Tema
:
(riješeno) Kursor mi bježi za vrijeme tipkanja
View Single Post
16.08.2010., 00:53
#
22
Female
Never Registered User
Moj komp
Datum registracije: Jun 2008
Lokacija: -
Postovi: 92
ComboFix 10-08-15.01 - Korisnik 08/16/2010 0:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1523 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Default User\xmlUpdater.exe
c:\documents and settings\Korisnik\xmlUpdater.exe
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\st325602.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 23:38 . 2010-08-15 23:38 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-08-15 23:19 . 2010-08-15 23:19 -------- d-----w- c:\program files\Trend Micro
2010-08-15 23:16 . 2010-08-15 23:16 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Malwarebytes
2010-08-15 23:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 23:15 . 2010-08-15 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 23:15 . 2010-08-15 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 23:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 22:40 . 2010-08-15 22:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-15 22:26 . 2010-08-15 22:26 -------- d-----w- c:\program files\PrtScr
2010-08-15 21:48 . 2010-08-15 21:48 -------- d-----w- c:\program files\WinSnap
2010-08-15 21:07 . 2010-08-15 21:07 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Media Player Classic
2010-08-14 22:07 . 2010-08-14 22:07 -------- d-sh--w- c:\documents and settings\Korisnik\IECompatCache
2010-08-14 14:20 . 2010-08-14 14:20 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp
2010-08-14 14:20 . 2010-08-14 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-14 14:15 . 2010-08-14 14:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-14 13:23 . 2010-08-14 22:06 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Google
2010-08-14 12:01 . 2010-08-14 14:15 -------- d-----w- c:\program files\Google
2010-08-14 12:01 . 2010-08-14 13:24 -------- d-----w- c:\windows\system32\Adobe
2010-08-13 23:15 . 2010-08-15 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-13 23:15 . 2010-08-13 23:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-13 23:12 . 2010-08-13 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-13 22:34 . 2010-08-13 22:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-13 22:34 . 2010-08-13 23:04 -------- d-----w- c:\documents and settings\Korisnik\Application Data\skypePM
2010-08-13 22:34 . 2010-08-14 09:06 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----r- c:\program files\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-13 21:59 . 2010-08-13 21:59 -------- d-----w- c:\program files\CCleaner
2010-08-13 21:30 . 2010-08-13 21:30 -------- d-sh--w- c:\documents and settings\Korisnik\PrivacIE
2010-08-13 21:27 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-13 21:27 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-13 21:27 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-13 21:23 . 2010-08-13 21:23 -------- d-sh--w- c:\documents and settings\Korisnik\IETldCache
2010-08-13 21:16 . 2010-08-13 23:20 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Opera
2010-08-13 21:16 . 2010-08-13 21:16 -------- d-----w- c:\program files\Opera
2010-08-13 21:16 . 2010-08-13 22:28 -------- d-----w- c:\documents and settings\Korisnik\Application Data\TeamViewer
2010-08-13 21:15 . 2010-08-13 21:15 -------- d-----w- c:\program files\TeamViewer
2010-08-13 21:10 . 2010-08-13 21:10 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 21:10 . 2010-08-13 21:10 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Mozilla
2010-08-13 20:52 . 2010-08-13 20:53 -------- dc-h--w- c:\windows\ie8
2010-08-09 12:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-09 12:27 . 2010-08-10 10:21 -------- d-----w- c:\windows\SxsCaPendDel
2010-08-03 13:32 . 2010-08-03 13:37 -------- d-----w- c:\program files\Z3X
2010-08-03 13:32 . 2008-03-13 12:51 57536 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2010-08-03 13:32 . 2008-03-13 12:50 72000 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2010-08-03 12:08 . 2009-03-20 08:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-08-03 12:08 . 2009-03-20 08:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-08-03 12:08 . 2009-03-20 08:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-08-03 11:52 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-03 11:45 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-03 11:45 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-03 11:45 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-03 11:38 . 2010-08-03 12:08 -------- d-----w- c:\program files\SAMSUNG
