[es] - Potrebna analizira ComboFix loga

93 Stefan
Stefan 93

Član broj: 208278
Poruke: 624
*.dynamic.sbb.rs.

+13 Profil

Re: Potrebna analizira ComboFix loga

^{09.04.2009. u 18:09 - pre 183 meseci}

Evo ga HJT log, iz njega ništa nije moglo da se sredi postavljao sam ga već i na drugim forumima, na sajtovima... Ali da ne bude da ne mogu barem to da uradim. Uskoro stiže i ovaj drugi log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:04:49, on 9.4.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PC Tools Firewall Plus\FWService.exe
C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Launchy\Launchy.exe
C:\Program Files\AIMP2\AIMP2.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [00PCTFW] "C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Global Startup: Launchy.lnk = C:\Program Files\Launchy\Launchy.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Program Files\PC Tools Firewall Plus\FWService.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6214 bytes

Izvinjavam se svima koje sam razgnevio svojim pisanjima. Trudiću se da se popravim.

93 Stefan
Stefan 93

Član broj: 208278
Poruke: 624
*.dynamic.sbb.rs.

+13 Profil

Re: Potrebna analizira ComboFix loga

^{09.04.2009. u 18:26 - pre 183 meseci}

Loše vesti, nije se restartovao komp kada je završio ComboFix, tako da pitanje da li ćeš videti nešto zanimljivo. Mnogo ti hvala što se mučiš :)
Sad sam malo pogledao, čisto da znaš nemam ni AVG ni AdAware nego su samo ostali folderi. Sad sam radio Repair pa je zato SP2 i IE6, čisto da znaš, ali ni to nije vredelo, nema potrebe sada to da učitavam kad pitanje koliko će stajati.

ComboFix 09-04-04.01 - Stefan 2009-04-09 19:16:41.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1506 [GMT 2:00]
Running from: c:\documents and settings\Stefan\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090409-0] *On-access scanning disabled* (Updated)
FW: PC Tools Firewall Plus *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\pthreadGC2.dll
c:\windows\system32\tmp67.tmp
c:\windows\system32\tmp68.tmp
c:\windows\system32\tmp98.tmp
c:\windows\system32\tmp99.tmp

.
((((((((((((((((((((((((( Files Created from 2009-03-09 to 2009-04-09 )))))))))))))))))))))))))))))))
.

