Poslao: 05 Jun 2011 16:14
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Pozdrav, drug mi je donio acerov nootebook pri paljenju masine pozadina se mijenja, avast prijavljuje viruse i sve je zivo usporeno. Trenutno mu je win xp sp2 kaze da ne moze da se ubaci sp3 (mada cu to probati kasnije)
Net: Adsl 256/kb/s
.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_25
Run by nikola at 15:45:26 on 2011-06-06
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.1013.465 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\WebCam\S6000\S6000Mnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Join Air\AssistantServices.exe
C:\Program Files\Mobile Broadband drivers\WMCore\WMCore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\suzassop.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\nikola\LOCALS~1\Temp\wlwuhjjmacE8CA49F8.tmp
C:\WINDOWS\SoftwareDistribution\Download\2d8407673ea9865ef7cd775540e3a36b\update\update.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\prxtbMB2.dll
mWinlogon: Taskman=c:\documents and settings\nikola\fxmdk.exe
uWinlogon: Shell=c:\recycler\s-1-5-21-3197867793-2602222726-396358751-6476\djwi2kcew.exe,c:\documents and settings\nikola\fxmdk.exe,explorer.exe,c:\recycler\s-1-5-21-1767502507-6576865274-856630662-9416\djwi2kcew.exe
BHO: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\prxtbMB2.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: CescrtHlpr Object: {2eecd738-5844-4a99-b4b6-146bf802613b} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\bh\BabylonToolbar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.4.17.7\bh\facemoods.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Babylon Toolbar: {98889811-442d-49dd-99d7-dc866be87dbc} - c:\program files\babylontoolbar\babylontoolbar\1.4.23.10\BabylonToolbarTlbr.dll
TB: GOM Player + Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.4.17.7\facemoodsTlbr.dll
TB: MB2 Toolbar: {013a635f-e3aa-4371-b682-ece95ca974b0} - c:\program files\mb2\prxtbMB2.dll
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AzMixerSel] c:\program files\realtek\audio\drivers\AzMixerSel.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt
mRun: [rofi] c:\windows\system32\woozyj.exe
mRun: [gehu] c:\windows\system32\mocymuvoo.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [quofi] c:\windows\system32\doodyvehi.exe
mRun: [Microsoft WinUpdate] c:\windows\system32\msupdte.exe
mRun: [fougo] c:\windows\system32\zicizylou.exe
dRun: [rofi] c:\documents and settings\localservice\application data\microsoft\woozyj.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\0dtz2fv.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\0p0fvb6.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\1grsnde.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\5jfabg8.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\5ukk6w0.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\60zffvb.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\6a81xst.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\6kfbb2h.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\70nidep.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\9euu81g.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\a86cxtt2zav.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\brx66o81alm.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\e6u81g2hi.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\g3iiduupggb.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\i1efk86w.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\i1y97081w.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\jj2f0bg97.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\k0lhh2ndez.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\kfl66c87.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\kkaq1h70.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\lccxoojaavm.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\o1efk86w81.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\oz0fg6w81.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\q6sntjzu.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\qgw1n70jff.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\rhidtupfgb.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\rw81i3upfg.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\ty81kvwrx6.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\vrr2xyjo86a.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\w70xtoo6a.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\w8dijppql.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\xcdyoppql.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\y0zf5wwmns.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\y6o8avlmh.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\y7081g91sdt.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\zulbbrx60z.exe