2010-08-03 11:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-08-03 11:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-08-03 11:38 . 2007-07-03 15:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-08-03 11:38 . 2007-07-03 15:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-08-03 11:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-08-03 11:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-08-03 11:38 . 2007-07-03 15:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-08-03 11:37 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-03 11:30 . 2010-08-14 10:37 -------- d-----w- c:\program files\NsPro
2010-08-03 11:29 . 2010-08-03 13:39 -------- d-----w- C:\GSM
2010-08-03 11:28 . 2008-04-13 20:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-02 20:20 . 2010-08-02 20:20 -------- d-----w- c:\documents and settings\Korisnik\Bluetooth Software
2010-08-02 20:20 . 2007-03-31 12:02 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-08-02 20:20 . 2007-03-31 12:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-08-02 20:20 . 2007-03-23 09:50 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-08-02 20:20 . 2007-03-23 09:50 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-02 20:20 . 2007-03-23 09:50 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-08-02 20:20 . 2007-03-23 09:50 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-08-02 20:20 . 2007-03-23 09:50 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2010-08-02 20:20 . 2007-03-23 09:49 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-08-02 20:20 . 2010-08-02 20:20 -------- d-----w- c:\program files\WIDCOMM
2010-08-02 20:19 . 2010-08-02 20:19 -------- d-----w- C:\dell
2010-08-02 20:06 . 2010-08-13 21:47 68456 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-02 20:06 . 2010-08-02 20:07 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Deployment
2010-08-02 18:59 . 2010-08-02 18:59 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\ACD Systems
2010-08-02 18:59 . 2010-08-02 18:59 -------- d-----w- c:\documents and settings\Korisnik\Application Data\ACD Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 23:34 . 2010-07-30 15:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-15 22:40 . 2010-07-30 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-15 22:27 . 2010-07-30 16:12 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 09:27 . 2010-06-28 18:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-14 09:27 . 2010-08-14 09:27 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-14 09:27 . 2010-08-14 09:27 166584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-14 09:27 . 2010-08-14 09:27 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-14 09:27 . 2010-08-14 09:27 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-14 09:27 . 2010-08-13 23:16 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-14 09:27 . 2010-08-13 23:16 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-14 09:27 . 2010-08-14 09:27 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-14 09:27 . 2010-08-14 09:27 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-14 09:27 . 2010-08-14 09:27 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-14 09:27 . 2010-08-14 09:27 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-14 09:22 . 2010-08-14 09:22 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-13 21:40 . 2010-07-30 15:44 -------- d-----w- c:\program files\FlashGet
2010-08-13 21:38 . 2010-07-30 16:00 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-08-13 14:49 . 2010-07-30 16:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Notepad++
2010-08-03 11:52 . 2010-07-30 15:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- c:\program files\Sigmatel
2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- c:\program files\CONEXANT
2010-07-30 16:32 . 2010-07-30 15:58 -------- d-----w- c:\program files\total commander
2010-07-30 16:32 . 2010-07-30 16:00 -------- d-----w- c:\program files\Yahoo!
