Ono sam probao da posaljem ali nisam dobio nikakav izvestaj ili bolje reci da i nije jasno sta sam dobio,
a fajlovi su "pobegli" u c:\windows\LastGood\system32\DRIVERS , pa sam ih obrisao
CF log
ComboFix 10-02-03.04 - vob 05.02.2010 11:35:04.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.252 [GMT 1:00]
Running from: c:\documents and settings\vob\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2010-01-05 to 2010-02-05 )))))))))))))))))))))))))))))))
.
2010-02-05 10:13 . 2010-02-05 10:13 -------- d--h--w- c:\windows\PIF
2010-02-05 09:32 . 2010-02-05 09:32 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-02-05 09:32 . 2010-02-05 10:06 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-05 09:32 . 2010-02-05 10:06 -------- d-----w- c:\documents and settings\vob\Application Data\SUPERAntiSpyware.com
2010-02-05 07:37 . 2010-02-05 10:25 -------- d-----w- c:\windows\LastGood
2010-02-04 13:42 . 2010-02-04 13:57 -------- d-----w- c:\documents and settings\administrator\DoctorWeb
2010-02-04 10:37 . 2010-02-05 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-03 15:08 . 2010-02-03 15:08 -------- d-----w- c:\documents and settings\vob\Application Data\PC Suite
2010-02-03 15:08 . 2010-02-03 15:08 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2010-02-03 15:04 . 2009-02-09 07:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2010-02-03 15:04 . 2010-02-04 09:20 -------- d-----w- c:\program files\Nokia
2010-02-03 15:03 . 2010-02-03 15:03 -------- d-----w- c:\documents and settings\vob\Local Settings\Application Data\Opera
2010-02-03 15:02 . 2010-02-04 09:17 -------- d-----w- c:\program files\Opera
2010-02-03 11:53 . 2010-02-03 11:53 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-02-03 11:51 . 2010-02-03 11:51 -------- d-----w- c:\documents and settings\vob\Application Data\Malwarebytes
2010-02-03 11:51 . 2010-01-07 15:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-03 11:51 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-03 11:51 . 2010-02-03 11:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-03 11:51 . 2010-02-03 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-27 11:21 . 2010-01-27 11:21 -------- d-----w- c:\documents and settings\vob\Application Data\Apple Computer
2010-01-27 11:04 . 2010-01-27 11:04 -------- d-----w- c:\program files\QuickTime
2010-01-27 11:03 . 2010-01-27 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-27 11:01 . 2010-01-27 11:01 -------- d-----w- c:\documents and settings\vob\Application Data\eLanguage
2010-01-27 10:52 . 2010-01-27 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\eLanguage
2010-01-27 10:51 . 2010-01-27 10:51 -------- d-----w- c:\program files\eLanguage
2010-01-21 08:13 . 2010-01-21 08:40 -------- d-----w- c:\program files\Microsoft
2010-01-21 08:13 . 2010-01-21 08:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-21 08:09 . 2010-01-21 08:34 -------- d-----w- c:\documents and settings\vob\Local Settings\Application Data\The Weather Channel
2010-01-21 08:09 . 2010-01-21 08:09 -------- d-----w- c:\program files\The Weather Channel FW
2010-01-21 08:09 . 2006-10-30 10:39 1060864 ----a-w- c:\windows\system32\mfc71.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-19 07:31 . 2009-12-30 07:38 -------- d-----w- c:\program files\palmOne
2010-01-19 07:10 . 2009-02-19 12:51 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 07:07 . 2009-10-12 07:27 -------- d-----w- c:\program files\Look@LAN
2010-01-14 14:25 . 2009-02-20 08:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-29 13:17 . 2009-12-29 13:17 28672 ----a-w- c:\documents and settings\All Users\Application Data\Softomotive\WinAutomation\Compiled Jobs\413d6a20-4dcc-41dd-b688-c924aa8e5aa3.dll
2009-12-18 12:10 . 2009-02-19 12:47 68456 ----a-w- c:\documents and settings\vob\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 11:19 . 2009-12-18 11:19 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-18 11:19 . 2009-12-18 11:19 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-18 11:18 . 2009-12-16 07:14 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2009-12-18 11:11 . 2009-12-18 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-12-18 11:04 . 2009-12-18 11:04 -------- d-----w- c:\documents and settings\vob\Application Data\Nokia Ovi Suite
2009-12-18 11:04 . 2009-11-12 11:50 -------- d-----w- c:\documents and settings\vob\Application Data\Nokia
2009-12-18 10:54 . 2009-12-18 10:54 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf
2009-12-18 10:54 . 2009-12-18 10:54 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-12-17 15:16 . 2009-12-18 11:18 61789728 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\NokiaOviSuite2Installer.exe
