|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Virus/Trojan/Spyware Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
LinkBack | Thread Tools |
06-18-2009, 10:23 AM
|
#1 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 4
OS: XP
|
Kryptik.TL trojan
Hello!
Yesterday my AV NOD32 detected Kryptik.TL trojan horse. I read many forums and I downloaded some programs to make a log and here is what I came up so far. If anyone helps me, I would really appreciate it. Thank you very much. |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
06-19-2009, 10:41 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jun 2009
Posts: 4
OS: XP
|
Re: Kryptik.TL trojan
Here's the HijackThis log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:52:46, on 19.6.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\UAService7.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.si/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: (no name) - - (no file) O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Windows Live - Pomoc pri vpisu - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\Logitech\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\Logitech\LComMgr\LVComSX.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: I&zvoz v Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Objavi v spletnem dnevniku - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Objavi v spletnem dnevniku v Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra button: Raziskovanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\ALEŠ IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/...oUploader5.cab O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://edownload.grisoft.cz/ewidoOnlineScan.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab56986.cab O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/.../GAME_UNO1.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6662.cab O16 - DPF: {754693AA-011F-40DD-B075-DD4644A47F54} (Importer.Imp) - http://www.imvu.com/catalog/invite/Importer.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary...o.cab56649.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary...n.cab31267.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/RACtrl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13 O17 - HKLM\System\CS1\Services\Tcpip\..\{412F52B3-9B1E-442C-8DC4-EE261BC148B9}: NameServer = 193.189.160.23 193.189.160.13 O18 - Protocol: bw+0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: offline-8876480 - {63C44651-1A5E-4568-83CE-8EFD7534009D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\Logitech\SrvLnch\SrvLnch.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Unknown owner - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe (file missing) O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe -- End of file - 22508 bytes Also, I'll post logs [if that helps] from my first reply: Combofix log: ComboFix 09-06-17.04 - ALE� IN PETRA 18.06.2009 17:42.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.511.162 [GMT 2:00] Running from: c:\documents and settings\ALE� IN PETRA\Desktop\ComboFix.exe AV: NOD32 protivirusni sistem 2.51 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\Internet Explorer\msimg32.dll . ((((((((((((((((((((((((( Files Created from 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))))) . 2099-05-28 12:21 . 2099-05-28 12:21 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6 2099-05-28 12:21 . 2006-06-13 11:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6 2099-05-28 12:19 . 2099-05-28 12:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Identities 2099-05-24 19:02 . 2006-06-01 12:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Ahead 2099-05-24 19:02 . 2006-06-01 12:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead 2099-05-24 19:00 . 2099-05-24 19:00 -------- d-----w- c:\program files\Nero 2099-05-24 19:00 . 2008-11-29 08:41 -------- d-----w- c:\program files\Common Files\Ahead 2099-05-24 19:00 . 2007-10-30 14:37 -------- d-----w- c:\program files\Yahoo! 2099-05-24 18:09 . 2008-12-20 22:43 1287680 ----a-w- c:\windows\system32\quartz.dll 2099-05-24 18:08 . 2008-06-09 13:36 -------- d-----w- c:\program files\QuickTime 2099-05-24 18:07 . 2007-07-18 10:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer 2099-05-24 18:07 . 2009-06-14 10:23 -------- d-----w- c:\program files\Winamp 2099-05-24 18:06 . 2006-06-01 12:48 -------- d-----w- c:\program files\Webteh . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2099-05-24 19:03 . 2099-05-24 18:09 -------- d-----w- c:\program files\DivX 2099-05-24 17:29 . 2099-05-24 17:28 -------- d-----w- c:\program files\ATI Technologies 2099-05-24 17:27 . 