Evo i od combofixa report ako ti to pomaže da mi pomogneš
ComboFix 08-09-27.01 - Shaman Shandor 2008-09-28 12:33:45.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1606 [GMT 2:00]
Running from: C:\Documents and Settings\Shaman Shandor\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\BM034ada03.txt
C:\WINDOWS\BM034ada03.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
.
((((((((((((((((((((((((( Files Created from 2008-08-28 to 2008-09-28 )))))))))))))))))))))))))))))))
.
2008-09-25 15:35 . 2008-09-25 15:35 268 --ah----- C:\sqmdata01.sqm
2008-09-25 15:35 . 2008-09-25 15:35 244 --ah----- C:\sqmnoopt01.sqm
2008-09-11 13:44 . 2008-09-11 13:44 268 --ah----- C:\sqmdata00.sqm
2008-09-11 13:44 . 2008-09-11 13:44 244 --ah----- C:\sqmnoopt00.sqm
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-28 09:54 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-06 16:04 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\Corel
2008-08-31 17:35 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\DNA
2008-08-31 15:59 --------- d-----w C:\Program Files\DNA
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\SUPERAntiSpyware.com
2008-08-16 14:48 --------- d-----w C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-08-16 14:47 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-16 13:16 379,266 --sha-w C:\WINDOWS\system32\KkTwaGgh.ini2
2008-08-16 12:11 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-08-16 11:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-08-16 08:30 84,480 ----a-w C:\WINDOWS\system32\mywrtyxp.dll
2008-08-16 08:28 92,672 ----a-w C:\WINDOWS\system32\vesmdmww.dll
2008-08-15 08:00 93,184 ----a-w C:\WINDOWS\system32\tuxwibso.dll
2008-08-14 02:14 94,208 ----a-w C:\WINDOWS\system32\crbswttl.dll
2008-08-10 10:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-06 04:41 --------- d-----w C:\Documents and Settings\Shaman Shandor\Application Data\BitTorrent
2008-07-29 16:10 --------- d-----w C:\Program Files\Common Files\Adobe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"DAEMON Tools Lite"="D:\Programi\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="D:\Programi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-05-28 1506544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"0079e99f"="C:\WINDOWS\system32\mywrtyxp.dll" [2008-08-16 84480]
"egui"="D:\Programi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168]
"BM034ada03"="C:\WINDOWS\system32\vesmdmww.dll" [2008-08-16 92672]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]
"nwiz"="nwiz.exe" [2006-08-11 C:\WINDOWS\system32\nwiz.exe]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Programi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Programi\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"E:\\Programi\\BitTorrent\\bittorrent.exe"=
"D:\\Programi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"D:\\Programi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
.
- - - - ORPHANS REMOVED - - - -
BHO-{85C1FED7-BA66-43ED-9A84-CC9F204A71F3} - C:\WINDOWS\system32\hgGawTkK.dll
Notify-vtUnolKd - vtUnolKd.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Shaman Shandor\Application Data\Mozilla\Firefox\Profiles\rs9jf8lb.default\
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - d:\Programi\Adobe\Acrobat 5.0\Reader\browser\nppdf32.dll
FF -: plugin - d:\Programi\DivX\DivX Player\npDivxPlayerPlugin.dll
FF -: plugin - d:\Programi\DivX\DivX Web Player\npdivx32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npdivx32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\npnul32.dll
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\NPOFFICE.DLL
FF -: plugin - D:\Programi\Mozilla Firefox\plugins\nppdf32.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-09-28 12:36:15
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\pxytrwym.tmp 8450048 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Programi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
D:\Programi\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Programi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\ComboFix\pv.cfexe
.
**************************************************************************
.
Completion time: 2008-09-28 12:38:05 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-28 10:38:03
Pre-Run: 12.337.795.072 bytes free
Post-Run: 13,849,956,352 bytes free
134 --- E O F --- 2008-07-19 11:00:56