2009-12-17 15:16 . 2009-12-17 15:16 61789728 ----a-w- c:\documents and settings\vob\Application Data\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2009-12-17 14:47 . 2009-12-17 14:38 -------- d-----w- c:\documents and settings\vob\Application Data\BSplayer
2009-12-17 14:38 . 2009-12-17 14:38 -------- d-----w- c:\documents and settings\vob\Application Data\BSplayer Pro
2009-12-17 14:38 . 2009-12-17 14:38 -------- d-----w- c:\program files\Webteh
2009-12-16 11:43 . 2009-12-16 07:17 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-16 11:43 . 2009-12-16 07:17 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-16 11:43 . 2009-12-16 07:16 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-16 11:43 . 2009-12-16 07:16 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-16 11:43 . 2009-12-16 07:16 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-16 11:43 . 2009-12-16 07:16 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Installer\CommonCustomActions\pcswpc.exe
2009-12-16 07:14 . 2009-12-16 07:14 94628904 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{82E16F2D-804A-4990-BEEF-C9DB44AE844B}\Nokia_Ovi_Suite_PCS_Update.exe
2009-12-08 11:27 . 2009-12-08 11:23 -------- d-----w- c:\documents and settings\vob\Application Data\uTorrent
2009-12-08 08:02 . 2009-12-08 08:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Softomotive
2009-12-08 07:30 . 2009-10-14 08:56 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-11-24 08:37 . 2009-03-25 09:19 20408 ----a-w- c:\windows\system32\tcpipbak.reg
2009-11-23 07:25 . 2009-11-23 07:25 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-23 07:25 . 2009-11-23 07:25 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-23 07:25 . 2009-11-23 07:25 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-23 07:25 . 2009-11-23 07:25 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-23 07:13 . 2009-11-23 07:25 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng.exe
2009-11-12 11:42 . 2009-11-12 11:42 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2009-11-12 11:42 . 2009-11-12 11:42 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe
2009-11-12 11:42 . 2009-11-12 11:42 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-11-12 11:42 . 2009-11-12 11:42 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2009-11-12 09:49 . 2009-11-12 11:42 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_web.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-04_09.08.43 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-05 10:25 . 2009-10-22 11:54 37392 c:\windows\LastGood\system32\DRIVERS\97348222.sys
+ 2010-02-05 10:25 . 2009-09-25 15:59 128016 c:\windows\LastGood\system32\DRIVERS\97348221.sys
+ 2010-02-05 10:25 . 2009-10-09 21:31 315408 c:\windows\LastGood\system32\DRIVERS\9734822.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"Active Desktop Calendar"="c:\program files\XemiComputers\Active Desktop Calendar\ADC.exe" [2009-10-02 5636608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PRONoMgrWired"="c:\program files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe" [2004-03-02 86016]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-04-05 94208]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-04-05 77824]
"Persistence"="c:\windows\system32\igfxpers.exe" [2005-04-05 114688]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-04-27 282624]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\vob\Start Menu\Programs\Startup\
Microsoft Office Outlook.lnk - c:\program files\Microsoft Office\Office12\OUTLOOK.EXE [2006-10-27 12813096]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCommonGroups"= 0 (0x0)
"NoSimpleStartMenu"= 0 (0x0)
"NoSMMyPictures"= 0 (0x0)
"NoStartMenuMyMusic"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDFSTab"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
"NoChangeAnimation"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Iolo Macro Magic.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Iolo Macro Magic.lnk
backup=c:\windows\pss\Iolo Macro Magic.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 14:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-18 07:58 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2008-08-05 14:34 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [10/14/2009 9:56 AM 108289]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/3/2010 12:51 PM 236368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/3/2010 12:51 PM 19160]
R4 97348221;97348221;c:\windows\system32\DRIVERS\97348221.sys --> c:\windows\system32\DRIVERS\97348221.sys [?]