2010-07-30 16:21 . 2010-07-30 16:21 -------- d-----w- c:\program files\microsoft frontpage
2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-30 16:19 . 2010-07-30 16:27 71680 ----a-w- c:\documents and settings\Korisnik\GLB15BE.tmp
2010-07-30 16:19 . 2010-07-30 16:23 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB15BE.tmp
2010-07-30 16:19 . 2010-07-30 16:19 71680 ----a-w- c:\documents and settings\Default User\GLB15BE.tmp
2010-07-30 16:12 . 2010-07-30 15:53 -------- d-----w- c:\program files\MSBuild
2010-07-30 16:11 . 2010-07-30 16:11 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 16:10 . 2010-07-30 16:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\program files\Nero
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\program files\Common Files\Nero
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-30 15:58 . 2010-07-30 16:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Winamp
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Winamp
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\WinAmp
2010-07-30 15:58 . 2010-07-30 15:58 682232 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\Webteh
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\uTorrent
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\Notepad++
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Notepad++
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-30 15:57 . 2010-07-30 15:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 15:56 . 2010-07-30 15:56 -------- d-----w- c:\program files\7-Zip
2010-07-30 15:53 . 2010-07-30 15:53 -------- d-----w- c:\program files\Reference Assemblies
2010-07-30 15:46 . 2010-07-30 15:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-30 15:45 . 2010-07-30 15:45 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-01 20:35 . 2010-07-01 20:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 18:22 . 2010-07-01 18:22 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-07-01 07:06 . 2010-07-01 07:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 12:31 . 2008-06-17 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 06:06 . 2010-06-30 06:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-24 12:22 . 2008-06-17 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-06-17 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-06-17 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-06-17 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-07-30 15:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-06-17 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 16:43 . 2010-06-09 16:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 16:43 . 2010-06-09 16:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
.
------- Sigcheck -------
[-] 2008-06-17 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-07-01 357096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/30/2010 5:16 PM 105984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/14/2010 3:15 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/16/2010 12:15 AM 38224]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [8/16/2010 12:38 AM 12568]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8/3/2010 1:08 PM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8/3/2010 1:08 PM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8/3/2010 1:08 PM 121856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/30/2010 4:58 PM 682232]
.
Contents of the 'Scheduled Tasks' folder
2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 14:15]
2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\w0v5e21r.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-08-16 00:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\STacSV.exe
.
**************************************************************************
.
Completion time: 2010-08-16 00:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 23:50
Pre-Run: 68,702,126,080 bytes free
Post-Run: 68,670,664,704 bytes free
- - End Of File - - AEC0C327B948F9A4EC87279BDB544873
-->
pauzirala sam KAV prije Combofixa-a:
evo log:
ComboFix 10-08-15.01 - Korisnik 08/16/2010 0:38.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1523 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Default User\xmlUpdater.exe
c:\documents and settings\Korisnik\xmlUpdater.exe
c:\windows\system32\config\systemprofile\xmlUpdater.exe
c:\windows\system32\st325602.dll
.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.
