ako moze pomoc, nisam bas u ovoj struci ali trudim se da mi svi racunari ostanu citavi
slican problem kao prvi post, samo sto cim ukljucim modem adsl , zablokira racunar, nekako sam se izborio sa svim virusima
i sad sam odradio combo fix, po uputima, ako neko moze da da dijagnozu, ima li jos sta u racunaru
(za sad radi ok)
hvala
ComboFix 09-01-21.04 - Administrator 2009-01-30 9:14:33.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.511.248 [GMT 11:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\INSTALL.LOG
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_OREANS32
-------\Service_oreans32
((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-29 )))))))))))))))))))))))))))))))
.
2009-01-30 08:31 . 2009-01-30 08:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-29 20:02 . 2009-01-29 20:03 <DIR> d-------- c:\program files\Crawler
2009-01-28 03:24 . 2009-01-28 03:32 <DIR> d-------- c:\program files\All Sound Recorder XP
2009-01-28 03:24 . 2004-06-02 16:51 1,839,104 --a------ c:\windows\system32\NCTAudioFile2.dll
2009-01-28 03:24 . 2004-05-20 14:03 1,036,288 --a------ c:\windows\system32\NCTAudioInformation2.dll
2009-01-28 03:24 . 2004-06-04 16:07 724,992 --a------ c:\windows\system32\NCTAudioEditor2.dll
2009-01-28 03:24 . 2004-05-20 14:06 450,560 --a------ c:\windows\system32\NCTAudioTransform2.dll
2009-01-28 03:24 . 2004-06-04 16:05 315,392 --a------ c:\windows\system32\NCTAudioPlayer2.dll
2009-01-28 03:24 . 2004-05-20 14:05 307,200 --a------ c:\windows\system32\NCTAudioRecord2.dll
2009-01-27 08:20 . 2009-01-27 08:20 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-27 05:53 . 2009-01-27 05:53 <DIR> d-------- c:\users\Administrator\Application Data\streamripper
2009-01-26 01:03 . 2009-01-27 05:32 68 --a------ c:\windows\iltwain.ini
2009-01-26 00:39 . 2009-01-27 05:33 86 --a------ c:\windows\system32\ToleSec.ini
2009-01-22 04:43 . 2009-01-22 04:43 <DIR> d-------- c:\program files\SimAQUARIUM2
2009-01-22 04:43 . 2003-05-23 11:01 3,463,656 --a------ c:\windows\SimAQUARIUM2 Tank-1.scr
2009-01-22 04:43 . 2009-01-22 04:45 984 --a------ c:\windows\ssconf2.bin
2009-01-22 04:42 . 2009-01-29 19:57 <DIR> d-------- c:\users\All Users\Application Data\Laconic Software
2009-01-12 21:19 . 2009-01-12 21:19 <DIR> d-------- c:\users\Administrator\Bluetooth Software
2009-01-12 21:09 . 2009-01-12 21:09 <DIR> d-------- c:\program files\WIDCOMM
2009-01-12 20:36 . 2009-01-12 20:36 106,557 --a------ c:\windows\system32\btw_ci.dll
2009-01-12 20:11 . 2009-01-12 20:11 <DIR> d-------- c:\users\Administrator\Application Data\Blitware
2009-01-12 20:10 . 2009-01-12 20:11 <DIR> d-------- c:\program files\Driver Robot
2009-01-07 21:37 . 2009-01-07 21:37 <DIR> d-------- c:\program files\Common Files\L&H
2009-01-06 19:54 . 2009-01-06 19:54 79 --a------ c:\windows\wvlayer
2009-01-06 19:39 . 2009-01-06 19:39 <DIR> d-------- c:\users\Administrator\wvannot
2009-01-06 19:37 . 2009-01-06 19:37 335,872 --------- c:\windows\Setup1.exe