2009-04-09 15:47 . 2009-04-09 15:47 <DIR> d-------- C:\Lyrics
2009-04-09 15:26 . 2004-08-04 03:07 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll
2009-04-09 15:25 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll
2009-04-09 15:24 . 2004-08-04 03:07 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe
2009-04-09 15:24 . 2009-04-09 15:24 749 -rah----- c:\windows\WindowsShell.Manifest
2009-04-09 15:24 . 2009-04-09 15:24 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-04-09 15:24 . 2009-04-09 15:24 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-04-09 15:24 . 2009-04-09 15:24 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-04-09 15:24 . 2009-04-09 15:24 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-04-09 15:24 . 2009-04-09 15:24 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-04-05 15:36 . 2009-04-05 15:36 <DIR> d-------- c:\program files\Alwil Software
2009-04-03 19:11 . 2009-03-26 16:49 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-03 19:10 . 2009-04-05 15:30 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-03 19:10 . 2009-03-26 16:49 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-03 15:47 . 2009-04-05 15:31 17,372 --a------ c:\windows\setupapi.old
2009-04-01 14:34 . 2009-04-01 14:34 231,176 --a------ c:\windows\system32\PDBoot.exe
2009-04-01 11:14 . 2009-04-01 11:14 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\Shareaza
2009-03-31 20:20 . 2009-03-31 20:20 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{B98A2B83-8BB0-42E7-AA1D-D6FA6E7C8F31}
2009-03-28 00:39 . 2009-03-09 16:27 4,178,264 --a------ c:\windows\system32\D3DX9_41.dll
2009-03-28 00:39 . 2009-03-09 16:27 1,846,632 --a------ c:\windows\system32\D3DCompiler_41.dll
2009-03-28 00:39 . 2009-03-16 15:18 517,448 --a------ c:\windows\system32\XAudio2_4.dll
2009-03-28 00:39 . 2009-03-09 16:27 453,456 --a------ c:\windows\system32\d3dx10_41.dll
2009-03-28 00:39 . 2009-03-16 15:18 235,352 --a------ c:\windows\system32\xactengine3_4.dll
2009-03-28 00:39 . 2009-03-16 15:18 69,448 --a------ c:\windows\system32\XAPOFX1_3.dll
2009-03-28 00:39 . 2009-03-16 15:18 22,360 --a------ c:\windows\system32\X3DAudio1_6.dll
2009-03-28 00:34 . 2009-03-28 00:35 <DIR> d-------- c:\program files\K-Lite Codec Pack
2009-03-25 17:13 . 2009-03-25 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-24 21:09 . 2009-03-24 21:09 <DIR> d-------- c:\program files\ConvertHelper
2009-03-24 14:14 . 2009-04-09 11:02 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\MiniLyrics
2009-03-24 14:14 . 2009-04-09 10:57 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\AIMP
2009-03-23 14:53 . 2009-03-24 16:44 <DIR> d-------- c:\program files\The KMPlayer
2009-03-23 01:04 . 2009-03-23 01:04 <DIR> d--hs---- c:\windows\system32\config\systemprofile\IETldCache
2009-03-23 00:50 . 2009-03-23 14:47 <DIR> d-------- c:\program files\Lavasoft
2009-03-23 00:50 . 2009-03-23 14:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-03-22 16:31 . 2009-03-22 16:31 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DE032019-B933-4DF4-9174-48C52613DA13}
2009-03-22 14:28 . 2009-03-22 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Stardock
2009-03-22 14:27 . 2009-03-22 14:27 <DIR> d--hs---- c:\documents and settings\Aleksandra\IETldCache
2009-03-22 03:40 . 2009-03-22 03:40 249 --a------ C:\Debug.err
2009-03-21 17:55 . 2009-03-21 17:55 <DIR> d-------- c:\program files\Shareaza
2009-03-21 17:55 . 2009-03-21 17:55 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Shareaza
2009-03-20 20:18 . 2009-03-20 20:18 <DIR> d--hs---- c:\documents and settings\Stefan\IECompatCache
2009-03-20 20:16 . 2009-03-20 20:16 <DIR> d--hs---- c:\documents and settings\Stefan\PrivacIE
2009-03-20 20:14 . 2009-03-20 20:14 <DIR> d--hs---- c:\documents and settings\LocalService\IETldCache
2009-03-20 20:12 . 2009-03-20 20:12 <DIR> d--hs---- c:\documents and settings\Stefan\IETldCache
2009-03-20 20:08 . 2009-03-20 20:08 <DIR> d-------- c:\windows\ie8updates
2009-03-20 20:06 . 2009-03-20 20:07 <DIR> d--h-c--- c:\windows\ie8
2009-03-20 01:05 . 2009-03-20 01:05 <DIR> d-------- c:\documents and settings\Stefan\Application Data\JonDo
2009-03-19 16:56 . 2009-03-19 16:56 <DIR> d-------- c:\documents and settings\Aleksandra\Application Data\Genie-soft
2009-03-19 13:54 . 2009-04-08 17:05 540 --a------ c:\windows\system32\PDBootState
2009-03-19 13:36 . 2009-03-19 13:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Genie-Soft
2009-03-19 13:34 . 2009-03-19 13:34 <DIR> d-------- c:\documents and settings\Stefan\Application Data\Genie-soft
2009-03-19 13:02 . 2009-03-19 13:02 <DIR> d-------- c:\program files\Genie-Soft
2009-03-19 13:02 . 2006-11-02 01:50 128,104 --a------ c:\windows\system32\drivers\WimFltr.sys
2009-03-19 13:02 . 2007-10-29 01:00 120,304 --a------ c:\windows\system32\pxcpyi64.exe
2009-03-19 13:02 . 2007-12-20 14:54 118,256 --a------ c:\windows\system32\pxinsi64.exe
2009-03-15 13:29 . 2009-03-15 13:32 <DIR> d-------- c:\documents and settings\Stefan\Application Data\GetRightToGo
2009-03-14 16:59 . 2009-03-14 16:59 <DIR> d-------- c:\program files\Common Files\Adobe
