Combofix mi je nasao ovo
PS Sumnjam na F:ylr.exe
Evo cijeli log
______________
ComboFix 08-02.01.6 - zarelik 2008-02-01 15:19:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.256 [GMT
1:00]
Running from: C:Documents and SettingszarelikDesktopComboFix -
specialized malware removal toolComboFix.exe
* Created a new restore point
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE
INSTALLED !![/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions
)))))))))))))))))))))))))))))))))))))))))))))))))
.
C:WINDOWSsystem32Dvbpws.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-01 to 2008-02-01
)))))))))))))))))))))))))))))))
.
2008-01-31 23:25 . 2008-02-01 07:42 76 --a------
C:WINDOWSlsoon.ini
2008-01-31 23:15 . C:WINDOWS(2) C:ComboFixwinstart.bat
2008-01-31 23:13 . 2008-01-31 23:15 <DIR> d-------- C:Documents
and SettingszarelikApplication DataRegrun
2008-01-31 23:12 . 2008-01-31 23:12 <DIR> d-------- C:Program
FilesGreatis
2008-01-31 23:12 . 2003-09-06 15:55 57,556 --a------
C:WINDOWSguard.bmp
2008-01-31 23:10 . 2008-01-31 23:14 <DIR> d-------- C:Program
FilesAd-Aware SE Professional
2008-01-31 23:10 . 2008-01-31 23:10 <DIR> d-------- C:Documents
and SettingszarelikApplication DataLavasoft
2008-01-31 19:27 . 2008-01-31 19:27 <DIR> d-------- C:Program
FilesuTorrent
2008-01-31 19:27 . 2008-02-01 11:07 <DIR> d-------- C:Documents
and SettingszarelikApplication DatauTorrent
2008-01-31 18:13 . 2007-06-26 07:08 1,104,896 -----c---
C:WINDOWSsystem32dllcachemsxml3.dll
2008-01-31 18:13 . 2007-05-17 12:28 549,376 -----c---
C:WINDOWSsystem32dllcacheoleaut32.dll
2008-01-31 18:12 . 2008-01-31 18:12 <DIR> d-------- C:Program
FilesMSXML 6.0
2008-01-31 18:08 . 2007-04-25 15:21 144,896 -----c---
C:WINDOWSsystem32dllcacheschannel.dll
2008-01-31 18:07 . 2008-01-31 18:07 <DIR> d-------- C:Program
FilesMicrosoft CAPICOM 2.1.0.2
2008-01-31 18:01 . 2006-03-17 01:38 28,672 ---------
C:WINDOWSsystem32verclsid.exe
2008-01-31 18:00 . 2007-04-16 22:45 43,352 --a------
C:WINDOWSsystem32wups2.dll
2008-01-31 18:00 . 2007-04-16 22:44 34,136 --a------
C:WINDOWSsystem32wucltui.dll.mui
2008-01-31 18:00 . 2007-04-16 22:46 25,944 --a------
C:WINDOWSsystem32wuaucpl.cpl.mui
2008-01-31 18:00 . 2007-04-16 22:46 25,944 --a------
C:WINDOWSsystem32wuapi.dll.mui
2008-01-31 18:00 . 2007-04-16 22:45 20,312 --a------
C:WINDOWSsystem32wuaueng.dll.mui
2008-01-31 17:58 . 2008-01-31 17:58 <DIR> d--h-c---
C:WINDOWS$SQLUninstallMSXML2SP6-KB887606-x86-ENU$
2008-01-31 17:56 . 2008-01-31 18:13 <DIR> d--h-----
C:WINDOWS$hf_mig$
2008-01-31 17:56 . 2008-01-31 18:13 1,374 --a------
C:WINDOWSimsins.BAK
2008-01-31 17:55 . 2007-03-12 16:16 40,960 --a------
C:WINDOWSsystem32SSUBTMR6.DLL
2008-01-31 17:55 . 2007-03-12 16:16 10,752 --a------
C:WINDOWSsystem32aamd532.dll
2008-01-31 17:51 . 2003-03-11 12:04 266,240 --a------
C:WINDOWSsystem32hpdj3500
2008-01-31 17:51 . 2008-01-02 18:13 158,830 --a------
C:WINDOWShpdj3500.hi1
2008-01-31 17:51 . 2008-01-02 18:13 10,232 --a------
C:WINDOWShpdj3500.bu1
2008-01-31 17:39 . 2008-01-31 23:31 <DIR> d-------- C:Program
FilesAutoPatcher
2008-01-31 15:13 . 2007-12-04 14:04 837,496 --a------
C:WINDOWSsystem32aswBoot.exe
2008-01-31 15:13 . 2004-01-09 10:13 380,928 --a------
C:WINDOWSsystem32actskin4.ocx
2008-01-31 15:13 . 2007-12-04 13:54 95,608 --a------
C:WINDOWSsystem32AvastSS.scr
2008-01-31 15:13 . 2007-12-04 15:55 94,544 --a------
C:WINDOWSsystem32driversaswmon2.sys