2010-08-15 23:38 . 2010-08-15 23:38 12568 ----a-w- c:\windows\system32\drivers\PROCEXP113.SYS
2010-08-15 23:19 . 2010-08-15 23:19 -------- d-----w- c:\program files\Trend Micro
2010-08-15 23:16 . 2010-08-15 23:16 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Malwarebytes
2010-08-15 23:15 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-15 23:15 . 2010-08-15 23:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-08-15 23:15 . 2010-08-15 23:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-15 23:15 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-08-15 22:40 . 2010-08-15 22:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-08-15 22:26 . 2010-08-15 22:26 -------- d-----w- c:\program files\PrtScr
2010-08-15 21:48 . 2010-08-15 21:48 -------- d-----w- c:\program files\WinSnap
2010-08-15 21:07 . 2010-08-15 21:07 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Media Player Classic
2010-08-14 22:07 . 2010-08-14 22:07 -------- d-sh--w- c:\documents and settings\Korisnik\IECompatCache
2010-08-14 14:20 . 2010-08-14 14:20 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp
2010-08-14 14:20 . 2010-08-14 14:20 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-08-14 14:15 . 2010-08-14 14:15 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-08-14 13:23 . 2010-08-14 22:06 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Google
2010-08-14 12:01 . 2010-08-14 14:15 -------- d-----w- c:\program files\Google
2010-08-14 12:01 . 2010-08-14 13:24 -------- d-----w- c:\windows\system32\Adobe
2010-08-13 23:15 . 2010-08-15 23:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-08-13 23:15 . 2010-08-13 23:15 -------- d-----w- c:\program files\Kaspersky Lab
2010-08-13 23:12 . 2010-08-13 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-08-13 22:34 . 2010-08-13 22:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-08-13 22:34 . 2010-08-13 23:04 -------- d-----w- c:\documents and settings\Korisnik\Application Data\skypePM
2010-08-13 22:34 . 2010-08-14 09:06 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----w- c:\program files\Common Files\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----r- c:\program files\Skype
2010-08-13 22:33 . 2010-08-13 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-08-13 21:59 . 2010-08-13 21:59 -------- d-----w- c:\program files\CCleaner
2010-08-13 21:30 . 2010-08-13 21:30 -------- d-sh--w- c:\documents and settings\Korisnik\PrivacIE
2010-08-13 21:27 . 2010-06-24 12:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-08-13 21:27 . 2010-06-24 12:21 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-08-13 21:27 . 2010-06-24 12:21 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-08-13 21:23 . 2010-08-13 21:23 -------- d-sh--w- c:\documents and settings\Korisnik\IETldCache
2010-08-13 21:16 . 2010-08-13 23:20 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Opera
2010-08-13 21:16 . 2010-08-13 21:16 -------- d-----w- c:\program files\Opera
2010-08-13 21:16 . 2010-08-13 22:28 -------- d-----w- c:\documents and settings\Korisnik\Application Data\TeamViewer
2010-08-13 21:15 . 2010-08-13 21:15 -------- d-----w- c:\program files\TeamViewer
2010-08-13 21:10 . 2010-08-13 21:10 0 ----a-w- c:\windows\nsreg.dat
2010-08-13 21:10 . 2010-08-13 21:10 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Mozilla
2010-08-13 20:52 . 2010-08-13 20:53 -------- dc-h--w- c:\windows\ie8
2010-08-09 12:28 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-08-09 12:27 . 2010-08-10 10:21 -------- d-----w- c:\windows\SxsCaPendDel
2010-08-03 13:32 . 2010-08-03 13:37 -------- d-----w- c:\program files\Z3X
2010-08-03 13:32 . 2008-03-13 12:51 57536 ----a-w- c:\windows\system32\drivers\ftdibus.sys
2010-08-03 13:32 . 2008-03-13 12:50 72000 ----a-w- c:\windows\system32\drivers\ftser2k.sys
2010-08-03 12:08 . 2009-03-20 08:01 90112 ----a-w- c:\windows\system32\drivers\ss_bbus.sys
2010-08-03 12:08 . 2009-03-20 08:01 14976 ----a-w- c:\windows\system32\drivers\ss_bmdfl.sys
2010-08-03 12:08 . 2009-03-20 08:01 121856 ----a-w- c:\windows\system32\drivers\ss_bmdm.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwhnt.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bwh.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcmnt.sys
2010-08-03 12:08 . 2009-03-20 08:01 12160 ----a-w- c:\windows\system32\drivers\ss_bcm.sys
