uradio sve kako ste rekli, i evo logova :
ComboFix 09-06-18.02 - Admin 19.06.2009 17:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2638 [GMT 2:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\recycler\S-1-5-21-1129045522-63375168-1442165692-1003
c:\recycler\S-1-5-21-2645212208-1526584180-797298841-1003
C:\Autorun.inf
c:\recycler\S-1-5-21-1129045522-63375168-1442165692-1003\desktop.ini
c:\recycler\S-1-5-21-1129045522-63375168-1442165692-1003\INFO2
c:\recycler\S-1-5-21-2645212208-1526584180-797298841-1003\desktop.ini
c:\recycler\S-1-5-21-2645212208-1526584180-797298841-1003\INFO2
C:\sm.exe
c:\windows\system32\nmdfgds0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
D:\Autorun.inf
D:\sm.exe
H:\Autorun.inf
H:\d1vmq.exe
H:\sm.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_AVPsys
((((((((((((((((((((((((( Files Created from 2009-05-19 to 2009-06-19 )))))))))))))))))))))))))))))))
.
2009-06-19 02:42 . 2009-06-19 02:57 -------- d-----w- c:\documents and settings\Admin\Application Data\BSplayer PRO
2009-06-19 02:42 . 2009-06-19 02:42 -------- d-----w- c:\program files\Webteh
2009-06-18 23:32 . 2009-06-18 23:32 -------- d-----w- c:\documents and settings\All Users\Application Data\KONAMI
2009-06-18 23:29 . 2009-06-18 23:29 -------- d-----w- c:\program files\KONAMI
2009-06-18 12:51 . 2009-06-18 12:51 -------- d-----w- c:\program files\Trend Micro
2009-06-17 23:51 . 2009-06-17 23:51 603904 ----a-w- c:\windows\system32\TUProgSt.exe
2009-06-17 23:51 . 2008-11-12 14:44 27904 ----a-w- c:\windows\system32\uxtuneup.dll
2009-06-17 23:51 . 2009-06-17 23:51 362240 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-06-17 23:51 . 2009-06-17 23:51 -------- d-----w- c:\documents and settings\Admin\Application Data\TuneUp Software
2009-06-17 23:51 . 2009-06-17 23:51 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2009-06-17 23:51 . 2009-06-17 23:57 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-06-17 23:50 . 2009-06-17 23:50 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2009-05-23 23:06 . 2009-05-29 18:51 16 ----a-w- c:\windows\popcinfo.dat
2009-05-23 23:04 . 2009-05-23 23:04 -------- d-----w- c:\program files\PopCap Games
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-19 02:33 . 2009-04-16 20:30 27839 ----a-w- c:\windows\system32\nvModes.dat
2009-06-17 20:42 . 2009-05-16 23:10 139360 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-05-29 20:13 . 2009-04-13 08:29 -------- d-----w- c:\documents and settings\Admin\Application Data\Skype
2009-05-18 19:34 . 2009-04-07 16:39 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-18 19:05 . 2009-05-18 19:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia
2009-05-17 00:02 . 2009-05-17 00:02 -------- d-----w- c:\documents and settings\Admin\Application Data\Nseries
2009-05-16 23:58 . 2009-05-16 23:56 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite
2009-05-16 23:58 . 2009-05-16 23:58 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-05-16 23:58 . 2009-05-16 23:58 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-16 23:56 . 2009-05-16 23:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Nokia
2009-05-16 23:56 . 2009-05-16 23:14 -------- d-----w- c:\program files\Nokia
2009-05-16 23:53 . 2009-04-07 16:43 29096 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-16 23:52 . 2009-05-16 23:52 -------- d-----w- c:\documents and settings\Admin\Application Data\PC Suite
2009-05-16 23:49 . 2009-05-16 23:49 -------- d-----w- c:\program files\Windows Media Connect 2
2009-05-16 23:40 . 2009-05-16 23:30 -------- d-----w- c:\program files\Common Files\Nokia
2009-05-16 23:40 . 2009-05-16 23:40 -------- d-----w- c:\program files\MSXML 6.0
2009-05-16 23:39 . 2009-05-16 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations
2009-05-16 23:38 . 2009-05-16 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic
2009-05-16 23:15 . 2009-05-16 23:15 -------- d-----w- c:\program files\DIFX
2009-05-16 23:10 . 2009-05-16 23:10 -------- d-----w- c:\program files\MSBuild
2009-05-16 23:10 . 2009-05-16 23:10 -------- d-----w- c:\program files\Reference Assemblies
2009-05-02 21:29 . 2009-04-16 14:46 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-05-02 21:29 . 2009-04-16 14:46 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-04-16 20:31 . 2009-04-16 20:31 315392 ----a-w- c:\windows\HideWin.exe
2009-04-13 11:11 . 2009-04-08 15:23 7156 ----a-w- c:\windows\system32\d3d9caps.dat
2009-04-13 08:45 . 2009-04-13 08:45 16608 ----a-w- c:\windows\gdrv.sys
2009-04-13 07:55 . 2009-04-13 07:55 10368 ----a-w- c:\windows\system32\drivers\pfc.sys
2009-04-11 09:35 . 2009-04-11 09:35 2974 ----a-w- c:\windows\opentargetdir.vbs
2009-04-08 15:24 . 2009-04-08 15:24 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-04-08 15:22 . 2009-04-08 15:22 152576 ----a-w- c:\documents and settings\Admin\Application Data\Sun\Java\jre1.6.0_12\lzma.dll
2009-04-08 15:02 . 2009-04-08 15:02 0 ----a-w- c:\windows\nsreg.dat
2009-04-07 16:37 . 2009-04-07 16:37 21640 ----a-w- c:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-14 44032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-09 13537280]
"MGSysCtrl"="c:\program files\System Control Manager\MGSysCtrl.exe" [2007-11-21 180224]
"BisonHK"="c:\windows\BisonCam\BisonHK.exe" [2007-03-15 32768]
"BsMnt"="c:\windows\BisonCam\BsMnt.exe" [2007-03-15 172032]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-09-28 75136]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Nokia FastStart"="c:\program files\Nokia\Nokia Music\NokiaMusic.exe" [2009-02-26 2376992]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-09 1630208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2006-06-29 89541]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2008-2-22 2938184]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymedia.exe"=
"c:\\Program Files\\Nokia\\Nokia Home Media Server\\Media Server\\twonkymediaserver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\Jelen Super Liga.exe"=
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [16.4.2009 16:46 108289]
R2 NishService;SCM Driver Daemon;c:\program files\System Control Manager\edd.exe [16.4.2009 16:37 40960]
R2 NTPCI;NTPCI;c:\windows\system32\drivers\ntpci.sys [16.4.2009 22:33 5632]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [18.6.2009 1:51 603904]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [16.4.2009 16:37 9088]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [16.4.2009 22:33 51160]
R3 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [16.4.2009 22:33 43736]
S2 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 --> c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [?]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\Windows Live\Messenger\usnsvc.exe [18.10.2007 11:31 98328]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2009-06-19 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 14:28]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-Device Detector - DevDetect.exe
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-06-19 17:51
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2456)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ACD Systems\EN\DevDetect.exe
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Nokia\PC Connectivity Solution\ServiceLayer.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\Nokia\PC Connectivity Solution\Transports\NclRSSrv.exe
.
**************************************************************************
.
Completion time: 2009-06-19 17:53 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-19 15:53
Pre-Run: 63.718.907.904 bytes free
Post-Run: 63.645.462.528 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
193