ComboFix 09-12-19.03 - Ana 20.12.2009 18:42:31.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.387.1033.18.511.276 [GMT 1:00]
Running from: c:\combofix\ComboFix.exe
Command switches used :: ComboFix
AV: avast! antivirus 4.8.1368 [VPS 091215-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2009-11-20 to 2009-12-20 )))))))))))))))))))))))))))))))
.
2009-12-20 17:34 . 2009-12-20 17:33 389120 ----a-w- c:\windows\system32\CF4071.exe
2009-12-12 10:00 . 2009-12-12 10:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-12-12 09:55 . 2009-12-12 09:55 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-12-12 09:55 . 2009-12-12 10:22 -------- d-----w- c:\documents and settings\Ana\Local Settings\Application Data\Temp
2009-12-10 07:40 . 2009-12-10 07:40 56896 ---ha-w- c:\windows\system32\mlfcache.dat
2009-12-10 07:22 . 2009-12-12 10:23 -------- d-----w- c:\documents and settings\Ana\Local Settings\Application Data\Google
2009-12-10 07:21 . 2009-12-12 10:22 -------- d-----w- c:\program files\Google
2009-12-03 14:13 . 2009-12-03 14:13 -------- d--h--w- c:\windows\PIF
2009-12-02 11:18 . 2009-12-02 11:18 -------- d-----w- c:\documents and settings\Ana\Application Data\DivX
2009-12-02 11:16 . 2009-12-02 11:16 -------- d-----w- c:\program files\DivX
2009-12-02 11:15 . 2009-12-02 11:16 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-30 13:46 . 2009-11-30 13:58 -------- d-----w- c:\program files\NetTVPlus Player
2009-11-30 13:11 . 2009-11-30 13:13 -------- d-----w- c:\documents and settings\Ana\Application Data\avidemux
2009-11-27 12:23 . 2009-11-27 12:25 -------- d-----w- C:\Temp
2009-11-27 12:22 . 2009-11-27 12:22 -------- d-----w- c:\program files\ImTOO
2009-11-25 11:01 . 2007-11-29 22:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-25 11:01 . 2009-11-25 11:01 -------- d-----w- c:\program files\DivX Pro VFW
2009-11-24 13:37 . 2009-11-24 13:39 -------- d-----w- c:\program files\Ultra RM Converter
2009-11-24 13:21 . 2009-11-24 13:21 -------- d-----w- c:\documents and settings\Ana\Application Data\Xi
2009-11-24 13:04 . 2009-11-24 13:04 -------- d-----w- c:\program files\Xi
2009-11-24 12:22 . 2009-11-24 12:22 -------- d-----w- c:\documents and settings\Ana\Application Data\Apple Computer
2009-11-24 11:58 . 2009-11-24 12:07 17237488 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\rp\RealPlayerSPGold.exe
2009-11-24 11:57 . 2009-11-24 11:58 8406648 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\gtb_us\GOOGLE_TOOLBAR\GoogleToolbarInstaller.exe
2009-11-24 11:54 . 2009-11-24 11:55 10309448 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\chr\ChromeInstaller.exe
2009-11-24 11:51 . 2009-11-24 11:51 52288 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\RUP\inst_config\gtapi.dll
2009-11-24 11:51 . 2009-11-24 11:51 64000 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\RUP\inst_config\gcapi_dll.dll
2009-11-24 11:51 . 2009-11-24 11:51 50688 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\RUP\inst_config\fftbapi.dll
2009-11-24 11:51 . 2009-11-24 11:51 114688 ----a-w- c:\documents and settings\Ana\Application Data\Real\Update\setup\RUP\inst_config\compat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-20 17:08 . 2009-10-20 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-20 17:04 . 2009-10-20 14:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-19 11:21 . 2009-12-19 11:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-12-19 10:58 . 2009-11-10 11:42 -------- d-----w- c:\documents and settings\Ana\Application Data\uTorrent
2009-12-19 09:16 . 2009-10-23 12:57 -------- d-----w- c:\documents and settings\Ana\Application Data\Skype
2009-12-14 14:55 . 2009-10-20 13:19 -------- d-----w- c:\program files\Opera
2009-11-24 23:54 . 2009-10-20 13:07 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-10-20 13:08 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:49 . 2009-10-20 13:08 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-10-20 13:08 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-10-20 13:08 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-10-20 13:08 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 12:28 . 2009-10-29 07:35 -------- d-----w- c:\program files\Common Files\Real
2009-11-24 10:58 . 2009-10-29 07:35 -------- d-----w- c:\program files\Real
2009-11-18 08:48 . 2009-11-18 08:48 0 ----a-w- c:\windows\nsreg.dat
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2009-11-10 11:50 . 2009-11-10 11:50 -------- d-----w- c:\program files\uTorrent
2009-11-04 14:17 . 2009-11-04 14:17 -------- d-----w- c:\program files\Common Files\Windows Live
2009-10-29 12:25 . 2009-10-29 12:25 -------- d-----w- c:\program files\4U Computing
2009-10-29 09:27 . 2009-10-29 09:27 -------- d-----w- c:\program files\VDOWNLOADER
2009-10-27 10:55 . 2009-10-27 10:55 -------- d-----w- c:\program files\Nero
2009-10-27 10:55 . 2009-10-27 10:55 -------- d-----w- c:\program files\Common Files\Nero
2009-10-27 10:55 . 2009-10-27 10:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2009-10-23 12:57 . 2009-10-23 12:57 -------- d-----r- c:\program files\Skype
2009-10-23 12:57 . 2009-10-23 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-10-21 12:58 . 2009-10-20 11:55 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-10-21 10:09 . 2009-10-20 12:15 70328 ----a-w- c:\documents and settings\Ana\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-20 11:55 . 2009-10-20 12:43 1536 ----a-w- c:\windows\system32\TrueSoft.dat
2009-10-20 11:55 . 2009-10-20 12:43 456 ----a-w- c:\windows\system32\pthsp.dat
2009-10-20 11:51 . 2009-10-20 11:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
------- Sigcheck -------
[-] 2009-01-08 . 5AE1C2695F6523AD98B948F2887D8C5E . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys
[-] 2009-01-08 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-11 21:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2008-06-12 01:25 37232 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Xi\\NetXfer\\NetTransport.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.10.2009 14:08 114768]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.10.2009 14:08 20560]
S2 gupdate;Usluga Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.12.2009 10:55 135664]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {C207A5E0-8E28-4C67-857B-4DCBDBC7E0EA} = 87.250.98.250 208.67.222.222
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/58.09/uploader2.cab
FF - ProfilePath - c:\documents and settings\Ana\Application Data\Mozilla\Firefox\Profiles\i7hh8vol.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Malwarebytes' Anti-Malware - c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-12-20 18:50
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
c:\docume~1\Ana\LOCALS~1\Temp\RarSFX3\a8bddb51
c:\docume~1\Ana\LOCALS~1\Temp\RarSFX3\de-scan 62 bytes
c:\docume~1\Ana\LOCALS~1\Temp\RarSFX3\it-scan
scan completed successfully
hidden files: 3
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(1380)
c:\windows\system32\msi.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
.
Completion time: 2009-12-20 18:53:32
ComboFix-quarantined-files.txt 2009-12-20 17:53
Pre-Run: 6.432.346.112 bytes free
Post-Run: 6.407.626.752 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - B861E4F1640C73513AB8D8F81CA2329B
Ne mogu da instaliram nikakvu zašitu