2009-01-06 19:37 . 2009-01-06 19:37 73,216 --a------ c:\windows\ST6UNST.EXE
2009-01-03 12:42 . 2009-01-03 12:42 6,166,040 --a------ c:\windows\system32\Cute-Dog-Screensaver.scr
2009-01-03 12:29 . 2009-01-23 03:46 <DIR> d-------- c:\program files\RelevantKnowledge
2009-01-03 12:29 . 2009-01-03 12:29 <DIR> d-------- c:\program files\3D Aqua Screensaver
2009-01-03 12:29 . 2000-07-15 00:00 101,888 --a------ c:\windows\system32\VB6STKIT.DLL
2009-01-03 12:29 . 2006-08-04 09:20 90,112 --a------ c:\windows\3DAqua2.scr
2009-01-03 12:29 . 2009-01-03 12:29 63 --a------ c:\windows\3DAqua2.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-29 21:47 --------- d-----w c:\users\Administrator\Application Data\Skype
2009-01-29 21:46 --------- d-----w c:\users\Administrator\Application Data\skypePM
2009-01-29 09:01 --------- d-----w c:\users\Administrator\Application Data\BitTorrent
2009-01-29 08:59 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-29 08:59 --------- d-----w c:\program files\NCH Software
2009-01-29 08:57 --------- d-----w c:\program files\Nextech
2009-01-29 08:56 --------- d-----w c:\program files\Winamp
2009-01-28 08:24 --------- d-----w c:\program files\Mv2Player
2009-01-27 18:57 --------- d-----w c:\users\Administrator\Application Data\BSplayer
2009-01-27 18:54 --------- d-----w c:\users\Administrator\Application Data\DNA
2009-01-27 18:50 --------- d-----w c:\program files\DNA
2009-01-27 01:34 --------- d-----w c:\program files\AdVantage
2009-01-21 17:59 --------- d-----w c:\program files\DivX
2009-01-07 10:38 --------- d-----w c:\program files\Microsoft ActiveSync
2008-12-18 06:40 --------- d-----w c:\program files\Opera
2008-12-09 08:20 --------- d---a-w c:\users\All Users\Application Data\TEMP
2008-12-08 12:08 33,824 ----a-w c:\windows\system32\drivers\oreans32.sys
2008-08-03 10:46 32 ----a-w c:\users\All Users\Application Data\ezsid.dat
2001-05-09 23:04 162,304 ----a-w c:\program files\UNWISE.EXE
2008-08-01 08:29 16,384 --sha-w c:\windows\system32\config\systemprofile\Cookies\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
2008-08-01 08:29 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
------- Sigcheck -------
2007-05-22 06:42 578048 7aa4f6c00405dfc4b70ed4214e7d687b c:\windows\system32\user32.dll
2007-05-22 06:46 818688 92995334f993e6e49c25c6d02ec04401 c:\windows\system32\wininet.dll
2007-05-22 06:47 360704 1a5fb58fc6e970a308719a4ea49eb8b5 c:\windows\system32\drivers\tcpip.sys
2007-05-22 07:27 2059392 4d3dbdccbf97f5ba1e74f322b155c3ba c:\windows\system32\ntkrnlpa.exe
2007-05-22 06:41 2321792 fbce44cce9d83687a4c68c955fb11e12 c:\windows\system32\ntoskrnl.exe
2007-05-22 06:40 1033216 42d32722b805d7df42d30487a0bcbd78 c:\windows\explorer.exe
2007-05-22 06:42 57856 ad3d9d191aea7b5445fe1d82ffbb4788 c:\windows\system32\spoolsv.exe
2007-05-22 06:42 295424 c29a5286e64d97385178452d5f307b98 c:\windows\system32\termsrv.dll
2007-05-22 06:40 985600 16f21882c96ee0136a92e867da94215c c:\windows\system32\kernel32.dll
.