2099-05-24 17:27 -------- d-----w- c:\program files\AMD 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek Sound Manager 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\AvRack 2099-05-24 17:26 . 2099-05-24 17:26 -------- d-----w- c:\program files\Realtek AC97 2099-05-24 16:15 . 2099-05-24 16:15 -------- d-----w- c:\program files\microsoft frontpage 2099-05-24 16:14 . 2099-05-24 16:14 558142 -c--a-w- c:\windows\java\Packages\PJ5RXZ7J.ZIP 2099-05-24 16:14 . 2099-05-24 16:14 155995 -c--a-w- c:\windows\java\Packages\I7BDV5BV.ZIP 2099-05-24 16:12 . 2099-05-24 16:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-06-18 15:03 . 2009-06-18 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2009-06-18 12:22 . 2009-06-18 12:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2009-06-18 12:21 . 2009-06-18 12:21 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-06-18 12:19 . 2009-06-18 12:19 1342377 ----a-w- C:\MGtools.exe 2009-06-18 11:53 . 2009-03-08 09:14 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-18 11:53 . 2007-06-25 08:02 -------- d-----w- c:\program files\Java 2009-06-17 18:20 . 2009-06-17 18:20 -------- d-----w- c:\program files\Bonjour 2009-06-17 18:19 . 2009-06-17 18:19 -------- d-----w- c:\program files\Common Files\Macrovision Shared 2009-06-17 18:19 . 2009-06-17 15:33 -------- d-----w- c:\program files\Common Files\Macrovision Shared(2) 2009-06-17 18:19 . 2006-08-18 15:03 -------- d-----w- c:\program files\Common Files\Adobe 2009-06-17 18:18 . 2009-06-17 17:10 -------- d-----w- c:\program files\Adobe Media Player 2009-06-17 17:06 . 2009-06-17 17:06 -------- d-----w- c:\program files\Common Files\Adobe AIR 2009-06-17 09:27 . 2009-06-18 15:03 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-06-17 09:27 . 2009-06-18 15:03 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-06-15 15:45 . 2009-06-15 15:45 -------- d-----w- c:\program files\CCleaner 2009-06-14 10:47 . 2009-06-14 10:47 -------- d-----w- c:\program files\URUSoft 2009-05-19 17:53 . 2002-08-29 03:41 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-05-19 14:15 . 2009-05-19 14:15 2560 ----a-w- c:\windows\_MSRSTRT.EXE 2009-05-19 13:57 . 2009-05-19 13:57 -------- d-----w- c:\program files\Stardock 2009-05-11 08:31 . 2008-04-29 08:06 -------- d-----w- c:\program files\Cheat Engine 2009-05-07 15:44 . 2002-08-29 03:41 344064 ----a-w- c:\windows\system32\localspl.dll 2009-05-02 14:39 . 2009-05-02 14:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SYSTEMAX Software Development 2009-05-01 16:03 . 2009-05-01 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith 2009-04-22 13:02 . 2007-03-20 15:42 -------- d-----w- c:\program files\Messenger Plus! Live 2009-04-17 09:58 . 2002-08-29 02:14 1846656 ----a-w- c:\windows\system32\win32k.sys 2009-04-15 15:11 . 2002-08-29 03:41 584192 ----a-w- c:\windows\system32\rpcrt4.dll 2007-11-08 15:31 . 2007-10-08 15:11 88 --sh--r- c:\windows\system32\2F15BFE971.sys 2007-11-08 15:31 . 2007-10-08 15:07 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2007-06-27 152872] "Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-08-21 443968] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2006-12-02 921600] "LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-06-26 497200] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam10\QuickCam10.exe" [2006-06-26 614960] "LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-06-26 243248] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152] "LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2007-04-17 63048] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-03-28 413696] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-18 148888] "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2005-09-22 90112] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-03 136704] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\Startup\ Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-5-1 344064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit] 2007-05-25 13:22 63040 ----a-w- c:\windows\system32\LMIinit.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth ™ II Demo\\game.dat"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "c:\\WINDOWS\\system32\\mcoinstall.exe"= "c:\\WINDOWS\\system32\\rtcshare.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\NetMeeting\\conf.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\games\\Worms World Party(XP OK!)