EVO
ComboFix 08-02.03.1 - c 2008-02-04 20:30:39.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.61.1033.18.227 [GMT 1:00]
Running from: D:\INTERNET PROGRAMI\ComboFix.exe
[color=red]
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.
2008-02-03 21:27 . 2008-02-03 21:27 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-03 14:52 . 2008-02-03 14:52 <DIR> d-------- C:\Documents and Settings\c\Application Data\TuneUp Software
2008-02-02 23:04 . 2008-02-03 14:12 <DIR> d-------- C:\Program Files\Winamp
2008-02-02 00:03 . 2008-02-02 00:03 <DIR> d-------- C:\Program Files\DivX
2008-02-01 19:39 . 2008-02-01 19:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-02-01 19:38 . 2008-02-01 19:38 <DIR> d-------- C:\Program Files\ACD Systems
2008-01-31 20:45 . 2008-01-31 20:45 <DIR> d-------- C:\Documents and Settings\c\Application Data\AntiVir PersonalEdition Premium
2008-01-31 18:30 . 2008-01-31 18:30 <DIR> d-------- C:\Program Files\Avira
2008-01-31 18:30 . 2008-01-31 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-01-31 16:51 . 2004-04-08 17:51 939,368 --a------ C:\WINDOWS\system32\Flash.ocx
2008-01-31 16:51 . 2000-05-22 06:00 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-01-31 16:51 . 2000-05-22 00:00 203,976 --a------ C:\WINDOWS\system32\RICHTX32.OCX
2008-01-31 16:51 . 2000-07-15 06:00 101,888 --a------ C:\WINDOWS\system32\VB6STKIT.DLL
2008-01-31 16:51 . 2000-05-22 05:00 83,144 --a------ C:\WINDOWS\system32\PICCLP32.OCX
2008-01-31 16:51 . 2002-12-27 02:31 65,536 --a------ C:\WINDOWS\system32\bpssc1.1.dll
2008-01-31 16:51 . 2001-02-14 02:23 19,688 --a------ C:\WINDOWS\system32\itask.tlb
2008-01-31 07:27 . 2008-01-31 07:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-01-31 02:15 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-31 02:15 . 2004-11-29 14:15 339,968 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-31 02:15 . 2004-12-02 13:17 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-31 02:15 . 2004-12-02 13:54 57,984 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-31 02:15 . 2004-12-02 13:54 51,056 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-31 02:15 . 2004-12-02 13:55 35,184 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-31 02:15 . 2007-09-06 12:03 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-31 02:15 . 2004-12-02 13:51 14,784 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-31 01:37 . 2008-01-31 01:37 <DIR> d-------- C:\Documents and Settings\c\Application Data\SumatraPDF
2008-01-27 23:36 . 2008-01-27 23:37 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-19 03:11 . 2008-01-19 03:11 335 --a------ C:\WINDOWS\mozregistry.dat
2008-01-12 16:15 . 2008-01-16 03:58 <DIR> d-------- C:\Documents and Settings\c\Application Data\HP
2008-01-12 16:15 . 2008-01-12 16:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2008-01-12 16:12 . 2008-01-12 16:12 <DIR> d-------- C:\Program Files\Common Files\Sonic Shared
2008-01-12 16:12 . 2008-01-12 16:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sonic
2008-01-12 16:09 . 2008-01-12 16:09 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-01-12 16:07 . 2008-01-12 16:12 <DIR> d-------- C:\Program Files\Common Files\HP
2008-01-12 16:06 . 2006-05-16 07:17 49,664 -ra------ C:\WINDOWS\system32\drivers\HPZid412.sys
2008-01-12 16:06 . 2006-05-16 07:17 16,496 -ra------ C:\WINDOWS\system32\drivers\HPZipr12.sys
2008-01-12 16:05 . 2006-05-16 07:25 77,824 -ra------ C:\WINDOWS\system32\hpzids01.dll
2008-01-12 16:05 . 2006-06-03 21:29 48,128 --a------ C:\WINDOWS\system32\hpz3l4pi.dll
2008-01-12 16:04 . 2006-03-03 21:03 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2008-01-12 16:04 . 2006-03-03 21:02 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2008-01-12 16:04 . 2006-03-03 21:02 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2008-01-12 16:04 . 2006-03-03 21:03 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2008-01-12 16:04 . 2006-03-03 21:03 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2008-01-12 16:04 . 2006-03-03 21:02 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2008-01-12 16:03 . 2004-08-03 23:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-01-12 16:03 . 2004-08-03 23:08 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-01-12 15:59 . 2008-01-12 16:16 124,397 --a------ C:\WINDOWS\HPHins12.dat
2008-01-12 15:59 . 2006-06-12 20:29 14,916 --------- C:\WINDOWS\hphmdl12.dat
2008-01-12 15:14 . 2003-07-28 14:07 278,528 --a------ C:\WINDOWS\system32\hpdj5100
2008-01-12 15:14 . 2007-04-20 11:02 159,260 --a------ C:\WINDOWS\hpdj5100.hi1
2008-01-12 15:14 . 2007-04-20 11:02 7,549 --a------ C:\WINDOWS\hpdj5100.bu1
2008-01-12 13:15 . 2008-01-12 13:15 0 --a------ C:\WINDOWS\PROTOCOL.INI