2009-03-09 14:55 . 2009-03-09 14:55 <DIR> d-------- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 17:13 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-09 16:17 --------- d-----w c:\documents and settings\Stefan\Application Data\AIMP
2009-04-08 22:15 --------- d-----w c:\program files\Minilyrics
2009-04-05 17:39 --------- d-----w c:\program files\SpywareBlaster
2009-04-05 17:36 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-04-05 17:36 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-04-05 13:40 --------- d-----w c:\program files\Digsby
2009-04-03 08:34 --------- d-----w c:\documents and settings\Stefan\Application Data\gtk-2.0
2009-04-02 18:56 --------- d-----w c:\program files\BFG
2009-03-27 22:36 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-03-27 06:14 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-25 15:15 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 14:31 --------- d-----w c:\program files\Stardock
2009-03-20 17:49 --------- d-----w c:\program files\FastStone Image Viewer
2009-03-18 10:20 --------- d-----w c:\program files\PC Tools Firewall Plus
2009-03-15 12:38 --------- d-----w c:\program files\Common Files\Acronis
2009-03-15 12:37 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-15 11:42 --------- d-----w c:\program files\Weather Watcher
2009-03-13 12:40 130,424 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-03-10 18:57 --------- d-----w c:\program files\Winamp
2009-03-04 01:01 --------- d-----w c:\documents and settings\Stefan\Application Data\Samsung
2009-03-02 17:10 --------- d-----w c:\documents and settings\Aleksandra\Application Data\LimeWire
2009-03-01 15:38 --------- d-----w c:\documents and settings\All Users\Application Data\SugarGames
2009-02-28 23:23 --------- d-----w c:\documents and settings\Aleksandra\Application Data\FastStone
2009-02-27 23:59 --------- d-----w c:\documents and settings\All Users\Application Data\Raxco
2009-02-27 23:56 --------- d-----w c:\program files\Raxco
2009-02-27 22:26 20 ---h--w c:\documents and settings\All Users\Application Data\PKP_DLdu.DAT
2009-02-26 14:52 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-26 11:16 121,856 ----a-w c:\windows\system32\drivers\Rtenicxp.sys
2009-02-24 23:26 2,255,360 ----a-w c:\windows\system32\x264vfw.dll
2009-02-23 22:02 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-23 20:23 --------- d-----w c:\documents and settings\Stefan\Application Data\FastStone
2009-02-22 14:59 --------- d-----w c:\documents and settings\Aleksandra\Application Data\Winamp
2009-02-21 11:04 --------- d-----w c:\program files\Smarty Uninstaller Pro
2009-02-20 23:00 --------- d-----w c:\program files\AVG
2009-02-20 14:46 40,072 ----a-w c:\windows\system32\drivers\maplom.sys
2009-02-20 11:13 --------- d-----w c:\documents and settings\Stefan\Application Data\MiniLyrics
2009-02-19 18:29 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-02-19 08:44 41,608 ----a-w c:\windows\system32\drivers\maploml.sys
2009-02-17 20:18 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-16 12:21 --------- d-----w c:\program files\GIMP-2.0
2009-02-15 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-14 21:05 --------- d-----w c:\documents and settings\Stefan\Application Data\OpenOffice.org
2009-02-14 21:04 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-14 21:04 --------- d-----w c:\program files\JRE
2009-02-14 21:04 --------- d-----w c:\program files\Java
2009-02-14 21:03 --------- d-----w c:\program files\Common Files\Java
2009-02-14 11:07 --------- d-----w c:\program files\Common Files\L&H
2009-02-14 11:06 --------- d-----w c:\program files\Microsoft Works
2009-02-14 11:04 --------- d-----w c:\program files\Microsoft ActiveSync
2009-02-14 11:03 --------- d-----w c:\program files\Microsoft.NET
2009-02-13 13:56 --------- d-----w c:\documents and settings\Stefan\Application Data\DAEMON Tools Pro
2009-02-11 13:09 --------- d-----w c:\program files\Uniblue
2009-02-11 13:09 --------- d-----w c:\documents and settings\Stefan\Application Data\Uniblue
2009-02-09 18:56 67,584 ----a-w c:\windows\system32\ff_vfw.dll
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-16 17:22 685,056 ----a-w c:\windows\is-DT9P8.exe
2009-01-16 13:45 73,728 ----a-w c:\windows\system32\RtNicProp32.dll
2008-12-29 13:35 22,328 ----a-w c:\documents and settings\Stefan\Application Data\PnkBstrK.sys
2002-07-01 14:13 224 --sha-w c:\documents and settings\Stefan\Application Data\maildriver32.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CursorFX"="c:\program files\Stardock\CursorFX\CursorFX.exe" [2008-07-07 416768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"00PCTFW"="c:\program files\PC Tools Firewall Plus\FirewallGUI.exe" [2009-02-24 2652056]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-28 148888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-03-26 401040]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-07-05 c:\windows\RTHDCPL.exe]
"Logitech Utility"="Logi_MwX.Exe" [2002-11-08 c:\windows\LOGI_MWX.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]