2008-01-31 15:13 . 2007-12-04 15:56 93,264 --a------
C:WINDOWSsystem32driversaswmon.sys
2008-01-31 15:13 . 2007-12-04 15:51 42,912 --a------
C:WINDOWSsystem32driversaswTdi.sys
2008-01-31 15:13 . 2007-12-04 15:49 26,624 --a------
C:WINDOWSsystem32driversaavmker4.sys
2008-01-31 15:13 . 2007-12-04 15:53 23,152 --a------
C:WINDOWSsystem32driversaswRdr.sys
2008-01-31 14:36 . 2008-01-31 14:36 <DIR> d-------- C:Program
FilesTuneUp Utilities 2008
2008-01-31 14:36 . 2008-01-31 14:36 306,432 --a------
C:WINDOWSsystem32TuneUpDefragService.exe
2008-01-31 14:36 . 2007-12-20 10:41 29,440 --a------
C:WINDOWSsystem32uxtuneup.dll
2008-01-31 12:27 . 2008-01-31 12:27 <DIR> d-------- C:Program
FilesLavasoft
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmpD4D61.FOT
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmpB9D61.FOT
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmp9ED61.FOT
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmp81E61.FOT
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmp59E61.FOT
2008-01-30 10:55 . 2008-01-30 10:55 1,409 --a------
C:WINDOWSsystem32tmp20F61.FOT
2008-01-30 09:09 . 2008-01-30 09:11 <DIR> d-------- C:Documents
and SettingszarelikApplication DataSmartDraw
2008-01-30 08:44 . 2008-01-30 08:45 <DIR> d-------- C:Program
FilesMagicISO
2008-01-30 08:44 . 2008-01-30 08:44 <DIR> d-------- C:Program
FilesMagicDisc
2008-01-30 08:44 . 2007-09-05 01:46 92,544 --a------
C:WINDOWSsystem32driversmcdbus.sys
2008-01-29 23:19 . 2008-01-30 00:03 <DIR> d-------- C:Documents
and SettingsAll UsersApplication DataSpybot - Search & Destroy
2008-01-29 23:11 . 2008-01-29 23:11 138,624 --a------
C:WINDOWSsystem32driverssp_rsdrv2.sys
2008-01-29 23:10 . 2008-01-29 23:19 <DIR> d-------- C:Documents
and SettingszarelikApplication DataSpyware Terminator
2008-01-29 23:10 . 2008-01-30 08:14 <DIR> d-------- C:Documents
and SettingsAll UsersApplication DataSpyware Terminator
2008-01-29 23:02 . 2008-01-29 23:02 <DIR> d-------- C:Documents
and SettingsAll UsersApplication DataPrevx
2008-01-29 23:01 . 2008-01-29 23:02 <DIR> d-------- C:Documents
and SettingszarelikApplication DataPrevxCSI
2008-01-29 17:03 . 2008-02-01 10:15 <DIR> d-------- C:Program
FilesSUPERAntiSpyware
2008-01-29 17:03 . 2008-01-29 17:03 <DIR> d-------- C:Documents
and SettingszarelikApplication DataSUPERAntiSpyware.com
2008-01-29 17:03 . 2008-01-29 17:03 <DIR> d-------- C:Documents
and SettingsAll UsersApplication DataSUPERAntiSpyware.com
2008-01-29 13:49 . 2008-01-29 14:13 <DIR> d-------- C:Program
FilesPRO100 Demo
2008-01-29 12:30 . 2008-01-29 12:30 43,886 --a------
C:WINDOWSFontData.fdb
2008-01-29 10:19 . 2008-02-01 12:28 <DIR> d-------- C:Program
FilesAIMP2
2008-01-29 09:04 . 2008-01-29 09:07 <DIR> d-------- C:Program
FilesSwarm
2008-01-29 08:59 . 2008-01-29 09:04 <DIR> d-------- C:Program
FilesMaster of Defense
2008-01-29 08:53 . 2008-01-29 08:59 <DIR> d-------- C:Program
FilesStyrateg
2008-01-28 17:10 . 2000-10-24 00:00 3,608 --a------
C:WINDOWSsystem32driversport_nt.sys
2008-01-27 15:28 . 2008-01-27 15:28 <DIR> d-------- C:Documents
and SettingszarelikApplication DataDassaultSystemes
2008-01-27 15:28 . 2008-01-27 15:28 <DIR> d-------- C:Documents
and SettingsAll UsersApplication DataDassaultSystemes
2008-01-27 10:43 . 2008-01-27 10:43 <DIR> d-------- C:Program
FilesMicrosoft.NET
2008-01-27 10:43 . 2008-01-27 10:43 <DIR> d-------- C:Program
FilesMicrosoft Works
