Šta dalje? da li je sada uklonjen napokon?
ComboFix 09-10-22.01 - sef proizvodnje 23.10.2009 16:29.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.759.267 [GMT 2:00]
Running from: c:\documents and settings\sef proizvodnje\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\~WRD0005.tmp
c:\documents and settings\sef proizvodnje\rundll32.exe bthprops .exe
c:\recycler\S-1-5-21-674801537-3840082271-3752609986-500
c:\windows\nclaunch .exe
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\comrepl.exe
c:\windows\system32\ctfmon .exe
c:\windows\system32\setup.ini
.
((((((((((((((((((((((((( Files Created from 2009-09-23 to 2009-10-23 )))))))))))))))))))))))))))))))
.
2009-10-14 14:43 . 2009-10-14 14:43 -------- d-----w- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\PCHealth
2009-10-03 04:18 . 2009-10-01 08:29 195440 ------w- c:\windows\system32\MpSigStub.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-23 12:47 . 2004-12-14 10:39 -------- d-----w- c:\program files\ClocX
2009-10-23 12:47 . 2009-02-13 09:46 30208 ----a-w- c:\windows\nclaunch.exe
2009-10-23 08:36 . 2008-11-26 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-10-21 16:32 . 2009-01-20 07:50 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-10-14 06:06 . 2008-12-03 09:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-09-14 17:16 . 2008-12-31 10:55 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\MSN6
2009-09-14 17:13 . 2007-04-21 12:05 2568 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-09-11 14:18 . 2003-03-31 02:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 04:46 . 2009-03-20 07:29 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-06 10:20 . 2007-04-26 10:17 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\Skype
2009-09-06 08:37 . 2008-03-14 10:54 -------- d-----w- c:\documents and settings\sef proizvodnje\Application Data\skypePM
2009-09-04 21:03 . 2003-03-31 02:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-29 07:36 . 2004-12-07 14:37 832512 ----a-w- c:\windows\system32\wininet.dll
2009-08-29 07:36 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-08-29 07:36 . 2003-03-31 02:00 17408 ------w- c:\windows\system32\corpol.dll
2009-08-26 10:44 . 2009-08-26 10:44 -------- d-----w- c:\program files\Readiris
2009-08-26 10:44 . 2004-10-29 23:02 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-26 08:00 . 2003-03-31 02:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-17 21:33 . 2009-08-17 21:33 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-05 09:01 . 2002-12-12 07:14 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 15:13 . 2003-03-31 02:00 2145280 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2003-03-31 02:00 2023936 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-04-21 12:05 . 2007-04-21 12:05 8 --sh--r- c:\windows\system32\BB642112CA.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
2009-04-01 05:35 1883672 ----a-w- c:\program files\myBabylon_English\tbmyB0.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B2E293EE-FD7E-4C71-A714-5F4750D8D7B7}"= "c:\program files\myBabylon_English\tbmyB0.dll" [2009-04-01 1883672]
[HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-11-26 133104]
"NCLaunch"="c:\windows\NCLAUNCH.EXe" [2009-10-23 30208]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-06 68856]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-06-01 4608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2009-10-20 30208]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2009-10-23 30208]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2007-05-18 949376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-10-03 39792]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-07 98304]
"WHITNEY_S2P"="c:\program files\Samsung\Samsung SCX-4x21 Series\PSU\Scan2pc.exe" [2009-10-23 30208]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-14 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
c:\documents and settings\sef proizvodnje\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-7 101440]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"Google Update"="c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"ISUSPM Startup"=c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"HotKeysCmds"=c:\windows\System32\hkcmd.exe
"TomcatStartup"=c:\program files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
"StatusClient"=c:\program files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
"IgfxTray"=c:\windows\System32\igfxtray.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox2.0\\Javasoft\\JRE\\1.3.1\\bin\\javaw.exe"=
"c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [18.5.2007 13:36 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20.3.2009 9:28 55152]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3.11.2006 19:19 13592]
S2 MCUSBPM3;Microchip MPLAB PM3 Firmware Client Driver (PM3W2K.SYS);c:\windows\system32\drivers\PM3w2k.sys [22.3.2004 2:45 12447]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [6.2.2009 19:08 533360]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 22:22 34064]
.
Contents of the 'Scheduled Tasks' folder
2009-10-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-07-16 07:36]
2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241337480-236900093-1425797982-1006Core.job
- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-26 07:24]
2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2241337480-236900093-1425797982-1006UA.job
- c:\documents and settings\sef proizvodnje\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-26 07:24]
2009-10-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://go.compaq.com/1Q00CDT/0409/bl8.asp
uInternet Settings,ProxyServer = 192.168.80.10:8080
IE: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?b34629e0ae824782a5c6cde136a71638
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?b34629e0ae824782a5c6cde136a71638
LSP: imon.dll
TCP: {599C0F30-3E75-4233-85A3-584FAC958C16} = 195.178.32.2,212.200.13.13
.
- - - - ORPHANS REMOVED - - - -
AddRemove-_{63218538-4A69-497F-8455-904261B0E9E4} - c:\program files\Corel\CorelDRAW Graphics Suite 13\Programs\MSILauncher {63218538-4A69-497F-8455-904261B0E9E4}
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-23 16:35
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'lsass.exe'(908)
c:\windows\system32\imon.dll
.
Completion time: 2009-10-23 16:37
ComboFix-quarantined-files.txt 2009-10-23 14:37
Pre-Run: 35.703.853.056 bytes free
Post-Run: 36.430.077.952 bytes free
- - End Of File - - 37C1F0A51E5F2AC9357E7A8F912A0269