Kristi1!
Uspio sam odraditi sa ComboFix-om. Pri tom mi je upozorio da iskljucim Avast, iako je bio iskljucen. Evo sadrzaja fajla, pa sta bog da. Sa fleskice sam Avastom obrisao neki virus 22yj2fy1.exe, ali mi je ostao na kompjuteru.
ComboFix 09-12-29.06 - AMD 30.12.2009 23:20:54.2.1 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.260 [GMT 1:00]
Running from: c:\documents and settings\AMD\Desktop\virusi\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091230-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\cleanup.exe
c:\docume~1\AMD\LOCALS~1\Temp\sshnas.dll
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\AMD\Local Settings\Temporary Internet Files\MF14593ED.gif
c:\documents and settings\AMD\Local Settings\Temporary Internet Files\SF0ED.gif
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\system32\sshnas.dll
c:\windows\system32\vspopup.dll
c:\windows\system32\Y14L8iyF.exe.a_a
c:\windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
c:\windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
D:\autorun.inf
E:\autorun.inf
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SSHNAS
-------\Service_AVPsys
-------\Service_SSHNAS
((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 )))))))))))))))))))))))))))))))
.
2009-12-30 21:46 . 2009-12-30 21:49 -------- dc-h--w- c:\windows\ie8
2009-12-30 21:46 . 2009-12-30 21:46 -------- d-----w- c:\windows\LastGood
2009-12-30 18:30 . 2009-12-30 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-30 18:30 . 2009-12-30 18:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-29 20:51 . 2009-12-29 20:51 -------- d-----w- c:\program files\trend micro
2009-12-29 20:51 . 2009-12-29 20:51 -------- d-----w- C:\rsit
2009-12-29 19:20 . 2009-12-29 19:30 26386 ----a-w- C:\backup.reg
2009-12-29 19:20 . 2009-12-29 19:30 574 ----a-w- C:\cleanup.bat
2009-12-29 19:20 . 2009-12-29 19:30 135168 ----a-w- C:\zip.exe
2009-12-29 10:40 . 2009-12-29 10:40 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\WinZip
2009-12-29 10:03 . 2009-12-29 10:03 -------- d-----w- C:\saslPrep_3968
2009-12-29 09:16 . 2009-12-26 13:54 34429264 ----a-r- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_ 2330 7_1_40_1_eng_web.exe
2009-12-29 09:07 . 2009-12-29 09:07 388608 ----a-w- c:\windows\system32\CF19309.exe
2009-12-27 14:28 . 2009-12-28 16:54 -------- d-----w- c:\windows\system32\NtmsData
2009-12-27 14:25 . 2009-12-27 14:25 -------- d-sh--w- c:\documents and settings\AMD\IECompatCache
2009-12-27 11:24 . 2009-12-30 21:23 -------- d-----w- c:\program files\Common Files\Akamai
2009-12-25 21:45 . 2009-12-26 09:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Free_Lunch_Design
2009-12-25 21:44 . 2009-12-25 21:45 -------- d-----w- c:\program files\Free_Lunch_Design
2009-12-25 21:44 . 2009-05-31 17:45 51200 ----a-w- c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
2009-12-25 21:44 . 2009-05-31 17:45 114688 ----a-w- c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\npmozax.dll
2009-12-25 21:12 . 2009-12-25 21:12 -------- d-----w- c:\program files\Santa Claus in Trouble
2009-12-24 17:32 . 2009-12-27 07:45 -------- d-----w- c:\program files\Carambis
2009-12-24 17:01 . 2009-12-24 17:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Nokia
2009-12-24 17:01 . 2009-12-24 17:01 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\NokiaAccount
2009-12-24 16:54 . 2008-08-26 08:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-12-24 16:54 . 2009-12-24 16:54 -------- d-----w- c:\program files\PC Connectivity Solution
2009-12-24 16:48 . 2009-12-24 16:49 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-24 16:46 . 2009-12-24 16:52 12212040 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2009-12-24 16:46 . 2009-12-24 16:52 13930312 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2009-12-24 16:46 . 2009-12-24 16:52 61440 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx86.exe
2009-12-24 16:46 . 2009-12-24 16:52 58880 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\WMF11Runx64.exe
2009-12-24 16:46 . 2009-12-24 16:52 77824 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2009-12-24 16:46 . 2009-12-24 16:52 50000 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Installer\CommonCustomActions\pcswpc.exe
