Nadam se da sam sve odradio kako treba jer isass je i dalje tu :( !
ComboFix 09-07-29.04 - PC 07/30/2009 18:08.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1598 [GMT 2:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\PC\Application Data\.#
c:\documents and settings\PC\Application Data\inst.exe
c:\windows\Installer\19a771e.msi
c:\windows\Installer\a41ed.msi
c:\windows\Installer\fff055.msi
c:\windows\system32\Dvbpws.dll
.
((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-30 )))))))))))))))))))))))))))))))
.
2009-07-30 14:31 . 2009-07-30 14:31 -------- d-----w- C:\_OTM
2009-07-30 12:15 . 2009-07-30 12:15 328 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090730141520.bat
2009-07-29 08:54 . 2009-07-29 08:54 2883 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090729105403.bat
2009-07-27 18:06 . 2009-07-27 18:06 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727200645.bat
2009-07-27 14:08 . 2009-07-27 14:08 551 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090727160838.bat
2009-07-26 18:17 . 2009-07-26 18:17 554 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090726201739.bat
2009-07-20 22:52 . 2008-01-07 12:29 352 ---ha-w- c:\windows\nod32fixtemdono.reg
2009-07-20 22:51 . 2009-07-20 22:51 -------- d-----w- c:\program files\ESET
2009-07-20 22:47 . 2009-07-20 22:47 360192 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-07-20 19:06 . 2009-07-20 19:06 431 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720210656.bat
2009-07-20 11:13 . 2009-07-20 11:13 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131348.bat
2009-07-20 11:10 . 2009-07-20 11:10 360 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720131025.bat
2009-07-20 11:05 . 2009-07-20 11:05 354 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130559.bat
2009-07-20 11:01 . 2009-07-20 11:01 345 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090720130145.bat
2009-07-19 16:18 . 2009-07-19 16:18 352 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090719181830.bat
2009-07-11 19:31 . 2009-07-11 19:31 -------- d-----w- C:\VundoFix Backups
2009-07-11 15:58 . 2009-07-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Jes-Soft
2009-07-10 15:05 . 2009-07-10 15:05 557 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710170525.bat
2009-07-10 14:52 . 2009-07-10 14:52 316 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090710165216.bat
2009-07-09 20:43 . 2009-07-09 20:46 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Temp
2009-07-09 20:43 . 2009-07-09 20:43 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Real
2009-07-09 16:34 . 2009-07-09 16:34 -------- d-----w- c:\program files\Common Files\xing shared
2009-07-09 16:33 . 2009-07-09 16:33 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-07-08 19:42 . 2009-07-08 19:42 -------- d-----w- c:\program files\FLV Player
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-30 15:30 . 2008-11-18 22:55 169936 ----a-w- c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\FlashGot.exe
2009-07-30 12:15 . 2008-05-24 12:03 -------- d-----w- c:\documents and settings\PC\Application Data\WinFF
2009-07-29 22:32 . 2008-05-16 14:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-29 21:12 . 2008-05-15 14:35 -------- d-----w- c:\documents and settings\PC\Application Data\uTorrent
2009-07-28 21:05 . 2008-09-26 15:13 -------- d-----w- c:\documents and settings\PC\Application Data\Kingston
2009-07-27 14:30 . 2008-05-21 18:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 14:25 . 2008-06-01 08:05 3775176 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-20 22:51 . 2008-05-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-07-20 22:15 . 2008-05-15 13:25 -------- d-----w- c:\program files\Yahoo!