2010-08-03 11:52 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-08-03 11:45 . 2010-04-27 13:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-08-03 11:45 . 2010-04-28 02:25 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-08-03 11:45 . 2010-04-27 13:05 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-08-03 11:38 . 2010-08-03 12:08 -------- d-----w- c:\program files\SAMSUNG
2010-08-03 11:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys
2010-08-03 11:38 . 2007-07-03 16:00 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys
2010-08-03 11:38 . 2007-07-03 15:58 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys
2010-08-03 11:38 . 2007-07-03 15:57 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys
2010-08-03 11:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys
2010-08-03 11:38 . 2007-07-03 15:56 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys
2010-08-03 11:38 . 2007-07-03 15:54 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys
2010-08-03 11:37 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-08-03 11:30 . 2010-08-14 10:37 -------- d-----w- c:\program files\NsPro
2010-08-03 11:29 . 2010-08-03 13:39 -------- d-----w- C:\GSM
2010-08-03 11:28 . 2008-04-13 20:15 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-08-02 20:20 . 2010-08-02 20:20 -------- d-----w- c:\documents and settings\Korisnik\Bluetooth Software
2010-08-02 20:20 . 2007-03-31 12:02 876384 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2010-08-02 20:20 . 2007-03-31 12:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-08-02 20:20 . 2007-03-23 09:50 67960 ----a-w- c:\windows\system32\drivers\btwusb.sys
2010-08-02 20:20 . 2007-03-23 09:50 37280 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-02 20:20 . 2007-03-23 09:50 149123 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2010-08-02 20:20 . 2007-03-23 09:50 106557 ----a-w- c:\windows\system32\btw_ci.dll
2010-08-02 20:20 . 2007-03-23 09:50 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2010-08-02 20:20 . 2007-03-23 09:49 539072 ----a-w- c:\windows\system32\drivers\btaudio.sys
2010-08-02 20:20 . 2010-08-02 20:20 -------- d-----w- c:\program files\WIDCOMM
2010-08-02 20:19 . 2010-08-02 20:19 -------- d-----w- C:\dell
2010-08-02 20:06 . 2010-08-13 21:47 68456 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-02 20:06 . 2010-08-02 20:07 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Deployment
2010-08-02 18:59 . 2010-08-02 18:59 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\ACD Systems
2010-08-02 18:59 . 2010-08-02 18:59 -------- d-----w- c:\documents and settings\Korisnik\Application Data\ACD Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-15 23:34 . 2010-07-30 15:56 -------- d-----w- c:\program files\Microsoft Silverlight
2010-08-15 22:40 . 2010-07-30 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-08-15 22:27 . 2010-07-30 16:12 -------- d-----w- c:\program files\Microsoft Works
2010-08-14 09:27 . 2010-06-28 18:47 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-14 09:27 . 2010-08-14 09:27 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-14 09:27 . 2010-08-14 09:27 166584 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-14 09:27 . 2010-08-14 09:27 125624 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-14 09:27 . 2010-08-14 09:27 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-14 09:27 . 2010-08-13 23:16 97549 ----a-w- c:\windows\system32\drivers\klick.dat
2010-08-14 09:27 . 2010-08-13 23:16 113933 ----a-w- c:\windows\system32\drivers\klin.dat
2010-08-14 09:27 . 2010-08-14 09:27 129720 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-14 09:27 . 2010-08-14 09:27 113336 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-14 09:27 . 2010-08-14 09:27 404152 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-14 09:27 . 2010-08-14 09:27 170680 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-14 09:22 . 2010-08-14 09:22 283984 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-13 21:40 . 2010-07-30 15:44 -------- d-----w- c:\program files\FlashGet
2010-08-13 21:38 . 2010-07-30 16:00 -------- d-----w- c:\program files\Common Files\ACD Systems
2010-08-13 14:49 . 2010-07-30 16:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Notepad++
2010-08-03 11:52 . 2010-07-30 15:49 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- c:\program files\Sigmatel
2010-07-30 16:40 . 2010-07-30 16:40 -------- d-----w- c:\program files\CONEXANT
2010-07-30 16:32 . 2010-07-30 15:58 -------- d-----w- c:\program files\total commander
2010-07-30 16:32 . 2010-07-30 16:00 -------- d-----w- c:\program files\Yahoo!