2009-12-24 16:46 . 2009-12-24 08:50 95992424 ----a-w- c:\documents and settings\All Users\Application Data\OviInstallerCache\{B6164ADA-55DA-4FA9-B78B-A7EB741742A1}\Nokia_Ovi_Suite_webinstaller_ALL.exe
2009-12-24 16:46 . 2009-12-24 16:46 -------- d-----w- c:\documents and settings\All Users\Application Data\OviInstallerCache
2009-12-24 16:18 . 2009-12-24 16:18 -------- d-----w- c:\program files\Common Files\LogoManager
2009-12-24 16:17 . 2009-12-24 16:18 -------- d-----w- c:\program files\MobiMB Mobile Media Browser
2009-12-24 10:19 . 2009-12-24 10:19 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Microsoft Help
2009-12-24 08:56 . 2009-12-24 08:56 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-24 07:40 . 2009-10-29 07:45 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-24 07:40 . 2009-10-29 07:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-24 07:21 . 2009-12-27 14:04 -------- d-----w- c:\documents and settings\AMD\Application Data\Software Informer
2009-12-24 07:21 . 2009-12-24 07:21 -------- d-----w- c:\program files\Software Informer
2009-12-24 06:59 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-24 06:59 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-24 06:51 . 2009-12-24 06:51 -------- d-----w- c:\documents and settings\AMD\Application Data\PC Suite
2009-12-24 06:51 . 2009-12-24 17:02 -------- d-----w- c:\documents and settings\AMD\Application Data\Nokia
2009-12-24 06:51 . 2009-12-24 06:51 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-12-24 06:50 . 2009-12-24 06:50 -------- d-----w- c:\program files\Common Files\PCSuite
2009-12-24 06:49 . 2009-12-24 16:56 -------- d-----w- c:\program files\Common Files\Nokia
2009-12-24 06:48 . 2009-10-06 10:52 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-12-24 06:48 . 2009-12-24 16:54 -------- d-----w- c:\program files\Nokia
2009-12-24 06:47 . 2009-12-23 19:13 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_eng_web.exe
2009-12-24 06:47 . 2009-12-24 06:47 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe
2009-12-24 06:47 . 2009-12-24 06:47 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-24 06:47 . 2009-12-24 06:47 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe
2009-12-24 06:47 . 2009-12-24 06:47 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe
2009-12-24 06:44 . 2009-12-24 06:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-12-23 19:12 . 2009-12-24 10:40 -------- d-----w- c:\program files\Microsoft Silverlight
2009-12-23 19:11 . 2009-12-23 19:11 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-12-23 19:10 . 2009-08-05 21:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-12-23 19:09 . 2009-12-23 19:09 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-12-23 19:09 . 2009-12-23 19:09 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-12-23 19:03 . 2009-12-23 19:03 -------- d-----w- c:\program files\Microsoft
2009-12-23 19:02 . 2009-12-23 19:02 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-12-23 19:02 . 2009-12-23 19:10 -------- d-----w- c:\program files\Windows Live
2009-12-23 18:38 . 2009-12-23 18:38 -------- d-----w- c:\program files\Common Files\Windows Live
2009-12-23 18:00 . 2009-12-23 18:00 -------- d-----w- c:\program files\Conduit
2009-12-23 18:00 . 2009-12-23 18:00 -------- d-----w- c:\documents and settings\AMD\Local Settings\Application Data\Conduit
2009-12-23 17:59 . 2009-12-23 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2009-12-23 17:57 . 2009-12-23 17:57 -------- d-----w- c:\program files\PC Drivers HeadQuarters
2009-12-23 16:41 . 2009-12-23 16:41 -------- d-sh--w- c:\documents and settings\AMD\PrivacIE
2009-12-23 16:37 . 2009-12-23 16:37 -------- d-sh--w- c:\documents and settings\AMD\IETldCache
2009-12-23 16:35 . 2009-12-30 21:51 -------- d-----w- c:\windows\ie8updates
2009-12-23 16:30 . 2009-12-30 21:48 -------- d-----w- c:\windows\system32\sr-Cyrl-CS
2009-12-23 16:26 . 2009-10-02 04:44 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-23 13:11 . 2004-08-03 22:56 221184 ----a-w- c:\windows\system32\wmpns.dll
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\Xvid
2009-12-22 18:47 . 2009-12-22 18:47 -------- d-----w- c:\program files\FDRLab
2009-12-22 18:25 . 2005-07-25 09:04 48640 ----a-w- c:\windows\system32\drivers\ser2pl.sys