2009-07-13 11:36 . 2008-08-10 14:34 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 11:36 . 2008-05-21 18:28 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-11 12:53 . 2008-12-06 12:00 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2009-07-10 14:43 . 2008-09-19 13:38 -------- d-----w- c:\program files\Google
2009-07-10 14:19 . 2009-01-31 01:18 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-07-09 16:34 . 2008-05-15 19:01 -------- d-----w- c:\program files\Common Files\Real
2009-07-09 16:34 . 2008-05-15 19:01 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-07-09 16:34 . 2008-05-15 19:01 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-07-08 18:52 . 2008-05-15 14:29 -------- d-----w- c:\documents and settings\PC\Application Data\Skype
2009-07-08 18:52 . 2008-05-15 14:32 -------- d-----w- c:\documents and settings\PC\Application Data\skypePM
2009-07-07 20:00 . 2009-06-24 14:12 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-07-07 20:00 . 2009-06-24 14:12 1630560 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-07-07 20:00 . 2009-06-24 14:11 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-07-07 19:20 . 2008-05-15 13:21 -------- d-----w- c:\documents and settings\PC\Application Data\Vso
2009-07-06 14:17 . 2009-06-24 14:12 314712 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-07-06 14:17 . 2009-06-24 14:12 169312 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-07-06 14:17 . 2009-06-24 14:12 348496 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-07-06 14:17 . 2009-06-24 14:12 298336 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-07-06 14:17 . 2009-06-01 14:18 84832 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-07-06 14:16 . 2009-06-01 14:09 246128 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 85352 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-07-06 14:16 . 2009-06-01 14:09 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-07-06 14:16 . 2009-06-24 14:11 664424 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-07-06 14:16 . 2009-06-24 14:11 563064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-07-06 14:16 . 2009-06-24 14:11 566632 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-07-06 14:16 . 2009-06-24 14:10 629072 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-07-06 14:16 . 2009-06-24 14:10 520024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-07-06 14:16 . 2009-06-24 14:10 1029456 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 19:36 . 2009-06-26 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-26 19:32 . 2009-06-26 19:32 -------- d-----w- c:\program files\KONAMI
2009-06-26 16:18 . 2004-08-03 22:56 659456 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:18 . 2004-08-03 22:56 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-24 14:19 . 2009-06-24 14:19 337 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161917.bat
2009-06-24 14:17 . 2009-06-24 14:17 789 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090624161739.bat
2009-06-23 18:55 . 2009-06-23 18:55 388 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623205533.bat
2009-06-23 18:33 . 2009-06-23 18:33 924 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203351.bat
2009-06-23 18:30 . 2009-06-23 18:30 2958 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090623203031.bat
2009-06-21 22:13 . 2008-05-16 13:36 -------- d-----w- c:\documents and settings\PC\Application Data\BSplayer PRO
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Adobe Media Player
2009-06-21 22:11 . 2009-06-21 22:11 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-06-21 22:10 . 2009-06-21 22:11 38208 ----a-w- c:\documents and settings\PC\Application Data\Macromedia\Flash Player\
www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-06-16 14:55 . 2004-08-03 22:56 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:55 . 2001-08-23 10:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 20:15 . 2009-06-12 20:15 2165 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090612221550.bat
2009-06-09 18:50 . 2009-06-09 18:50 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090609205015.bat
2009-06-07 15:27 . 2009-06-07 15:27 3765 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090607172718.bat
2009-06-06 16:48 . 2009-06-06 16:48 440 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606184822.bat
2009-06-06 14:06 . 2009-06-06 14:06 313 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090606160652.bat
2009-06-03 19:27 . 2004-08-03 22:56 1290752 ----a-w- c:\windows\system32\quartz.dll
2009-06-01 14:18 . 2009-06-01 14:18 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 14:18 . 2009-05-13 14:10 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-29 16:56 . 2009-05-29 16:56 390664 ----a-w- c:\documents and settings\PC\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-13 14:04 . 2009-05-13 14:05 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-13 14:04 . 2009-05-13 14:04 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-05-13 06:42 . 2009-05-12 20:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe
2009-05-13 06:38 . 2008-07-10 14:33 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-12 20:42 . 2008-05-15 13:21 47360 ----a-w- c:\documents and settings\PC\Application Data\pcouffin.sys
2009-05-08 10:44 . 2009-05-08 10:44 319 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090508124456.bat
2009-05-07 15:44 . 2004-08-03 22:56 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-04 19:28 . 2009-05-04 19:28 322 ----a-w- c:\documents and settings\PC\Application Data\WinFF\ff090504212841.bat
2009-07-26 19:34 . 2009-04-23 15:17 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2008-05-16 23:53 . 2008-05-15 14:07 48 --sh--w- c:\windows\SEAB9B388.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-06-28 8466432]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072]
"run32"="c:\_otm\MovedFiles\07302009_163103\Win\lsass.exe" [2002-01-01 552103]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2006-10-04 53760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 10:41 294912 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD Cinema\\PowerDVDCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD9\\PowerDVD9.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/13/2009 16:05 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/1/2008 13:48 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/1/2008 13:48 51440]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/13 08:40];c:\program files\CyberLink\PowerDVD9\000.fcl [2/28/2009 19:40 87536]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [12/21/2007 08:21 468224]
R3 camvid20;Philips ToUcam Camera; Video;c:\windows\system32\drivers\camdrv21.sys [5/14/2008 20:03 223232]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 21:06 1029456]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 16:51 4096]
S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [5/14/2008 17:25 9446]
.
Contents of the 'Scheduled Tasks' folder
2009-07-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 14:16]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: &Google Search - c:\program files\Google\googletoolbar.dll/cmsearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\1nptc0nz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.vijesti.cg.yu/
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-07-30 18:13
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1288)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
.
**************************************************************************
.
Completion time: 2009-07-30 18:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-30 16:16
Pre-Run: 44,667,514,880 bytes free
Post-Run: 45,848,989,696 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
228 --- E O F --- 2009-07-29 18:39