\\WWP\\wwp.exe"= "c:\\Documents and Settings\\ALE� IN PETRA\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [18.3.2009 18:43 28544] R1 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [19.2.2008 11:05 2944] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26.5.2009 10:05 9968] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26.5.2009 10:05 72944] R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [17.4.2007 14:00 12992] R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [20.6.2007 14:12 46112] R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26.5.2009 10:05 7408] S1 ShldDrv;Panda File Shield Driver; [x] S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys --> c:\windows\system32\DRIVERS\PavProc.sys [?] S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?] S4 LMIRfsClientNP;LMIRfsClientNP; [x] . Contents of the 'Scheduled Tasks' folder 2009-06-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34] . - - - - ORPHANS REMOVED - - - - HKU-Default-Run-msnmsgr - c:\program files\MSN Messenger\msnmsgr.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.si/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms} mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = iexplore IE: &Search IE: I&zvoz v Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: **{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\ALE� IN PETRA\Start Menu\Programs\IMVU\Run IMVU.lnk LSP: c:\windows\system32\imon.dll TCP: {412F52B3-9B1E-442C-8DC4-EE261BC148B9} = 193.189.160.23 193.189.160.13 Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://edownload.grisoft.cz/ewidoOnlineScan.cab DPF: {754693AA-011F-40DD-B075-DD4644A47F54} - hxxp://www.imvu.com/catalog/invite/Importer.CAB FF - ProfilePath - . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-18 18:06 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{82FE3BC9-8AEE-735C-B795-B35CC376B4F5}*] "abahibedodoacpaegambghdodegegfammg"=hex:61,61,00,00 "bbahibedodoacpaegahbfjgagefghckipfoe"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:eb,2e,59,f7,08,e9,62,ed,7a,2e,a9,96,59,02,05,d6,45,2d,5b,c3,64,92,c0, 05,07,72,07,d1,f2,8c,ff,ec,53,e4,03,19,96,e7,ca,1f,d8,95,08,1b,44,d3,b5,46,\ "??"=hex:79,03,80,a8,84,67,07,3b,95,10,b4,7b,3e,1c,bf,15 . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(692) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\Ati2evxx.dll c:\windows\system32\LMIinit.dll - - - - - - - > 'lsass.exe'(748) c:\windows\system32\imon.dll c:\program files\Eset\pr_imon.dll . Completion time: 2009-06-18 18:10 ComboFix-quarantined-files.txt 2009-06-18 16:10 Pre-Run: 80.353.640.448 bytes free Post-Run: 89.948.532.736 prosto bajtov 210 --- E O F --- 2009-06-11 12:04 MalwareBytes's Anti-Malware: Malwarebytes' Anti-Malware 1.38 Database version: 2304 Windows 5.1.2600 Service Pack 2 18.6.2009 17:19:32 mbam-log-2009-06-18 (17-19-32).txt Scan type: Quick Scan Objects scanned: 100363 Time elapsed: 7 minute(s), 2 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 17 Registry Values Infected: 1 Registry Data Items Infected: 1 Folders Infected: 2 Files Infected: 2 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\Interface\{38a7c9da-8db7-4d0f-a7b1-c4b1a305bddb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{8d292ec0-6792-4a38-82ed-73a087e41ba6} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{98635087-3f5d-418f-990c-b1efe0797a3b} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{ca356d79-679b-4b4c-8e49-5af97014f4c1} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d49e9d35-254c-4c6a-9d17-95018d228ff5} (Adware.Starware) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Program Files\RelevantKnowledge (Spyware.Marketscore) -> Quarantined and deleted successfully. C:\WINDOWS\system32\twain_32 (Backdoor.Bot) -> Quarantined and deleted successfully. Files Infected: c:\WINDOWS\system32\twain_32\user.ds.cla (Backdoor.Bot) -> Quarantined and deleted successfully. C:\WINDOWS\system32\f3PSSavr.scr (Trojan.Agent) -> Quarantined and deleted successfully. SuperAntiSpyware Free Edition: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 06/18/2009 at 04:32 PM Application Version : 4.26.1004 Core Rules Database Version : 3945 Trace Rules Database Version: 1887 Scan type : Complete Scan Total Scan Time : 02:03:41 Memory items scanned : 767 Memory threats detected : 0 Registry items scanned : 6882 Registry threats detected : 85 File items scanned : 37729 File threats detected : 15 Adware.MyWebSearch HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA1-A523-4961-B6BB-170DE4475CCA} HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} Adware.WhenU HKU\S-1-5-21-1659004503-630328440-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA2325ED-F9EB-4830-8FCE-0BC35B16969B} Unclassified.Oreans32 HKLM\System\ControlSet001\Services\oreans32 C:\WINDOWS\SYSTEM32\DRIVERS\OREANS32.SYS