Izvinjavam se ako kasnim.
ComboFix 08-11-16.05 - ivica 2008-11-17 15:09:25.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1494 [GMT 1:00]
Running from: c:\documents and settings\ivica\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Documents\My Music\Desktop_.ini
c:\documents and settings\All Users\Documents\My Pictures\Desktop_.ini
c:\windows\system32\_000110_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2008-10-17 to 2008-11-17 )))))))))))))))))))))))))))))))
.
2008-11-17 13:39 . 2008-11-17 13:39 <DIR> d-------- c:\program files\Trend Micro
2008-11-17 10:30 . 2008-11-17 10:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\RoboForm
2008-11-17 10:26 . 2008-11-17 10:26 <DIR> d-------- c:\program files\Siber Systems
2008-11-17 07:40 . 2008-11-17 07:40 <DIR> d-------- c:\program files\BillP Studios
2008-11-17 07:40 . 2008-11-17 07:40 <DIR> d-------- c:\documents and settings\ivica\Application Data\WinPatrol
2008-11-17 06:55 . 2008-11-17 06:55 <DIR> d-------- c:\program files\Anders Kjersem
2008-11-17 02:36 . 2008-11-17 02:36 <DIR> d-------- c:\program files\Kaspersky Lab
2008-11-17 02:36 . 2008-11-17 15:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-17 02:36 . 2008-11-17 15:11 10,226,976 --ahs---- c:\windows\system32\drivers\fidbox.dat
2008-11-17 02:36 . 2008-11-17 10:35 139,736 --ahs---- c:\windows\system32\drivers\fidbox.idx
2008-11-17 02:36 . 2008-11-17 02:53 96,976 --a------ c:\windows\system32\drivers\klin.dat
2008-11-17 02:36 . 2008-11-17 02:53 87,855 --a------ c:\windows\system32\drivers\klick.dat
2008-11-17 02:36 . 2008-11-17 15:11 25,888 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2008-11-17 02:36 . 2008-11-17 10:35 3,872 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2008-11-17 02:26 . 2008-11-17 02:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-11-17 01:36 . 2002-02-22 17:11 140,510 --a------ c:\windows\system32\drivers\tiau5tp.bin
2008-11-17 01:36 . 2002-04-02 13:06 57,093 --a------ c:\windows\system32\drivers\tiau5co.sys
2008-11-17 01:36 . 2001-07-18 15:49 15,256 --a------ c:\windows\system32\drivers\tiau5fw.bin
2008-11-17 01:36 . 2002-04-02 13:05 11,775 --a------ c:\windows\system32\drivers\tiau5bt.sys
2008-11-17 01:36 . 2002-07-28 09:00 8,929 --a------ c:\windows\system32\drivers\tiauxco.cat
2008-11-17 01:29 . 2008-11-17 01:29 <DIR> d-------- c:\program files\TI ADSL
2008-11-17 01:29 . 2002-02-22 17:11 140,510 --a------ c:\windows\system\TIAU5TP.BIN
2008-11-17 01:29 . 2002-04-02 13:06 57,093 --a------ c:\windows\system\TIAU5CO.SYS
2008-11-17 01:29 . 2001-07-18 15:49 15,256 --a------ c:\windows\system\TIAU5FW.BIN
2008-11-17 01:29 . 2002-04-02 13:05 11,775 --a------ c:\windows\system\TIAU5BT.SYS
2008-11-17 01:28 . 2008-11-17 01:28 <DIR> d-------- c:\program files\ActionTec
2008-11-16 21:59 . 2008-11-16 21:59 <DIR> d-------- c:\program files\Common Files\SWF Studio
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-17 02:54 --------- d-----w c:\program files\Blaero Start Orb
2008-11-17 01:54 112,144 ----a-w c:\windows\system32\drivers\kl1.sys
2008-11-17 01:15 --------- d-----w c:\program files\Eset
2008-11-17 01:06 --------- d-----w c:\documents and settings\ivica\Application Data\The Bat!
2008-11-17 00:29 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-17 00:28 --------- d-----w c:\program files\Common Files\InstallShield
2008-11-16 14:38 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2008-11-16 14:38 107,832 ----a-w c:\windows\system32\PnkBstrB.exe
2008-11-16 14:35 --------- d-----w c:\program files\AIMP2
2008-11-16 12:56 --------- d-----w c:\program files\BSplayerPro
2008-10-21 19:04 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-21 19:04 --------- d-----w c:\program files\MKVtoolnix
2008-10-21 19:04 --------- d-----w c:\program files\JetAudio
2008-09-28 12:21 --------- d-----w c:\program files\BearPaw 1200CU Plus
2008-09-28 12:20 --------- d-----w c:\program files\Temp
2008-09-19 16:11 --------- d-----w c:\documents and settings\ivica\Application Data\Azureus
2008-01-06 23:36 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-11-09 12:01 22,328 ----a-w c:\documents and settings\ivica\Application Data\PnkBstrK.sys
2006-05-03 09:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2007-02-21 10:47 31,232 --sh--r c:\windows\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-11-17 139322]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GBB36X Configure"="c:\windows\system32\JMRaidTool.exe" [2006-06-02 385024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"TIxDSL"="c:\progra~1\TIADSL~1\bin\win2k\tidslmon.exe" [2002-08-27 425984]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"WinPatrol"="c:\progra~1\BILLPS~1\WINPAT~1\winpatrol.exe" [2005-12-12 222784]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2007-11-10 14:27 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"VIDC.XFR1"= xfcodec.dll
"VIDC.I420"= i420vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_online.exe"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict\\wic_ds.exe"=
"d:\\Programi\\utorrent 1.6.1.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Java\\jre1.6.0_07\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
R1 nltdi;nltdi;\??\c:\windows\system32\drivers\nltdi.sys [2007-04-23 82200]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};\??\c:\program files\CyberLink\PowerDVD\
000.fcl [2006-11-02 16:51:58 13560]
R3 AtmElan;ATM Emulated LAN;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55936]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2007-04-04 24344]
R3 TIAU5CO;Actiontec Home DSL Modem(WAN) Service;c:\windows\system32\DRIVERS\TIAU5CO.sys [2008-11-17 57093]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2003-08-26 9728]
S3 AtmLane;ATM LAN Emulation;c:\windows\system32\DRIVERS\atmlane.sys [2004-08-03 55936]
S3 BTCAMDRV;Mobiola Web Camera driver;c:\windows\system32\DRIVERS\BTCamDrv.sys [2008-01-23 228352]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{55239fba-a8cf-11db-9a04-806d6172696f}]
\Shell\AutoRun\command - E:\Run.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{de9a41ab-9fa5-11dc-8658-0016e6847bcb}]
\Shell\Auto\command - Autorun.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fecbf68f-fd03-11dc-867c-0016e6847bcb}]
\Shell\AutoRun\command - I:\LaunchU3.exe -a
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 16:57]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-LClock - c:\program files\LClock\LClock.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\ivica\Application Data\Mozilla\Firefox\Profiles\4olle9w2.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE -
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-11-17 15:11:21
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\
000.fcl"
.
Completion time: 2008-11-17 15:13:03
ComboFix-quarantined-files.txt 2008-11-17 14:12:00
Pre-Run: 5,358,342,144 bytes free
Post-Run: 6,715,314,176 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
162