((((((((((((((((((((((((((((( snapshot@2008-11-07_22.24.39.76 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-12 10:09:24 33,982 ----a-r c:\windows\Installer\{3F4EC965-28EF-45C3-B063-04B25D4E9679}\ARPPRODUCTICON.exe
- 2008-08-01 11:18:19 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2009-01-07 10:43:39 593,920 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-01 11:18:19 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2009-01-07 10:43:39 12,288 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-01 11:18:19 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2009-01-07 10:43:39 86,016 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-01 11:18:19 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-07 10:43:39 135,168 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-01 11:18:19 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2009-01-07 10:43:39 11,264 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-01 11:18:19 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2009-01-07 10:43:39 27,136 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-01 11:18:19 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2009-01-07 10:43:39 4,096 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-01 11:18:19 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2009-01-07 10:43:39 794,624 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-01 11:18:19 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2009-01-07 10:43:39 249,856 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-01 11:18:19 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2009-01-07 10:43:39 61,440 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-01 11:18:19 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2009-01-07 10:43:39 23,040 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-01 11:18:19 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2009-01-07 10:43:39 286,720 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-01 11:18:19 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-07 10:43:39 409,600 ----a-r c:\windows\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2009-01-07 10:32:16 135,168 ----a-r c:\windows\Installer\{901E081A-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2009-01-07 10:39:04 167,936 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\accicons.exe
+ 2009-01-07 10:39:04 2,560 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\cagicon.exe
+ 2009-01-07 10:39:04 81,920 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\fpicon.exe
+ 2009-01-07 10:39:03 34,304 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\misc.exe
+ 2009-01-07 10:39:04 8,192 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\mspicons.exe
+ 2009-01-07 10:39:04 3,584 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\opwicon.exe
+ 2009-01-07 10:39:04 114,688 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\outicon.exe
+ 2009-01-07 10:39:04 16,384 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\PEicons.exe
+ 2009-01-07 10:39:04 30,720 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\pptico.exe
+ 2009-01-07 10:39:04 22,528 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\unbndico.exe
+ 2009-01-07 10:39:03 45,056 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\wordicon.exe
+ 2009-01-07 10:39:03 90,112 ----a-r c:\windows\Installer\{90280409-6000-11D3-8CFE-0050048383C9}\xlicons.exe
- 2000-08-30 21:00:00 28,672 ----a-w c:\windows\NIRCMD.exe
+ 2000-08-30 21:00:00 29,696 ----a-w c:\windows\NIRCMD.exe
+ 2004-07-06 02:37:44 7,168 ----a-w c:\windows\system32\akscoinst.dll