2008-01-12 13:14 . 1998-02-06 22:37 299,520 --a------ C:\WINDOWS\uninst.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-01 18:39 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-01-31 22:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-01-27 22:37 --------- d-----w C:\Documents and Settings\c\Application Data\Lavasoft
2008-01-17 12:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-01-17 01:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-12 15:15 --------- d-----w C:\Program Files\HP
2008-01-12 15:08 --------- d-----w C:\Program Files\Hewlett-Packard
2008-01-01 15:54 --------- d-----w C:\Program Files\Sony
2008-01-01 15:53 --------- d-----w C:\Program Files\Sony Setup
2007-12-29 12:17 --------- d-----w C:\Program Files\Ahead
2007-12-25 01:03 --------- d-----w C:\Program Files\XviD
2007-12-22 16:48 --------- d-----w C:\Documents and Settings\c\Application Data\Ahead
2007-12-22 15:34 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-21 18:41 --------- d-----w C:\Program Files\Google
2007-12-12 20:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2007-12-12 18:34 --------- d-----w C:\Program Files\Real Alternative
2007-12-12 18:33 --------- d-----w C:\Program Files\QuickTime Alternative
2007-12-12 18:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-12 18:29 --------- d-----w C:\Program Files\Common Files\Real
2007-11-17 23:57 130,048 ----a-w C:\WINDOWS\mpcodecplg.dll
2007-05-01 17:39 47,360 -c--a-w C:\Documents and Settings\c\Application Data\pcouffin.sys
2006-02-19 02:28 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
2007-06-11 19:05 56 --sh--r C:\WINDOWS\system32\576CC1548C.sys
2007-08-02 18:20 8 --sh--r C:\WINDOWS\system32\9ED07BAFC6.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:56 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-04-02 08:40 49152]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-02 08:40 4616192]
"nwiz"="nwiz.exe" [2003-04-02 08:40 323584 C:\WINDOWS\system32\nwiz.exe]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-08-13 18:05 2532576]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" [2008-01-31 18:34 249896]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 23:56 15360]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Photosmart Premier Fast Start.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2006-02-10 07:56:20 73728]
Watch.lnk - C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe [2007-04-20 12:16:09 364544]
[HKLM\~\startupfolder\C
Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C
Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aswUpdSv"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"DeviceDiscovery"=C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
"HPDJ Taskbar Utility"=C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
R2 AntiVirMailService;AntiVir PersonalEdition Premium MailGuard;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe" [2008-01-31 18:34]
R2 AVEService;AntiVir PersonalEdition Premium MailGuard helper service;"C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe" [2008-01-31 18:34]
R2 BT848;WinFast TV2000 XP WDM Video Capture;C:\WINDOWS\system32\drivers\wf2kvcap.sys [2004-10-04 11:34]
R2 musm3gld;musm3gld;C:\WINDOWS\system32\drivers\musm3gld.sys [2006-02-24 15:37]
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;C:\WINDOWS\system32\drivers\wf2ktunr.sys [2004-10-04 11:34]
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;C:\WINDOWS\system32\drivers\wf2kxbar.sys [2004-10-04 11:34]
R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32]
R3 tenCapture;tenCapture;C:\WINDOWS\system32\DRIVERS\tenCapture.sys [2007-04-21 15:15]
S3 cxwibu;Team H2O WIBU Driver;C:\Program Files\WIBUKEY\H2O\cxwibu.sys []
S3 netModUSBService;Service for netMod USB CAPI Driver;C:\WINDOWS\system32\drivers\nMUSB.sys [2004-09-08 14:42]
S3 WFIOCTL;WFIOCTL;C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS [2005-01-06 15:55]
.
Contents of the 'Scheduled Tasks' folder
"2008-02-03 13:53:02 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-02-04 20:32:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-04 20:33:27
ComboFix-quarantined-files.txt 2008-02-04 19:33:17
ComboFix2.txt 2008-02-04 17:58:50
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:35:14, on 4.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Watch.lnk = C:\Program Files\Mustek 1200 UB Plus\Driver\WATCH.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avmailc.exe
O23 - Service: AntiVir PersonalEdition Premium Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe
O23 - Service: AntiVir PersonalEdition Premium Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avguard.exe
O23 - Service: AntiVir PersonalEdition Premium MailGuard helper service (AVEService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Premium\avesvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Unknown owner - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 5096 bytes
DA LI JE SADA SVE U REDU
Avira -antivir premium
Re: Avira -antivir premium
)