2008-01-27 10:43 . 2008-01-27 10:43 <DIR> d-------- C:Program
FilesCommon FilesL&H
2008-01-27 10:32 . 2008-01-27 10:32 <DIR> d-------- C:Program
FilesRainbow Technologies
2008-01-27 10:27 . 2008-01-27 10:27 <DIR> d--------
C:WINDOWSRainbow Technologies
2008-01-26 20:38 . 2008-01-26 20:38 <DIR> d-------- C:Program
FilesAtomic Alarm Clock
2008-01-26 17:32 . 2008-01-26 17:32 <DIR> d-------- C:Documents
and SettingszarelikApplication DataSolidWorksNewsReader
2008-01-26 17:31 . 2008-01-26 23:27 <DIR> d-------- C:Documents
and SettingszarelikApplication DataSolidWorks
2008-01-26 17:30 . 2008-01-26 17:30 <DIR> d-------- C:Documents
and SettingszarelikApplication DataDWGeditor
2008-01-26 17:29 . 2008-01-26 17:29 <DIR> d-------- C:Program
FilesSolidWorks Installation Manager
2008-01-26 17:29 . 2008-01-26 17:29 <DIR> d-------- C:Program
FilesDWGeditor
2008-01-26 17:29 . 2008-01-26 17:29 0 --a------
C:WINDOWSeDrawingOfficeAutomator.INI
2008-01-26 17:28 . 2008-01-26 17:29 <DIR> d-------- C:Program
FilesCommon FileseDrawings2007
2008-01-26 17:28 . 2004-11-05 11:08 670,208 --a------
C:WINDOWSsystem32drivershardlock.sys
2008-01-26 17:28 . 2008-01-26 17:28 23 --ah-----
C:WINDOWSyacht.xws
2008-01-26 17:26 . 2008-01-26 17:26 <DIR> d--------
C:WINDOWSsystem32GroupPolicy
2008-01-26 17:24 . 2008-01-26 17:30 <DIR> d-------- C:Program
FilesSolidWorks
2008-01-26 17:24 . 2008-01-26 17:30 <DIR> d-------- C:Program
FilesCommon FilesSolidWorks Shared
2008-01-26 17:24 . 2008-01-26 17:24 <DIR> d-------- C:Program
FilesCommon FilesSolidworks Data
2008-01-26 17:23 . 2008-01-26 17:23 42 --a------
C:WINDOWStrailer.xws
2008-01-25 18:48 . 2008-01-25 18:48 54,156 --ah-----
C:WINDOWSQTFont.qfn
2008-01-25 18:48 . 2008-01-25 18:48 1,409 --a------
C:WINDOWSQTFont.for
2008-01-24 15:56 . 2008-01-24 15:56 1,092 --a------
C:WINDOWSUnitConverter.INI
2008-01-24 09:52 . 2008-01-24 09:52 <DIR> d-------- C:Program
FilesWindows Media Connect 2
2008-01-24 09:52 . 2006-10-04 15:06 1,197,294 -----c---
C:WINDOWSsystem32dllcachesysmain.sdb
2008-01-24 09:52 . 2006-10-04 15:06 764,868 -----c---
C:WINDOWSsystem32dllcacheapph_sp.sdb
2008-01-24 09:52 . 2006-10-04 15:06 217,118 -----c---
C:WINDOWSsystem32dllcacheapphelp.sdb
2008-01-24 09:50 . 2008-01-24 09:50 <DIR> d--------
C:WINDOWSsystem32LogFiles
2008-01-24 09:50 . 2008-01-24 09:51 <DIR> d--------
C:WINDOWSsystem32driversUMDF
2008-01-24 09:50 . 2006-09-25 17:58 23,856 --a------
C:WINDOWSsystem32spupdsvc.exe
2008-01-23 19:50 . 2008-01-23 19:53 <DIR> d-------- C:Program
FilesCommon FilesAutodesk Shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 16:51 --------- d--h--w C:Program
FilesInstallShield Installation Information
2008-01-04 20:01 218,624 ----a-w C:WINDOWSsystem32uxtheme.dll
2008-01-04 19:19 --------- d-----w C:Program FilesWinFast
2008-01-03 09:14 --------- d-----w C:Program FilesCommon
FilesInstallShield
2008-01-01 17:51 --------- d-----w C:Program FilesCommon
FilesUlead Systems
2008-01-01 17:48 --------- d-----w C:Program FilesMotorola
2008-01-01 17:46 --------- d-----w C:Documents and
SettingsAll UsersApplication DataWinZip
2008-01-01 16:40 --------- d--h--w C:Program FilesUninstall
Information
2008-01-01 16:38 --------- d-----w C:Program Filesmicrosoft
frontpage
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points
))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32ctfmon.exe" [2004-08-03 22:56 25088]
"SkinClock"="C:Program FilesAtomic Alarm ClockAtomicAlarmClock.exe"