2009-12-22 17:28 . 2009-11-24 23:50 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-12-22 17:28 . 2009-11-24 23:50 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-12-21 20:32 . 2009-12-21 20:32 -------- d-----w- c:\program files\Barbie(TM)
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 14:20 . 2007-08-28 15:53 -------- d-----w- c:\program files\Macromedia
2009-12-27 07:45 . 2007-02-03 09:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-25 19:56 . 2007-02-03 09:30 113064 ----a-w- c:\documents and settings\AMD\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-25 16:46 . 2007-12-06 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-12-25 16:13 . 2009-07-01 08:04 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-24 06:51 . 2007-08-27 13:36 -------- d-----w- c:\program files\DIFX
2009-12-23 19:21 . 2000-02-24 18:27 -------- d-----w- c:\program files\Windows Live Toolbar
2009-11-24 23:54 . 2007-02-03 10:04 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-02-03 10:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-02-03 10:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:49 . 2007-02-03 10:04 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2007-02-03 10:04 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-02-03 10:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-02-03 10:04 97480 ----a-w- c:\windows\system32\AVASTSS.scr
2009-10-29 07:45 . 2004-08-03 22:56 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 06:00 . 2004-08-03 22:56 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2004-08-03 22:56 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2004-08-03 21:00 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2004-08-03 22:56 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2004-08-03 22:56 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:54 . 2004-08-03 22:56 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-08 12:30 . 2009-10-08 12:30 0 ----a-w- c:\windows\ativpsrm.bin
2002-07-31 18:55 . 2007-10-05 20:08 106 --sh--w- c:\windows\WSYS049.SYS
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
2009-05-20 17:05 2085400 ----a-w- c:\program files\Free_Lunch_Design\tbFree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{57CC715D-37CA-44E4-9EC2-8C2CBDDB25EC}"= "c:\program files\Free_Lunch_Design\tbFree.dll" [2009-05-20 2085400]
[HKEY_CLASSES_ROOT\clsid\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-11-25 2011205]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-11-11 1451520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Acrobat Assistant 8.0"="e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe [2009-7-11 295606]
Adobe Acrobat Synchronizer.lnk - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
backup=c:\windows\pss\Adobe Acrobat Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^Registration .LNK]
path=c:\documents and settings\AMD\Start Menu\Programs\Startup\Registration .LNK
backup=c:\windows\pss\Registration .LNKStartup
[HKLM\~\startupfolder\C:^Documents and Settings^AMD^Start Menu^Programs^Startup^WinMySQLadmin.lnk]
path=c:\documents and settings\AMD\Start Menu\Programs\Startup\WinMySQLadmin.lnk
backup=c:\windows\pss\WinMySQLadmin.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
2009-11-24 23:51 81000 ----a-w- c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-04 00:06 1667584 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QKSMTPServer3]
2005-08-08 11:33 959488 ----a-w- c:\progra~1\QKSMTP~1\QKSmtpServer3.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2007-02-16 09:54 282624 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 19:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2004-12-22 09:09 77824 ----a-w- c:\windows\soundman.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Browsers\\Opera\\opera.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10.01.2007 21:43 685816]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [22.12.2009 18:28 114768]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [03.08.2004 23:56 14336]
S2 Apache2.2;Apache2.2;e:\5.instalirani_programi\AppServ\Apache2.2\bin\httpd.exe [17.01.2008 18:37 24635]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [22.12.2009 18:28 20560]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [23.12.2009 20:10 54752]
S2 PHPGeekUtil;PHPGeekUtil;"c:\apache\APACHE.EXE" --ntservice --> c:\apache\APACHE.EXE [?]
