Log od combofix-a:
ComboFix 08-02.05.3 - Lazic 2008-02-08 0:30:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.560 [GMT 1:00]
Running from: D:\programi8\ComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\_000110_.tmp.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.
2008-02-07 21:19 . 2008-02-08 00:32 7,483 --a------ C:\WINDOWS\system32\Config.MPF
2008-02-07 21:17 . 2008-02-07 21:17 <DIR> d-------- C:\Program Files\McAfee.com
2008-02-07 21:17 . 2008-02-07 21:18 <DIR> d-------- C:\Program Files\McAfee
2008-02-07 21:17 . 2008-02-07 21:17 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-02-07 21:17 . 2007-07-21 09:08 201,288 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-02-07 21:17 . 2007-07-13 09:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-02-07 21:17 . 2007-07-24 07:40 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-02-07 21:17 . 2007-07-21 09:08 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-02-07 21:17 . 2007-07-21 09:08 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-02-07 21:17 . 2007-07-24 12:02 33,800 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-02-07 19:27 . 2008-01-07 14:29 352 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-02-06 23:46 . 2008-02-06 23:46 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MiniDm
2008-01-23 20:18 . 2008-02-07 21:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-01-23 20:17 . 2008-01-23 20:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-23 20:04 . 2008-01-23 20:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-01-23 20:03 . 2008-01-23 20:03 <DIR> dr-hs---- C:\_Backup.RC
2008-01-23 20:03 . 2008-01-23 20:03 <DIR> d--h----- C:\_Backup
2008-01-23 20:01 . 2008-01-23 20:01 <DIR> d-------- C:\Program Files\Avanquest
2008-01-23 20:01 . 2008-01-23 20:01 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Avanquest
2008-01-23 19:58 . 2008-01-23 19:59 <DIR> d-------- C:\Program Files\Canon
2008-01-12 23:30 . 2008-01-12 23:31 <DIR> d-------- C:\Program Files\Screamer Radio
2008-01-12 22:04 . 2008-01-12 22:04 48 -rahs---- C:\WINDOWS\OP_CACHE.ATR
2008-01-12 22:04 . 2008-01-12 22:04 24 -rahs---- C:\WINDOWS\OP_CACHE.IDX
2008-01-12 19:44 . 2008-01-12 22:04 192 -rahs---- C:\WINDOWS\system32\OP_CACHE.ATR
2008-01-12 19:44 . 2008-01-12 22:04 96 -rahs---- C:\WINDOWS\system32\OP_CACHE.IDX
2008-01-12 19:41 . 2008-01-12 22:58 <DIR> d-------- C:\WINDOWS\system32\Filt
2008-01-12 19:41 . 2007-11-13 19:48 436,992 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2008-01-12 19:41 . 2007-11-13 18:39 198,544 --a------ C:\WINDOWS\system32\drivers\afw.sys
2008-01-12 17:23 . 2008-01-12 18:02 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-01-12 17:13 . 2008-01-12 17:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-12 14:43 . 2008-01-12 14:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 23:33 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-07 23:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-07 23:21 --------- d-----w C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2008-02-07 22:10 --------- d-----w C:\Program Files\Yahoo!