[2007-09-10 14:24 563007]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"WinFastDTV"="C:Program FilesWinFastWFDTVDTVSchdl.exe" [2007-07-30 09:35
90112]
"WinFast Schedule"="C:Program FilesWinFastWFDTVWFWIZ.exe" [2007-07-27
18:09 409600]
"avast!"="C:PROGRA~1ALWILS~1Avast4ashDisp.exe" [2007-12-04 14:00 79224]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="C:WINDOWSsystem32CTFMON.EXE" [2004-08-03 22:56 25088]
C:Documents and SettingszarelikStart MenuProgramsStartup
MagicDisc.lnk - C:Program FilesMagicDiscMagicDisc.exe [2008-01-30
08:44:45 557568]
[hkey_local_machinesoftwaremicrosoftwindowscurrentversionexplorershell
executehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:Program
FilesSUPERAntiSpywareSASSEH.DLL [2006-12-20 12:55 77824]
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogon]
"UIHost"="LogonUI.EXE"
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows
ntcurrentversionwinlogonnotify!SASWinLogon]
C:Program FilesSUPERAntiSpywareSASWINLO.dll 2007-02-27 11:39 282624
C:Program FilesSUPERAntiSpywareSASWINLO.dll
[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionrun-]
"PWRISOVM.EXE"=C:Program FilesPowerISOPWRISOVM.EXE
R1 sp_rsdrv2;Spyware Terminator Driver
2;C:WINDOWSsystem32driverssp_rsdrv2.sys [2008-01-29 23:11]
R2 CX23880;WinFast CX2388x WDM Video
Capture.;C:WINDOWSsystem32driverscx88vid.sys [2005-06-28 08:24]
R2 CXTUNE;WinFast CX2388x WDM
TVTuner.;C:WINDOWSsystem32driversCX88TUNE.sys [2005-06-28 08:22]
R2 port_nt;port_nt;c:windowssystem32driversport_nt.sys [2000-10-24
00:00]
R2 UxTuneUp;TuneUp Theme Extension;C:WINDOWSSystem32svchost.exe
[2004-08-03 22:56]
R3 CXAVXBAR;WinFast CX2388x WDM
Crossbar.;C:WINDOWSsystem32driverscxavxbar.sys [2005-06-28 08:21]
R3 WFIOCTL;WFIOCTL;C:Program FilesWinFastWFDTVWFIOCTL.SYS [2005-01-06
16:55]
S0 Partizan;Partizan;C:WINDOWSsystem32driversPartizan.sys []
S3 TuneUp.Defrag;TuneUp Drive Defrag
Service;C:WINDOWSSystem32TuneUpDefragService.exe [2008-01-31 14:36]
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionSvchost -
NetSvcs
UxTuneUp
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountp
oints2{55d968c1-ce96-11dc-979a-fcf09ae1a6cf}]
ShellAutoRuncommand - F:ylr.exe
ShellexploreCommand - F:ylr.exe
ShellopenCommand - F:ylr.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountp
oints2{55d968c3-ce96-11dc-979a-fcf09ae1a6cf}]
ShellAutoRuncommand - F:ylr.exe
ShellexploreCommand - F:ylr.exe
ShellopenCommand - F:ylr.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountp
oints2{87da7269-b891-11dc-b9b6-d15b87949272}]
ShellAutoRuncommand - F:ylr.exe
ShellexploreCommand - F:ylr.exe
ShellopenCommand - F:ylr.exe
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountp
oints2{9f2e3da0-c1c8-11dc-b9e4-a23feba3bae0}]
ShellAutoRuncommand - F:usdeiect.com
ShellexploreCommand - F:usdeiect.com
ShellopenCommand - F:usdeiect.com
[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountp
oints2{9f2e3da1-c1c8-11dc-b9e4-a23feba3bae0}]
ShellAutoRuncommand - G:usdeiect.com
ShellexploreCommand - G:usdeiect.com
ShellopenCommand - G:usdeiect.com
.
Contents of the 'Scheduled Tasks' folder
"2008-01-31 13:37:03 C:WINDOWSTasks1-Click Maintenance.job"
- C:Program FilesTuneUp Utilities 2008OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-01 15:21:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-01 15:22:04
ComboFix-quarantined-files.txt 2008-02-01 14:21:54