:01 . 2010-01-03 10:01 152576 ----a-r- c:\documents and settings\rados\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-03 10:00 . 2010-01-03 10:00 79488 ----a-r- c:\documents and settings\rados\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-27 12:17 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-24 10:33 . 2009-12-24 10:33 -------- d-----w- c:\program files\Trend Micro
2009-12-24 10:24 . 2009-12-24 10:24 -------- d-----w- C:\PRIMATRON
2009-12-24 10:11 . 2007-08-10 15:05 5120 ----a-w- c:\windows\system32\tcusbdrv.dll
2009-12-24 10:11 . 2007-08-10 15:05 11136 ----a-w- c:\windows\system32\drivers\usb8023k.sys
2009-12-24 10:11 . 2009-12-24 10:11 -------- d-----w- c:\windows\zy_tmp
2009-12-24 10:11 . 2007-08-10 15:05 27264 ----a-w- c:\windows\system32\drivers\rndismpk.sys
2009-12-23 21:21 . 2009-12-23 21:21 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-12-23 21:21 . 2009-12-25 20:43 -------- d-----w- c:\documents and settings\rados\Application Data\SUPERAntiSpyware.com
2009-12-23 21:21 . 2009-12-25 20:43 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-22 22:41 . 2009-12-22 22:41 -------- d-sh--w- c:\documents and settings\rados\UserData
2009-12-16 23:01 . 2009-12-16 23:03 -------- d-----w- c:\documents and settings\rados\Application Data\TeamViewer
2009-12-16 23:01 . 2009-12-16 23:01 -------- d-----w- c:\program files\TeamViewer
2009-12-16 22:59 . 2009-12-16 22:59 -------- d-----w- c:\documents and settings\rados\temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-12 23:37 . 2009-09-06 19:23 -------- d-----w- c:\program files\Google
2010-01-12 22:57 . 2009-09-06 18:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-10 10:44 . 2009-09-06 19:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-10 10:42 . 2009-09-06 19:48 5115824 ----a-r- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 15:07 . 2009-09-06 19:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 15:07 . 2009-09-06 19:45 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-03 10:02 . 2009-10-17 18:38 -------- d-----w- c:\program files\Java
2009-12-30 23:13 . 2009-09-06 18:44 69824 ----a-r- c:\documents and settings\rados\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-28 09:27 . 2009-10-09 17:40 -------- d-----w- c:\program files\AutoCAD 2007
2009-12-28 09:27 . 2009-10-09 17:38 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2009-12-24 10:11 . 2009-09-06 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-01 10:26 . 2009-09-16 14:08 -------- d-----w- c:\program files\NeuroTran
2009-11-30 09:41 . 2009-11-13 11:25 -------- d-----w- c:\program files\Chicken Invaders 2
2009-11-27 10:47 . 2009-11-27 10:46 -------- d-----w- c:\program files\Engleski
2009-11-25 11:52 . 2009-11-25 11:52 -------- d-----w- c:\program files\Alcohol Soft
2009-11-25 11:30 . 2009-11-25 11:30 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-13 09:51 . 2009-11-13 09:51 151987 ----a-w- c:\windows\Osveta Besnog Pileta Uninstaller.exe
2009-10-29 07:45 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-20 08:22 . 2009-10-20 08:22 152576 ----a-r- c:\documents and settings\rados\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-09-07 07:12 . 2009-09-07 07:12 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-03-17 203928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-12 30192]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2007-12-3 394856]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0aswBoot.exe /A:* /L:English /KBD:2

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [25.11.2009 12:30 717296]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [11.1.2010 12:58 54752]
S3 fsssvc;Usluga Windows Live Obiteljska sigurnost;c:\program files\Windows Live\Family Safety\fsssvc.exe [5.8.2009 22:48 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13.1.2010 0:37 30192]
.
Contents of the 'Scheduled Tasks' folder

2010-01-13 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-11-04 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-13 01:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkk.sys >>UNKNOWN [0x8A6B8938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf763bf28
\Driver\ACPI -> ACPI.sys @ 0xf7496cb8
\Driver\atapi -> atapi.sys @ 0xf7978b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1708)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Panda USB Vaccine\USBVaccine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-01-13 01:17:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-13 00:17

Pre-Run: 37.622.493.184 bytes free
Post-Run: 38.215.229.440 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 5D4401D22264D60A10471AAB2D4AB13C

Odgovor na temu