+ 2007-09-06 09:09:49 801,144 ----a-w c:\windows\system32\aswBoot.exe
+ 2001-01-21 16:25:24 32,768 ----a-w c:\windows\system32\ATHPRXY.DLL
+ 2007-09-06 09:00:07 95,608 ----a-w c:\windows\system32\AvastSS.scr
+ 2005-08-29 04:55:52 131,137 ----a-w c:\windows\system32\bt2k_ins.dll
+ 2005-08-29 05:02:06 73,728 ----a-w c:\windows\system32\BtAudioHelper.dll
+ 2005-08-29 05:02:28 135,168 ----a-w c:\windows\system32\btbigbmp.dll
+ 2005-08-29 04:49:42 159,744 ----a-w c:\windows\system32\btbip.dll
+ 2005-08-29 05:04:38 610,304 ----a-w c:\windows\system32\BTChooser.dll
+ 2005-08-29 05:12:42 413,755 ----a-w c:\windows\system32\btcss.dll
+ 2005-08-29 04:55:48 36,864 ----a-w c:\windows\system32\btdev.dll
+ 2005-08-29 05:05:50 114,688 ----a-w c:\windows\system32\bthcrp.dll
+ 2005-08-29 05:06:46 126,976 ----a-w c:\windows\system32\bthcrpui.dll
+ 2005-08-29 04:55:36 454,656 ----a-w c:\windows\system32\btins.dll
+ 2005-08-29 04:53:56 65,536 ----a-w c:\windows\system32\BTNCopy.dll
+ 2005-10-08 14:20:56 1,048,653 ----a-w c:\windows\system32\BTNeighborhood.dll
+ 2005-08-29 05:03:32 122,880 ----a-w c:\windows\system32\btosif.dll
+ 2005-08-29 05:07:48 159,744 ----a-w c:\windows\system32\btosif_notes.dll
+ 2005-08-29 05:08:02 200,704 ----a-w c:\windows\system32\btosif_ol.dll
+ 2005-08-29 05:08:34 139,264 ----a-w c:\windows\system32\btosif_olx.dll
+ 2005-08-29 05:07:06 90,112 ----a-w c:\windows\system32\btprn2k.dll
+ 2005-08-29 04:54:24 3,129,344 ----a-w c:\windows\system32\btrez.dll
+ 2005-08-29 04:54:02 90,112 ----a-w c:\windows\system32\btrezxp.dll
+ 2005-08-29 05:12:50 200,704 ----a-w c:\windows\system32\btsec.dll
+ 2005-08-29 05:04:12 208,896 ----a-w c:\windows\system32\btsendto.dll
+ 2005-08-29 05:11:30 73,728 ----a-w c:\windows\system32\btsendto_ie.dll
+ 2005-08-29 05:09:02 49,152 ----a-w c:\windows\system32\btsendto_notes.dll
+ 2005-08-29 05:10:54 172,032 ----a-w c:\windows\system32\btsendto_office.dll
+ 2005-08-29 05:10:16 73,728 ----a-w c:\windows\system32\btsendto_wab.dll
+ 2005-08-29 05:16:24 237,568 ----a-w c:\windows\system32\btwhidcs.dll
+ 2005-08-29 05:22:22 90,112 ----a-w c:\windows\system32\BtWiaExt.dll
+ 2005-08-29 05:15:20 843,776 ----a-w c:\windows\system32\BtWizard.dll
+ 2005-08-29 05:05:12 45,056 ----a-w c:\windows\system32\btwpimif.dll
+ 2005-08-29 05:02:24 102,400 ----a-w c:\windows\system32\BTXPPanel.dll
+ 2005-08-29 05:02:10 24,576 ----a-w c:\windows\system32\BtXpShell.dll
+ 2007-09-12 07:27:24 511,328 ----a-w c:\windows\system32\capicom.dll
+ 2005-08-09 23:16:58 50,176 ----a-w c:\windows\system32\CSH.DLL
- 2008-09-16 00:12:00 294,912 ----a-w c:\windows\system32\dpu10.dll
+ 2004-09-03 17:33:33 290,816 ----a-w c:\windows\system32\dpu10.dll
- 2008-09-16 00:12:00 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2004-09-03 17:37:38 602,112 ----a-w c:\windows\system32\dpuGUI10.dll
+ 2004-09-01 15:49:16 335,872 ----a-w c:\windows\system32\dpus10.dll
+ 2004-09-01 15:49:16 53,248 ----a-w c:\windows\system32\dpv10.dll
+ 2007-09-06 09:00:53 26,624 ----a-w c:\windows\system32\drivers\aavmker4.sys
+ 2005-07-20 07:08:26 104,576 ----a-w c:\windows\system32\drivers\aksclass.sys
+ 2005-07-20 07:08:26 327,808 ----a-w c:\windows\system32\drivers\akshasp.sys
+ 2005-07-20 07:08:28 100,096 ----a-w c:\windows\system32\drivers\aksusb.sys
+ 2007-09-06 09:05:25 92,848 ----a-w c:\windows\system32\drivers\aswmon.sys
+ 2007-09-06 09:05:10 94,416 ----a-w c:\windows\system32\drivers\aswmon2.sys
+ 2007-09-06 09:03:02 23,152 ----a-w c:\windows\system32\drivers\aswRdr.sys
+ 2007-09-06 09:02:20 42,912 ----a-w c:\windows\system32\drivers\aswTdi.sys