S1 NetBurn;Paragon NetBurning Driver;c:\windows\system32\drivers\NetBurn.sys [6/7/2008 2:54 PM 84752]
S2 OracleServiceXE;OracleServiceXE;c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE --> c:\oraclexe\app\oracle\product\10.2.0\server\bin\ORACLE.EXE XE [?]
S2 OracleXETNSListener;OracleXETNSListener;c:\oraclexe\app\oracle\product\10.2.0\server\BIN\TNSLSNR.EXE [2/2/2006 12:49 AM 204800]
S3 OracleClientCache80;OracleClientCache80;c:\orant\BIN\ONRSD80.EXE [12/1/2008 9:30 AM 101136]
S4 OracleJobSchedulerXE;OracleJobSchedulerXE;c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE --> c:\oraclexe\app\oracle\product\10.2.0\server\Bin\extjob.exe XE [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - 97348221
*NewlyCreated* - 97348222
*NewlyCreated* - FWLYRPOW
*NewlyCreated* - SASDIFSV
*NewlyCreated* - SASENUM
*NewlyCreated* - SASKUTIL
*NewlyCreated* - SETUP_9.0.0.722_05.02.2010_09-23DRV
*Deregistered* - fwlyrpow
*Deregistered* - SASENUM
.
Contents of the 'Scheduled Tasks' folder
2010-02-05 c:\windows\Tasks\e2.job
- c:\tasks\ev_promet\e2.bat [2010-01-28 08:07]
2010-02-05 c:\windows\Tasks\kb.job
- c:\tasks\kursna_basalt\kb.bat [2009-12-10 13:59]
2010-02-05 c:\windows\Tasks\kl.job
- c:\tasks\kursna_lista\kl.bat [2009-11-24 07:07]
2010-02-05 c:\windows\Tasks\kt.job
- c:\tasks\kt.bat [2009-11-26 13:16]
2010-01-31 c:\windows\Tasks\shutdown weekend.job
- c:\windows\system32\shutdown.exe [2008-04-14 12:00]
2010-01-25 c:\windows\Tasks\shutdown.job
- c:\windows\system32\shutdown.exe [2008-04-14 12:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.buvljak.rs/page1/
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = localhost;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {CE525F84-3759-4F36-BA87-865954BE0972} = 10.0.2.1,10.250.0.1
DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} - hxxp://bas1.vob.yu/forms/jinitiator/jinit.exe
FF - ProfilePath - c:\documents and settings\vob\Application Data\Mozilla\Firefox\Profiles\ihikrwxx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.buvljak.rs/page1/|
http://www.elitesecurity.org/|
http://www.blic.rs/|
http://www.kurir-info.rs/
FF - plugin: c:\documents and settings\vob\Application Data\Mozilla\Firefox\Profiles\ihikrwxx.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13122.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-02-05 11:39
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1390067357-838170752-1177238915-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CD87739E-DC04-7BEE-0B3D-44E48DCAF27C}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(536)
c:\program files\XemiComputers\Active Desktop Calendar\MouseHook.dll
.
Completion time: 2010-02-05 11:41:48
ComboFix-quarantined-files.txt 2010-02-05 10:41
ComboFix2.txt 2010-02-05 08:05
ComboFix3.txt 2010-02-04 09:10
Pre-Run: 21.329.661.952 bytes free
Post-Run: 21.303.054.336 bytes free
- - End Of File - - 10A56E09A400EAE69EDA7F283E32509C
Pomozite Micro$oftu u borbi protiv piraterije, poklonite prijatelju Linux
TR/CryptZPACK.Gen kako ga se resiti?