2008-02-07 00:07 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Thinstall
2008-02-06 22:42 --------- d-----w C:\Program Files\Opera
2008-01-23 19:00 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-23 18:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Corporation
2008-01-23 18:42 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-13 17:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\RFA_Backups
2008-01-13 17:37 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-01-13 17:08 --------- d-----w C:\Program Files\Winamp
2008-01-12 22:26 --------- d-----w C:\Program Files\JetAudio
2008-01-12 22:26 --------- d-----w C:\Program Files\GetRight
2008-01-12 22:26 --------- d-----w C:\Program Files\FireTune
2008-01-12 22:26 --------- d-----w C:\Program Files\DreamPinball
2008-01-12 22:26 --------- d-----w C:\Program Files\Codec Pack - All In 1
2008-01-12 22:13 --------- d-----w C:\Program Files\Prio
2008-01-12 21:58 --------- d-----w C:\Documents and Settings\Administrator\Application Data\uTorrent
2008-01-12 21:03 --------- d-----w C:\Program Files\Unlocker
2008-01-12 21:02 --------- d-----w C:\Program Files\Vista Drive Icon
2008-01-12 21:02 --------- d-----w C:\Program Files\uTorrent
2008-01-12 21:02 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-01-12 21:02 --------- d-----w C:\Program Files\totalcmd
2008-01-12 21:02 --------- d-----w C:\Program Files\SpeedItUpExtreme
2008-01-12 21:02 --------- d-----w C:\Program Files\RFA Platinum
2008-01-12 21:02 --------- d-----w C:\Program Files\RealPlayer v 11 0 0 372 Plus
2008-01-12 21:02 --------- d-----w C:\Program Files\Nero
2008-01-12 21:02 --------- d-----w C:\Program Files\MrDicty 2000
2008-01-12 21:02 --------- d-----w C:\Program Files\Microsoft Bootvis
2008-01-12 21:02 --------- d-----w C:\Program Files\MagicISO
2008-01-12 21:02 --------- d-----w C:\Program Files\Google
2008-01-12 21:02 --------- d-----w C:\Program Files\Disk Cleaner
2008-01-12 21:02 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-12 21:02 --------- d-----w C:\Program Files\CCleaner
2008-01-12 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-01-12 21:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-01-12 21:02 --------- d-----w C:\Documents and Settings\Administrator\Application Data\vlc
2008-01-06 15:21 --------- d-----w C:\Program Files\Common Files\TrustPort
2008-01-06 11:08 --------- d-----w C:\Program Files\MSBuild
2008-01-06 11:08 --------- d-----w C:\Program Files\Microsoft Works
2008-01-06 11:08 --------- d-----w C:\Program Files\Common Files\TerraGame Shared
2008-01-06 11:08 --------- d-----w C:\Program Files\Common Files\Stardock
2008-01-06 11:08 --------- d-----w C:\Program Files\Common Files\COWON
2008-01-06 11:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-01-06 11:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IEPro
2008-01-06 11:08 --------- d-----w C:\Documents and Settings\Administrator\Application Data\IE7Pro
2008-01-04 17:06 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-01-02 15:47 --------- d-----w C:\Program Files\IE7Pro
2007-12-30 18:26 507 ----a-w C:\Documents and Settings\Administrator\Application Data\dcuser.dat
2007-12-30 18:03 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 23:15 45,944 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2007-12-27 23:15 3,872 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2007-12-27 23:15 3,116,320 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2007-12-27 23:15 2,480 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2007-12-27 12:58 --------- d-----w C:\Program Files\Windows Live
2007-12-25 20:45 --------- d-----w C:\Program Files\Common Files\NSV
2007-12-22 22:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2007-12-22 22:10 --------- d-----w C:\Documents and Settings\Administrator\Application Data\TuneUp Software
2007-12-22 15:14 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2007-12-22 15:04 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-22 15:04 --------- d-----w C:\Program Files\Common Files\Real
2007-12-22 15:03 --------- d-----w C:\Program Files\Real
2007-12-22 14:52 --------- d-----w C:\Program Files\JlgSolera
2007-12-22 14:50 --------- d-----w C:\Program Files\Common Files\Acronis
2007-12-22 14:50 --------- d-----w C:\Program Files\Acronis
2007-12-11 19:22 --------- d-----w C:\Documents and Settings\Administrator\Application Data\COWON
2007-12-09 13:19 --------- d-----w C:\Program Files\ACD Systems
2007-12-09 13:10 --------- d-----w C:\Program Files\TerraGame
2007-12-09 12:49 --------- d-----w C:\Program Files\MT882
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33 582992]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 0 (0x0)
"NoFileAssociate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\WINDOWS\\system32\\logonuiX.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 2007-09-23 09:10 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=prio.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=C:\WINDOWS\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Kodak\Kodak EasyShare\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2006-10-16 20:13 87584 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