+ 2002-11-15 01:15:08 148,794 ----a-w c:\windows\system32\drivers\bcbthub.sys
+ 2005-08-29 05:01:38 428,269 ----a-w c:\windows\system32\drivers\btaudio.sys
+ 2005-08-29 06:45:34 853,258 ----a-w c:\windows\system32\drivers\btkrnl.sys
+ 2005-08-29 04:55:18 30,363 ----a-w c:\windows\system32\drivers\btport.sys
+ 2005-08-29 04:51:48 148,360 ----a-w c:\windows\system32\drivers\btwdndis.sys
+ 2005-08-29 04:54:36 64,344 ----a-w c:\windows\system32\drivers\btwusb.sys
- 2004-08-03 12:59:56 36,352 ----a-w c:\windows\system32\drivers\disk.sys
+ 2004-08-03 11:59:56 36,352 ----a-w c:\windows\system32\drivers\disk.sys
+ 2007-03-28 09:29:12 131,944 ----a-w c:\windows\system32\drivers\symsnap.sys
- 2007-04-09 20:27:40 59,392 ----a-w c:\windows\system32\drivers\usbhub.sys
+ 2007-04-09 09:27:40 59,392 ----a-w c:\windows\system32\drivers\usbhub.sys
- 2004-08-03 12:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2004-08-03 11:58:46 15,104 ----a-w c:\windows\system32\drivers\usbscan.sys
+ 2007-03-28 09:29:10 37,864 ----a-w c:\windows\system32\drivers\v2imount.sys
+ 2007-03-28 09:23:50 14,072 ----a-w c:\windows\system32\drivers\vproeventmonitor.sys
+ 2007-03-28 09:49:42 128,104 ----a-w c:\windows\system32\drivers\WimFltr.sys
- 2008-11-07 11:22:15 126,912 ----a-w c:\windows\system32\FNTCACHE.DAT
+ 2009-01-11 03:01:08 132,480 ----a-w c:\windows\system32\FNTCACHE.DAT
- 2004-08-04 00:56:44 4,096 ----a-w c:\windows\system32\ksuser.dll
+ 2004-08-03 13:56:44 4,096 ----a-w c:\windows\system32\ksuser.dll
+ 2001-11-14 02:56:00 1,802,240 ----a-w c:\windows\system32\lcppn21.dll
+ 1998-10-01 01:00:38 520,128 ----a-w c:\windows\system32\MAPI.DLL
+ 1998-03-25 13:00:00 38,160 ----a-w c:\windows\system32\MAPISRVR.EXE
- 2004-08-04 00:56:44 1,392,671 ----a-w c:\windows\system32\msvbvm60.dll
+ 2004-02-22 12:00:00 1,386,496 ----a-w c:\windows\system32\msvbvm60.dll
+ 2000-06-01 20:51:02 84,480 ----a-w c:\windows\system32\NSCMPS.DLL
+ 2000-06-01 20:51:50 34,240 ----a-w c:\windows\system32\NSERROR.DLL
+ 1998-12-08 07:53:58 212,480 ----a-w c:\windows\system32\PCDLIB32.DLL
- 2001-08-17 12:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
+ 2001-08-17 11:36:30 5,632 ----a-w c:\windows\system32\ptpusb.dll
- 2004-08-03 14:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-08-03 13:56:46 159,232 ----a-w c:\windows\system32\ptpusd.dll
+ 2004-09-01 15:49:17 3,375,104 ----a-w c:\windows\system32\qt-mt331.dll
+ 2005-08-29 04:54:36 64,344 ----a-w c:\windows\system32\ReinstallBackups\
0002\DriverFiles\btwusb.sys
+ 2004-08-31 22:11:34 245,408 ----a-w c:\windows\system32\unicows.dll
+ 1998-06-17 13:00:00 89,360 ----a-w c:\windows\system32\VB5DB.DLL
+ 2005-10-08 14:20:32 581,693 ----a-w c:\windows\system32\wbtapi.dll
+ 2005-08-29 04:49:28 573,440 ----a-w c:\windows\system32\WidcommSdk.dll
- 2008-11-07 11:22:58 53,248 ----a-w c:\windows\temp\catchme.dll
+ 2009-01-29 22:19:05 53,248 ----a-w c:\windows\temp\catchme.dll
+ 2009-01-29 22:17:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_608.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f592709f-ff4a-4862-b659-4afabda56312}]
2008-09-11 22:43 1780248 --a------ c:\program files\Mininova\tbMini.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f592709f-ff4a-4862-b659-4afabda56312}"= "c:\program files\Mininova\tbMini.dll" [2008-09-11 1780248]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{F592709F-FF4A-4862-B659-4AFABDA56312}"= "c:\program files\Mininova\tbMini.dll" [2008-09-11 1780248]