StartupFolder: c:\documents and settings\nikola\start menu\programs\startup\zva3w1ni1pp.exe
IE: &Download All using 4shared Desktop - c:\program files\4shared desktop\down_all.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: Interfaces\{5CC8D970-3434-45F1-9CFB-05FE01B9A096} : NameServer = 195.66.189.137 195.66.189.138
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nikola\application data\mozilla\firefox\profiles\s6zub8do.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.facemoods.com/?a=ddrnw
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q=
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-16 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-5-16 307928]
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312};Power Control [2011/06/02 21:39:17];c:\program files\cyberlink\powerdvd11\common\navfilter\000.fcl [2011-6-2 77296]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-9-3 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-5-16 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-5-16 42184]
R2 CLHNServiceForPowerDVD;CLHNServiceForPowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\CLHNServiceForPowerDVD.exe [2011-6-2 83240]
R2 CyberLink PowerDVD 11.0 Monitor Service;CyberLink PowerDVD 11.0 Monitor Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSMonitorService.exe [2011-6-2 70952]
R2 CyberLink PowerDVD 11.0 Service;CyberLink PowerDVD 11.0 Service;c:\program files\cyberlink\powerdvd11\common\mediaserver\CLMSServer.exe [2011-6-2 312616]
R2 ntk_PowerDVD;ntk_PowerDVD;c:\program files\cyberlink\powerdvd11\kernel\dmp\ntk_PowerDVD.sys [2011-6-2 71664]
R2 UI Assistant Service;UI Assistant Service;c:\program files\join air\AssistantServices.exe [2011-5-15 252784]
R2 WMCoreService;Mobile Broadband Service;c:\program files\mobile broadband drivers\wmcore\wmcore.exe servicemode --> c:\program files\mobile broadband drivers\wmcore\WMCore.exe servicemode [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-4-23 63088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [2011-4-24 6650752]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [2011-4-24 3221120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-26 136176]
S2 orutvya36rvdu;Canon BJ Memory Card Manager;c:\windows\system32\getybe.exe --> c:\windows\system32\getybe.exe [?]
S2 uijziiayqaa;Crystal Report Application Server;c:\windows\system32\boukubeci.exe [2011-6-6 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-24 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-4-26 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2011-5-15 9216]
.
=============== Created Last 30 ================
.
2011-06-06 13:40:57 237568 ----a-w- c:\windows\system32\boukubeci.exe
2011-06-06 13:40:18 237568 ----a-w- c:\windows\system32\zicizylou.exe
2011-06-05 20:18:59 -------- d-----w- c:\program files\MacSearch_v.1.4.3
2011-06-05 20:18:18 -------- d-----w- c:\program files\TrueTransparency
2011-06-05 20:18:11 -------- d-----w- c:\program files\Styler
2011-06-04 23:33:03 -------- d-----w- c:\program files\Naevius Facebook Layouts
2011-06-03 01:45:43 -------- d-----w- c:\documents and settings\nikola\local settings\application data\PCHealth
2011-06-02 23:23:53 -------- d-----w- c:\documents and settings\nikola\local settings\application data\CyberLink
2011-06-02 21:44:58 -------- d-----w- c:\program files\common files\Akamai
2011-06-02 21:11:30 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-06-02 21:11:29 -------- d-----w- c:\program files\CamStudio 2.6b
2011-06-02 19:41:34 -------- d-----w- c:\documents and settings\all users\application data\PDVD
2011-06-02 19:28:05 -------- d-----w- c:\documents and settings\nikola\local settings\application data\MediaServer
2011-06-02 11:56:21 -------- d-----w- c:\program files\PowerISO
2011-06-02 08:23:21 -------- d-----w- c:\documents and settings\nikola\application data\BSplayer Pro
2011-06-02 08:23:21 -------- d-----w- c:\documents and settings\nikola\application data\BSplayer
2011-06-02 08:23:18 -------- d-----w- c:\program files\Webteh
