evo ga. magna mozes li malo brze odgovarat majke ti.hehehe. sto mi ups zasviro kad je ovoaj skeniro ?
ComboFix 09-01-11.04 - user 2009-01-12 22:20:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.621 [GMT 1:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: ESET NOD32 antivirus system 2.70 *On-access scanning disabled* (Updated)
* Created a new restore point
[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\UpsPilot\classes\com\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\launcher\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\management\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\management\transport\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\servlets\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\beans\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\corba\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ejb\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\mibs\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\mibs\mibparser\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\rmi\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\sas\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\usm\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\snmp2\vacm\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ui\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\ui\images\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\snmp\utils\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\utils\_desktop.ini
c:\program files\UpsPilot\classes\com\adventnet\utils\images\_desktop.ini
c:\program files\UpsPilot\classes\java\_desktop.ini
c:\program files\UpsPilot\classes\java\io\_desktop.ini
c:\program files\UpsPilot\help\en\images\_desktop.ini
c:\program files\UpsPilot\Icon\_desktop.ini
c:\program files\UpsPilot\images\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\snmp2\_desktop.ini
c:\program files\UpsPilot\jdk1.2_classes\com\adventnet\snmp\snmp2\usm\_desktop.ini
c:\program files\UpsPilot\sounds\_desktop.ini
c:\windows\install.exe
c:\windows\system32\mpg4c32.dll
.
((((((((((((((((((((((((( Files Created from 2008-12-12 to 2009-01-12 )))))))))))))))))))))))))))))))
.
2009-01-12 11:26 . 2009-01-12 12:29 <DIR> d-------- c:\program files\AutorunRemover
2009-01-05 10:33 . 2009-01-05 10:33 <DIR> d-------- c:\documents and settings\user\Application Data\AVSMedia
2009-01-05 10:33 . 2009-01-05 10:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2009-01-05 10:24 . 2009-01-05 11:09 <DIR> d-------- c:\program files\Common Files\AVSMedia
2009-01-05 10:24 . 2007-02-27 19:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2009-01-05 10:24 . 2007-02-27 19:36 974,848 --a------ c:\windows\system32\mfc70.dll
2009-01-05 10:24 . 2007-02-27 19:36 487,424 --a------ c:\windows\system32\msvcp70.dll
2009-01-05 10:24 . 2007-02-27 19:36 156,910 --a------ c:\windows\WMSysPr8.prx
2009-01-05 10:24 . 2007-02-27 19:36 24,576 --a------ c:\windows\system32\msxml3a.dll
2009-01-05 10:23 . 2009-01-05 10:23 <DIR> d-------- c:\program files\AVSMedia
2009-01-05 10:23 . 2007-02-27 19:36 261,632 --a------ c:\windows\system32\mcdvd_32.dll
2009-01-05 10:23 . 2007-02-27 19:36 221,215 --a------ c:\windows\system32\divxdec.ax
2009-01-05 10:23 . 2007-02-27 19:36 82,944 --a------ c:\windows\system32\vct3216.acm
2009-01-05 10:23 . 2007-02-27 19:36 53,248 --a------ c:\windows\system32\xvid.ax
2009-01-05 10:23 . 2007-02-27 19:36 38,912 --a------ c:\windows\system32\alf2cd.acm
2009-01-05 10:23 . 2007-02-27 19:36 13,239 --a------ c:\windows\system32\Scg726.acm
2009-01-04 11:09 . 2004-08-03 22:58 100,992 --a------ c:\windows\system32\drivers\bthpan.sys
2009-01-04 11:09 . 2004-08-03 22:58 100,992 --a--c--- c:\windows\system32\dllcache\bthpan.sys
2008-12-26 10:10 . 2008-12-26 10:10 <DIR> d-------- c:\windows\Sun
2008-12-18 19:07 . 2008-12-18 19:07 <DIR> d-------- c:\documents and settings\LocalService\Application Data\CyberLink
2008-12-18 11:00 . 2008-12-18 11:28 <DIR> d-------- c:\windows\SxsCaPendDel
2008-12-18 10:55 . 2008-12-18 10:55 <DIR> d-------- c:\documents and settings\user\Application Data\Publish Providers
2008-12-18 10:54 . 2008-12-18 10:54 <DIR> d-------- c:\documents and settings\user\Application Data\Sony
2008-12-18 10:30 . 2008-12-18 10:30 <DIR> d-------- c:\program files\Sony Setup
2008-12-18 10:30 . 2008-12-18 10:30 <DIR> d-------- c:\documents and settings\user\Application Data\Sony Setup
2008-12-16 16:45 . 2009-01-05 09:27 <DIR> d-------- c:\documents and settings\user\Shared
2008-12-16 16:45 . 2009-01-05 09:51 <DIR> d-------- c:\documents and settings\user\Incomplete
2008-12-16 16:45 . 2008-12-19 12:07 <DIR> d-------- c:\documents and settings\user\Application Data\LimeWire
2008-12-16 16:44 . 2009-01-05 09:57 <DIR> d-------- c:\program files\LimeWire
2008-12-12 18:17 . 2008-12-12 18:17 <DIR> d--hs---- c:\windows\ftpcache
2008-12-12 11:36 . 2008-12-12 11:36 <DIR> d-------- c:\program files\Zeallsoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-12 18:46 --------- d-----w c:\program files\UpsPilot