S2 XAMPP;XAMPP Service;c:\xampp\service.exe --> c:\xampp\service.exe [?]
S3 DNSFILT;DNSFILT;\??\c:\program files\Atguard\DNSFILT.SYS --> c:\program files\Atguard\DNSFILT.SYS [?]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 FWFILT;FWFILT;\??\c:\program files\Atguard\FWFILT.SYS --> c:\program files\Atguard\FWFILT.SYS [?]
S3 HTTPFILT;HTTPFILT;\??\c:\program files\Atguard\HTTPFILT.SYS --> c:\program files\Atguard\HTTPFILT.SYS [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - SPUPDSVC
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
IE: Append to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - e:\5.instalirani_programi\AdobeCS4\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Subscribe in RSS Bandit - c:\documents and settings\AMD\Application Data\RssBandit\iecontext_subscribebandit.htm
TCP: {ED2C4C66-C3B5-49A5-A999-C4F3566E8A9B} = 212.200.191.166,212.200.190.166
FF - ProfilePath - c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Free Lunch Design Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1708250&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1708250&SearchSource=2&q=
FF - component: c:\documents and settings\AMD\Application Data\Mozilla\Firefox\Profiles\vayaalab.default\extensions\{57cc715d-37ca-44e4-9ec2-8c2cbddb25ec}\components\FFExternalAlert.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\browsers\Opera\program\plugins\npdsplay.dll
FF - plugin: c:\browsers\Opera\program\plugins\NPOFFICE.DLL
FF - plugin: c:\browsers\Opera\program\plugins\NPSWF32.dll
FF - plugin: c:\browsers\Opera\program\plugins\npwmsdrm.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-MySQL Data Wizard Agent - c:\program files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe
HKCU-Run-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe
HKCU-Run-AdobeBridge - c:\program files\Adobe\Adobe Bridge CS4\Bridge.exe
HKCU-Run-fsm - (no file)
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
HKLM-Run-MSI Live - c:\program files\MSI\MSI Live\SetWallpaper.exe
MSConfigStartUp-00PCTFW - c:\program files\PC Tools Firewall Plus\FirewallGUI.exe
MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
MSConfigStartUp-MySQL Data Wizard Agent - c:\program files\SQL Maestro Group\Data Wizard for MySQL\MyDataWizardA.exe
MSConfigStartUp-NvCplDaemon - c:\windows\system32\NvCpl.dll
MSConfigStartUp-NvMediaCenter - c:\windows\system32\NvMcTray.dll
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-SinapsiAntispam - c:\program files\Sinapsi Antispam\SinapsiAntispam.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre1.5.0_05\bin\jusched.exe
AddRemove-CVS for Dreamweaver - c:\program files\CVS4DW\uninst.exe
AddRemove-GnuPG - c:\xampp\apache\GnuPG\uninst-gnupg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-12-30 23:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3629.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mysql]
"ImagePath"="e:\5.instalirani_programi\AppServ\MySQL\bin\mysqld --defaults-file=e:\50cee~1.ins\AppServ\MySQL\my.ini mysql"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(640)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\l3codeca.acm
c:\windows\system32\ac3acm.acm
c:\windows\system32\sirenacm.dll
- - - - - - - > 'explorer.exe'(388)
c:\windows\system32\WININET.dll
.
Completion time: 2009-12-30 23:35:07
ComboFix-quarantined-files.txt 2009-12-30 22:34
Pre-Run: 10 480 181 248 bytes free
Post-Run: 10 459 090 944 bytes free
- - End Of File - - DEFF4D09D71E5DC7098F7F6710C1478D