[HKEY_CLASSES_ROOT\clsid\{f592709f-ff4a-4862-b659-4afabda56312}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2007-12-06 167368]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-12-08 32768]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2007-05-22 169984]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 79224]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2007-05-22 c:\windows\system32\advpack.dll]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.HFYU"= huffyuv.dll
"msacm.divxa32"= DivXa32.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Joost.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\Joost.lnk
backup=c:\windows\pss\Joost.lnkStartup
[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^PicoPhone.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\PicoPhone.lnk
backup=c:\windows\pss\PicoPhone.lnkStartup
[HKLM\~\startupfolder\C:^Users^Administrator^Start Menu^Programs^Startup^Visual Task Tips.lnk]
path=c:\users\Administrator\Start Menu\Programs\Startup\Visual Task Tips.lnk
backup=c:\windows\pss\Visual Task Tips.lnkStartup
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=c:\windows\pss\Bluetooth.lnkCommon Startup
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Users^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\users\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-06-12 03:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
--a------ 2008-07-14 17:30 884176 c:\program files\AdVantage\AdVantage.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
--a------ 2006-12-06 12:37 344064 c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-12-17 05:50 342848 c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 11:56 15360 c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gadwin PrintScreen]
--a------ 2007-08-20 19:42 495616 c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-07 21:48 155648 c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2007-12-07 16:08 21686568 c:\program files\Skype\Phone\Skype.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-09-13 03:45 36352 c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2007-04-16 15:28 577536 c:\windows\soundman.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\program files\\relevantknowledge\\rlvknlg.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 nvcchflt;NVIDIA Disk Cache Filter Driver;c:\windows\system32\drivers\nvcchflt.sys [2008-08-02 16640]
R3 ip100xp;IC Plus IP100 10/100 Fast Ethernet Adapter NT Driver;c:\windows\system32\drivers\ipfnd51.sys [2008-08-02 26752]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWTDI
*NewlyCreated* - ASWUPDSV
*NewlyCreated* - AVAST!_ANTIVIRUS
*NewlyCreated* - AVAST!_MAIL_SCANNER
*NewlyCreated* - AVAST!_WEB_SCANNER
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11645919-868e-11dd-b419-00508d75912a}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe killVBS.vbs
.
Contents of the 'Scheduled Tasks' folder
2009-01-12 c:\windows\Tasks\DriverRobot.job
- c:\program files\Driver Robot\DriverRobot.exe [2009-01-10 05:26]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.daemon-search.com/star
uInternet Settings,ProxyOverride = *.local
IE: Crawler Search - tbr:iemenu
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-30 09:19:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Crypserv.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
.
**************************************************************************
.
Completion time: 2009-01-30 9:20:42 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-29 22:20:40
Pre-Run: 5,508,112,384 bytes free
Post-Run: 5,836,435,456 bytes free
387
menjam zenu od 36 za 2 od 18- razliku u kilazi doplacujem