2011-06-02 01:07:16 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-02 01:06:13 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-02 01:05:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-02 01:05:39 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-02 01:05:39 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-02 01:05:39 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-02 01:05:39 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-02 01:05:39 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-02 01:05:39 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-02 01:05:39 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-02 01:05:38 -------- d-----w- C:\dd895d9eab67ad66bb5394429b8b
2011-06-02 01:01:25 -------- d-----w- c:\program files\MSXML 6.0
2011-06-02 00:31:09 -------- d-----w- c:\program files\common files\CyberLink
2011-06-02 00:28:14 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-31 11:27:37 -------- d-----w- c:\documents and settings\nikola\local settings\application data\Apple Computer
2011-05-31 11:26:43 -------- d-----w- c:\program files\Bonjour
2011-05-31 11:25:48 -------- d-----w- c:\documents and settings\nikola\local settings\application data\Apple
2011-05-30 22:37:12 -------- d-----w- c:\program files\Conduit
2011-05-30 22:37:11 -------- d-----w- c:\documents and settings\nikola\local settings\application data\MB2
2011-05-30 22:37:09 -------- d-----w- c:\documents and settings\nikola\local settings\application data\Conduit
2011-05-30 07:29:09 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 07:29:09 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-30 07:29:09 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2011-05-27 19:34:03 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-05-27 19:18:10 -------- d-----w- c:\program files\Tennis Elbow
2011-05-27 18:59:56 153 ----a-w- c:\windows\system32\msupdte.exe
2011-05-27 18:36:11 -------- d-----w- c:\program files\Tennis Elbow 2006
2011-05-27 12:02:22 -------- d-----w- c:\documents and settings\nikola\application data\facemoods.com
2011-05-27 11:59:37 -------- d-----w- c:\program files\FreeTime
2011-05-25 21:54:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-25 21:54:41 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 21:54:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-05-25 20:44:59 -------- d-----w- c:\program files\facemoods.com
2011-05-25 20:42:57 -------- d-----w- c:\program files\JDownloader
2011-05-25 20:06:06 -------- d-----w- c:\program files\uTorrent
2011-05-25 20:05:39 -------- d-----w- c:\documents and settings\nikola\application data\uTorrent
2011-05-25 19:35:37 -------- d-----w- c:\windows\network diagnostic
2011-05-25 19:34:29 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-25 19:34:29 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-25 19:34:28 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-05-25 19:34:28 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-25 19:34:28 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-25 19:34:28 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-25 19:34:27 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-25 19:34:24 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-25 19:20:43 -------- d-----w- c:\program files\MB2
2011-05-25 16:44:53 -------- d-----w- c:\program files\vShare.tv plugin
2011-05-25 11:50:52 -------- d-----w- c:\program files\P2PFilter
2011-05-20 17:53:19 237568 ----a-w- c:\windows\system32\foovooquamag.exe
2011-05-18 19:09:56 -------- d-----w- c:\program files\VideoLAN
2011-05-17 19:57:18 -------- d-----w- c:\documents and settings\nikola\application data\DDMSettings
2011-05-17 19:53:10 -------- d-----w- c:\program files\common files\DivX Shared
2011-05-17 19:23:01 -------- d-----w- c:\program files\DivX
2011-05-17 19:21:22 -------- d-----w- c:\documents and settings\all users\application data\DivX
2011-05-17 19:11:45 11776 ----a-w- c:\program files\mozilla firefox\plugins\nprjplug.dll
2011-05-17 19:11:21 -------- d-----w- c:\program files\common files\xing shared
2011-05-17 19:11:07 150712 ----a-w- c:\program files\mozilla firefox\plugins\nppl3260.dll
2011-05-17 19:11:00 105472 ----a-w- c:\program files\mozilla firefox\plugins\nprpjplug.dll
2011-05-17 08:43:49 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-05-17 08:43:49 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-05-17 08:43:48 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-17 08:43:47 0 ----a-w- c:\windows\system32\TMPCA.tmp
2011-05-16 14:12:42 -------- d-----w- c:\program files\Veetle
2011-05-16 13:58:18 -------- d-----w- c:\program files\Babylon
2011-05-16 12:05:16 -------- d-----w- c:\program files\FreeZ Online TV
2011-05-16 12:00:41 -------- d-----w- c:\documents and settings\all users\application data\install_clap
2011-05-16 11:38:06 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-16 11:37:47 40112 ----a-w- c:\windows\avastSS.scr