--a------ 2006-10-16 20:17 1941784 C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 19:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 C:\WINDOWS\Alcmtr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BootSkin Startup Jobs]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-03 23:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DrvIcon]
--a------ 2007-07-04 20:59 45056 C:\Program Files\Vista Drive Icon\DrvIcon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LFAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogonStudio]
--a------ 2002-09-03 17:38 987187 C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 17:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2007-10-18 11:34 5724184 C:\Program Files\Windows Live\Messenger\MsnMsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MULTIMEDIA KEYBOARD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nMTaskBarService]
-ra------ 2003-07-22 10:17 90112 C:\WINDOWS\nMtsk.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-03-20 01:07 8425472 C:\WINDOWS\system32\NvCpl.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-03-20 01:07 81920 C:\WINDOWS\system32\NvMcTray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-03-20 01:07 1622016 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 01:08 2512392 C:\WINDOWS\system32\oodtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OSSelectorReinstall]
--a------ 2006-04-12 15:15 1261475 C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-02-26 14:03 16125440 C:\WINDOWS\RTHDCPL.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSystemAnalyzer]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedConnectStartUp]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedItUpEX]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Startup Manager]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-12-22 16:04 185896 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
--a------ 2006-10-16 20:12 1164912 C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWCU]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIWatcher]
--a------ 2007-07-09 13:13 1741168 C:\Program Files\Ashampoo\Ashampoo UnInstaller Platinum 2\UIWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster2]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpyEraser]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows LoL2 Layer]
R1 AmdPPM;AMD HwPState Processor Driver;C:\WINDOWS\system32\DRIVERS\AmdPPM.sys [2007-04-16 21:46]
R1 BIOS;BIOS;C:\WINDOWS\system32\drivers\BIOS.sys [2005-03-16 07:23]
R1 Prio;Prio;C:\WINDOWS\system32\drivers\prio.sys [2007-08-23 09:53]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-03 23:56]
R3 Intels51;Intel(R) 536EP Modem;C:\WINDOWS\system32\DRIVERS\Intels51.sys [2004-12-10 21:30]
R3 netModUSBService;Service for netMod USB CAPI Driver;C:\WINDOWS\system32\drivers\nMUSB.sys [2003-11-27 11:03]
S3 Fix-It Task Manager;Fix-It Task Manager;C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe [2007-09-01 06:58]
S3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2007-12-22 23:19]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 22:01]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
"2008-01-04 16:33:54 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2007-09-15 10:00:03 C:\WINDOWS\Tasks\EasyShare Registration RunOnce Task.job"
- C:\WINDOWS\system32\rundll32.exesC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt _RegistrationOfferSilence@16
"2008-01-05 10:58:00 C:\WINDOWS\Tasks\EasyShare Registration Task.job"
- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.2.25.1.sxt _RegistrationOffer@16
"2008-02-07 20:17:34 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe'
"2008-02-07 20:17:32 C:\WINDOWS\Tasks\McQcTask.job"
- c:\PROGRA~1\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-08 00:34:17
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Completion time: 2008-02-08 0:36:26 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-07 23:36:22
.
2008-01-04 17:54:02 --- E O F ---
Acronis je program za izradu image particije, kao recimo Norton Ghost
Fix-it je program Fix It Utilities 8 Pro je optimizer program
O&O je program za defregmentaciju
TuneUp je pozati program TuneUpUtilities 2008.
Evo i loga od HijacThis:
Logfile of HijackThis v1.99.1
Scan saved at 12:51:23 AM, on 2/8/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
D:\programi\nesto sto ne asocira\nesto sto ne asocira.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BDCAA8C-D2E6-49ED-8F94-50427C04332F}: NameServer = 80.93.224.1,80.93.224.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{4BDCAA8C-D2E6-49ED-8F94-50427C04332F}: NameServer = 80.93.224.1,80.93.224.2
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: prio.dll
O20 - Winlogon Notify: WBSrv - C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: McAfee Application Installer Cleanup (0124661200173558) (0124661200173558mcinstcleanup) - - (no file)
O23 - Service: McAfee Application Installer Cleanup (0263201202415463) (0263201202415463mcinstcleanup) - - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Fix-It Task Manager - Avanquest Software USA, Inc. - C:\PROGRA~1\AVANQU~1\Fix-It\mxtask.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
Ove dve linije obrisem ali se ponovo vracaju:
O23 - Service: McAfee Application Installer Cleanup (0124661200173558) (0124661200173558mcinstcleanup) - - (no file)
O23 - Service: McAfee Application Installer Cleanup (0263201202415463) (0263201202415463mcinstcleanup) - - (no file)