2010-07-30 16:21 . 2010-07-30 16:21 -------- d-----w- c:\program files\microsoft frontpage
2010-07-30 16:20 . 2010-07-30 16:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-07-30 16:19 . 2010-07-30 16:27 71680 ----a-w- c:\documents and settings\Korisnik\GLB15BE.tmp
2010-07-30 16:19 . 2010-07-30 16:23 71680 ----a-w- c:\windows\system32\config\systemprofile\GLB15BE.tmp
2010-07-30 16:19 . 2010-07-30 16:19 71680 ----a-w- c:\documents and settings\Default User\GLB15BE.tmp
2010-07-30 16:12 . 2010-07-30 15:53 -------- d-----w- c:\program files\MSBuild
2010-07-30 16:11 . 2010-07-30 16:11 -------- d-----w- c:\program files\Microsoft.NET
2010-07-30 16:10 . 2010-07-30 16:10 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\program files\Nero
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\program files\Common Files\Nero
2010-07-30 15:59 . 2010-07-30 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-07-30 15:58 . 2010-07-30 16:27 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Winamp
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Winamp
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\WinAmp
2010-07-30 15:58 . 2010-07-30 15:58 682232 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\Webteh
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\uTorrent
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\Notepad++
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\documents and settings\Default User\Application Data\Notepad++
2010-07-30 15:58 . 2010-07-30 15:58 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-07-30 15:57 . 2010-07-30 15:57 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-30 15:56 . 2010-07-30 15:56 -------- d-----w- c:\program files\7-Zip
2010-07-30 15:53 . 2010-07-30 15:53 -------- d-----w- c:\program files\Reference Assemblies
2010-07-30 15:46 . 2010-07-30 15:46 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-30 15:45 . 2010-07-30 15:45 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-01 20:35 . 2010-07-01 20:35 228024 ----a-w- c:\windows\system32\klogon.dll
2010-07-01 18:22 . 2010-07-01 18:22 92816 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\English\setup.exe
2010-07-01 07:06 . 2010-07-01 07:06 1037648 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 12:31 . 2008-06-17 12:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-30 06:06 . 2010-06-30 06:06 271696 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-24 12:22 . 2008-06-17 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 2008-06-17 12:00 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 2008-06-17 12:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-17 14:03 . 2008-06-17 12:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-06-14 14:31 . 2010-07-30 15:47 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-14 07:41 . 2008-06-17 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2010-06-09 16:43 . 2010-06-09 16:43 11352 ----a-w- c:\windows\system32\drivers\kl2.sys
2010-06-09 16:43 . 2010-06-09 16:43 132184 ----a-w- c:\windows\system32\drivers\kl1.sys
.
------- Sigcheck -------
[-] 2008-06-17 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-14 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-07-01 357096]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]
"nltide_3"="advpack.dll" [2009-03-08 128512]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-5-17 568176]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IgfxTray"=c:\windows\system32\igfxtray.exe
"HotKeysCmds"=c:\windows\system32\hkcmd.exe
"Persistence"=c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [6/9/2010 5:43 PM 11352]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [7/30/2010 5:16 PM 105984]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [5/7/2010 12:06 PM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [11/2/2009 8:27 PM 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/14/2010 3:15 PM 135664]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [8/16/2010 12:15 AM 38224]
S3 PROCEXP113;PROCEXP113;c:\windows\system32\drivers\PROCEXP113.SYS [8/16/2010 12:38 AM 12568]
S3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\drivers\ss_bbus.sys [8/3/2010 1:08 PM 90112]
S3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\drivers\ss_bmdfl.sys [8/3/2010 1:08 PM 14976]
S3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\drivers\ss_bmdm.sys [8/3/2010 1:08 PM 121856]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/30/2010 4:58 PM 682232]
.
Contents of the 'Scheduled Tasks' folder
2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 14:15]
2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-14 14:15]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\w0v5e21r.default\
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-08-16 00:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2424)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\audiodev.dll
c:\windows\system32\WMVCore.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\windows\system32\STacSV.exe
.
**************************************************************************
.
Completion time: 2010-08-16 00:50:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 23:50
Pre-Run: 68,702,126,080 bytes free
Post-Run: 68,670,664,704 bytes free
- - End Of File - - AEC0C327B948F9A4EC87279BDB544873
Zadnje izmijenjeno od: domy_os. 16.08.2010. u
01:05
.
Female
Vidi profil
Pronađi još poruka od Female
Moj komp
CPU:
Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz
RAM:
8.00 GB
VGA:
AMD Radeon R7 250X Asus 2GB
Monitor:
HP EliteDisplay E231 LED Backlit Monitor
OS:
Windows 7 Enterprise 64-bit SP1
16.08.2010., 00:53