c:\documents and settings\Stefan\Start Menu\Programs\Startup\
Digsby.lnk - c:\program files\Digsby\digsby.exe [2008-10-11 137728]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\Launchy\Launchy.exe [2008-12-15 286720]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2008-12-28 21:43 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"d:\\Igrice\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"d:\\Igrice\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"d:\\Igrice\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Shareaza\\Shareaza.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-04-05 114768]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-02-04 159600]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-04-05 20560]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-03 179856]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-02-04 73840]
R3 MaplomL;MaplomL;c:\windows\system32\drivers\maploml.sys [2009-01-21 41608]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-03 15504]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-02-04 95640]
.
Contents of the 'Scheduled Tasks' folder

2009-04-09 c:\windows\Tasks\Uniblue SpeedUpMyPC Nag.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 11:13]

2009-02-11 c:\windows\Tasks\Uniblue SpeedUpMyPC.job
- c:\program files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [2007-10-22 11:13]

2009-04-09 c:\windows\Tasks\User_Feed_Synchronization-{EE4DA373-E89C-42D3-9C95-C692003D3AAD}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 05:31]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - (no file)

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Stefan\Application Data\Mozilla\firefox\profiles\hh2dt9a0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs
FF - component: c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\hh2dt9a0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\WINNT_x86-msvc\components\ipc.dll
FF - component: c:\documents and settings\Stefan\Application Data\Mozilla\Firefox\Profiles\hh2dt9a0.default\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 19:17:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-350281380-233495102-1455855570-1003\Software\SecuROM\License information*]
"datasecu"=hex:c4,b5,6b,3d,a9,3b,2f,54,4e,85,d0,34,82,36,4a,9d,e0,e2,4e,8a,de,
4f,c5,38,1d,82,2f,73,cf,82,af,ce,e5,24,6d,cf,3b,7f,c3,62,43,34,5d,5a,ca,46,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\Stardock\Object Desktop\WindowBlinds\WBSrv.dll
.
Completion time: 2009-04-09 19:19:25
ComboFix-quarantined-files.txt 2009-04-09 17:19:23

Pre-Run: 30.894.190.592 bytes free
Post-Run: 30,904,688,640 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=alwaysoff /fastdetect

Current=4 Default=4 Failed=0 LastKnownGood=1 Sets=1,2,3,4
259 --- E O F --- 2009-03-11 15:27:45

Izvinjavam se svima koje sam razgnevio svojim pisanjima. Trudiću se da se popravim.