HKLM\System\ControlSet001\Enum\Root\LEGACY_oreans32 HKLM\System\ControlSet003\Services\oreans32 HKLM\System\ControlSet003\Enum\Root\LEGACY_oreans32 HKLM\System\CurrentControlSet\Services\oreans32 HKLM\System\CurrentControlSet\Enum\Root\LEGACY_oreans32 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32#NextInstance HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000 HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Service HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Legacy HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ConfigFlags HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Class HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#ClassGUID HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#DeviceDesc HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Capabilities HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000#Driver HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\LogConf HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_OREANS32\0000\Control#ActiveService HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Type HKLM\SYSTEM\CurrentControlSet\Services\oreans32#Start HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ErrorControl HKLM\SYSTEM\CurrentControlSet\Services\oreans32#ImagePath HKLM\SYSTEM\CurrentControlSet\Services\oreans32#DisplayName HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Security#Security HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#0 HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#Count HKLM\SYSTEM\CurrentControlSet\Services\oreans32\Enum#NextInstance Adware.MyWebSearch/FunWebProducts HKLM\SOFTWARE\Fun Web Products HKLM\SOFTWARE\Fun Web Products#JpegConversionLib HKLM\SOFTWARE\Fun Web Products\ScreenSaver HKLM\SOFTWARE\Fun Web Products\ScreenSaver#ImagesDir HKLM\SOFTWARE\Fun Web Products\Settings HKLM\SOFTWARE\Fun Web Products\Settings\Promos HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.numActive HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextNone.0 HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyFreqNone HKLM\SOFTWARE\Fun Web Products\Settings\Promos#BuddyTextUninstalled.numActive HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HKLM\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn#HTMLMenuPosDeleted HKLM\SOFTWARE\MyWebSearch HKLM\SOFTWARE\MyWebSearch\bar HKLM\SOFTWARE\MyWebSearch\bar#Maximized HKLM\SOFTWARE\MyWebSearch\bar#Visible HKLM\SOFTWARE\MyWebSearch\bar#pid HKLM\SOFTWARE\MyWebSearch\bar#fwp HKLM\SOFTWARE\MyWebSearch\bar#tiec HKLM\SOFTWARE\MyWebSearch\bar#Dir HKLM\SOFTWARE\MyWebSearch\bar#SettingsDir HKLM\SOFTWARE\MyWebSearch\bar#sr HKLM\SOFTWARE\MyWebSearch\bar#pl HKLM\SOFTWARE\MyWebSearch\bar#un HKLM\SOFTWARE\MyWebSearch\MWSOEMON HKLM\SOFTWARE\MyWebSearch\MWSOEPLG HKLM\SOFTWARE\MyWebSearch\OEHosts HKLM\SOFTWARE\MyWebSearch\OEHosts#boscript HKLM\SOFTWARE\MyWebSearch\SkinTools HKLM\SOFTWARE\MyWebSearch\SkinTools#PlayerPath HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs HKLM\Software\FocusInteractive HKLM\Software\FocusInteractive\bar HKLM\Software\FocusInteractive\bar\Switches HKLM\Software\FocusInteractive\bar\Switches#incmail.exe HKLM\Software\FocusInteractive\bar\Switches#msimn.exe HKLM\Software\FocusInteractive\bar\Switches#msn.exe HKLM\Software\FocusInteractive\bar\Switches#outlook.exe HKLM\Software\FocusInteractive\bar\Switches#waol.exe HKLM\Software\FocusInteractive\bar\Switches#aim.exe HKLM\Software\FocusInteractive\bar\Switches#icq.exe HKLM\Software\FocusInteractive\bar\Switches#icqlite.exe HKLM\Software\FocusInteractive\bar\Switches#msmsgs.exe HKLM\Software\FocusInteractive\bar\Switches#msnmsgr.exe HKLM\Software\FocusInteractive\bar\Switches#ypager.exe HKLM\Software\FocusInteractive\bar\Switches#au HKLM\Software\FocusInteractive\Email-IM HKLM\Software\FocusInteractive\Email-IM\0 HKLM\Software\FocusInteractive\Email-IM\0#Toolbar HKLM\Software\FocusInteractive\Email-IM\0#AppName C:\Program Files\MyWebSearch\bar\1.bin C:\Program Files\MyWebSearch\bar\2.bin C:\Program Files\MyWebSearch\bar\3.bin C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat C:\Program Files\MyWebSearch\bar\Settings C:\Program Files\MyWebSearch\bar C:\Program Files\MyWebSearch C:\Program Files\FunWebProducts\ScreenSaver\Images C:\Program Files\FunWebProducts\ScreenSaver C:\Program Files\FunWebProducts\Shared\00701C12.dat C:\Program Files\FunWebProducts\Shared C:\Program Files\FunWebProducts Application.PowerReg Scheduler C:\DOCUMENTS AND SETTINGS\ALE� IN PETRA\START MENU\PROGRAMS\STARTUP\POWERREG SCHEDULER V3.EXE Spyware.RelevantKnowledge C:\PROGRAM FILES\RELEVANTKNOWLEDGE\RLSERVICE.EXE |
|
|
|
|
| Thread Tools | |
|
|