2008-12-19 11:11 --------- d-----w c:\program files\ESET
2008-12-03 12:58 --------- d-----w c:\documents and settings\user\Application Data\Media Player Classic
2008-11-29 23:08 --------- d-----w c:\program files\MessengerDiscovery
2008-11-29 23:07 --------- d-----w c:\program files\MSN Messenger
2008-11-28 08:18 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2008-11-28 08:11 --------- d-----w c:\program files\Common Files\Adobe
2008-11-28 08:11 --------- d-----w c:\program files\Bonjour
2008-11-28 08:01 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-11-26 10:30 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2008-11-26 10:24 --------- d-----w c:\program files\CyberLink
2008-11-26 10:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-26 08:17 --------- d-----w c:\program files\AviSynth 2.5
2008-11-26 08:14 --------- d-----w c:\program files\eRightSoft
2008-11-21 22:43 --------- d-----w c:\program files\Windows Live
2008-11-20 11:19 --------- d-----w c:\documents and settings\user\Application Data\CyberLink
2008-11-20 11:10 --------- d-----w c:\program files\Toshiba
2008-11-20 09:15 512,096 ----a-w c:\windows\system32\drivers\amon.sys
2008-11-20 09:15 298,104 ----a-w c:\windows\system32\imon.dll
2008-11-20 09:15 15,424 ----a-w c:\windows\system32\drivers\nod32drv.sys
2008-11-20 09:09 --------- d-----w c:\program files\FLVPlayer
2008-11-20 09:08 --------- d-----w c:\program files\K-Lite Codec Pack
2008-11-20 09:04 --------- d-----w c:\program files\Hewlett-Packard
2008-11-20 09:03 --------- d--h--w c:\program files\Zenographics
2008-11-20 08:59 --------- d-----w c:\documents and settings\user\Application Data\Lavasoft
2008-11-20 08:54 --------- d-----w c:\program files\Logitech
2008-11-20 08:53 --------- d-----w c:\program files\Common Files\Labtec
2008-11-20 08:48 60,156 ----a-w c:\windows\system32\jspWinNm.DLL
2008-11-20 08:48 56,320 ----a-w c:\windows\system32\smemory.dll
2008-11-20 08:48 53,248 ----a-w c:\windows\system32\jspWinRni.DLL
2008-11-20 08:48 51,200 ----a-w c:\windows\system32\TrayIcon12.dll
2008-11-20 08:48 45,056 ----a-w c:\windows\system32\jspWin.dll
2008-11-20 08:48 35,992 ----a-w c:\windows\system32\jspWinRnia.DLL
2008-11-20 08:47 --------- d--h--w c:\program files\Zero G Registry
2008-11-20 08:38 --------- d-----w c:\program files\ASUS
2008-11-20 08:33 --------- d-----w c:\program files\mIRC
2008-11-20 08:10 --------- d-----w c:\documents and settings\user\Application Data\Talkback
2008-11-20 07:58 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2006-05-03 10:06 163,328 --sh--r c:\windows\system32\flvDX.dll
2006-11-03 14:55 35,872 --sha-w c:\windows\system32\drivers\fidbox.dat
2006-11-03 14:55 544 --sha-w c:\windows\system32\drivers\fidbox2.dat
.
------- Sigcheck -------
2004-09-01 09:00 359040 7b11118b078b88f87183fe69eda43137 c:\windows\system32\drivers\tcpip.sys
2004-09-01 09:00 215552 a77219a971029dc2fb683e8513713803 c:\windows\system32\termsrv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-09-01 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-06-10 339968]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"GhostStartTrayApp"="c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe" [2002-08-14 94208]
"RemoteControl"="c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe" [2007-02-12 65536]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"Winpower"="c:\program files\UpsPilot\Winpower.exe" [2008-11-20 114688]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe" [2004-02-12 188416]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2004-02-12 77824]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2005-03-18 98304]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-11-20 949376]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-01 c:\windows\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-09-01 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2004-12-21 45056]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"msacm.enc"= ITIG726.acm
"VIDC.X264"= x264vfw.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
R1 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [2002-08-14 5632]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2008-11-20 15424]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-11-20 2831232]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - IPODSERVICE
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3a09b282-b737-11dd-918e-0015f22d95ce}]
\Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {9100B1AB-6EA4-46BF-9AB5-A2FDBADB4D81} = 195.222.32.10
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\gc2t8t4o.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPJPI150_01.dll
FF - plugin: c:\program files\Java\jre1.5.0_01\bin\NPOJI610.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-01-12 22:23:02
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(752)
c:\windows\system32\imon.dll
.
Completion time: 2009-01-12 22:24:45
ComboFix-quarantined-files.txt 2009-01-12 21:24:26
Pre-Run: 17,309,626,368 bytes free
Post-Run: 17,445,859,328 bytes free
227