2011-05-16 11:37:25 -------- d-----w- c:\program files\AVAST Software
2011-05-16 11:37:25 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-05-16 07:29:10 -------- d-----w- c:\windows\ServicePackFiles
2011-05-15 20:04:36 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-15 20:04:35 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-15 20:04:33 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-05-15 20:04:33 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-15 19:52:54 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-15 19:52:54 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-15 19:49:49 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-05-15 18:48:29 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-05-15 18:48:28 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-05-15 18:48:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-05-15 18:48:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-05-15 18:48:11 -------- d-----w- c:\program files\Join Air
2011-05-13 15:19:22 -------- d-----w- c:\windows\system32\PreInstall
2011-05-13 15:19:19 -------- d--h--w- c:\windows\$hf_mig$
2011-05-12 13:56:42 -------- d-----w- c:\documents and settings\nikola\local settings\application data\AskToolbar
2011-05-12 13:56:39 -------- d-----w- c:\documents and settings\nikola\application data\BabylonToolbar
2011-05-12 13:52:26 -------- d-----w- c:\program files\Ask.com
2011-05-12 13:51:49 -------- d-----w- c:\program files\GRETECH
2011-05-12 13:51:49 -------- d-----w- c:\program files\BabylonToolbar
2011-05-12 12:22:54 -------- d-----w- c:\windows\system32\SupportAppCB
2011-05-10 19:09:47 -------- d-----w- c:\program files\Tennis Elbow 2009
2011-05-08 16:11:27 -------- d-----w- c:\program files\directx
2011-05-08 16:09:29 -------- d-----w- c:\program files\GameSpy Arcade
2011-05-08 16:08:35 -------- d-----w- c:\program files\EA Games
2011-05-08 16:01:34 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-08 16:01:21 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-05-08 16:00:32 -------- d-----w- c:\documents and settings\nikola\application data\DAEMON Tools Lite
2011-05-08 15:54:52 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Lite
.
==================== Find3M ====================
.
2011-06-02 00:27:49 353576 ----a-w- c:\windows\system32\msvcr71.dll
2011-06-02 00:27:48 505128 ----a-w- c:\windows\system32\msvcp71.dll
2011-05-30 12:34:56 79872 --sh--r- c:\documents and settings\nikola\fxmdk.exe
2011-05-08 16:09:59 12464 ----a-w- c:\windows\system32\drivers\secdrv.sys
2011-04-26 09:59:24 225280 ----a-w- c:\windows\system32\tety.exe
2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr
.
============= FINISH: 15:48:08.39 ===============
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
https://www.mycity.rs/must-login.png
Kad se zavrsio scan od gmer1 izbacilo mi je sledecu poruku pre nego sam sacuvao log:
|
|
|
|
Poslao: 05 Jun 2011 19:58
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Pozdrav Springfield
U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;
Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om;
Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK
-------------------------------------------------------------------------------------
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.
Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
|
|
|
|
Poslao: 05 Jun 2011 21:10
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Dok sam cekao na vas odgovor unistalirao sam puno nepotrebnih programa (i ovaj avast sto je imao) addona, ocistio registre itd... Takodje mi je rekao da mu se po nekad pri paljenju kompa pojavljuje plavi ekran. Uzeo sam sp3 i instalirao pri kraju instalacije pojavilo mi se neko upozorenje nevezano za sp3 i za 55sec mi se ugasio racunar tako je pisalo to nisam mogao da sprijecim. Medjutim kada sam ponovo upalio racunar pise da je sp3 u my computer/propertis/general (iako nije do kraja zavrseno bilo). Kasnije sam opet nesto restartovao racunar ali posle toga uvijek mi je iskakao plavi ekran nikako nisam mogao da podignem windows posle vise pokusaja dzaba nije cek ni hteo safe mode ali sam uspjeo nekako safe mode with networking ali ne mogu da napravim internet konekciju, pa sam na mom kompu skinuo combofix prebacio preko fleske i pokrenuo. Posto nema neta nije moglo da kreira recovery console jer je trazilo net da bi je skinulo... medjutim combofix je nastavio dalje obavio to sto treba restartovao se komp i normalno se podigao windows. Evo me sad sa zarazenog kompa i evo loga.
ComboFix 11-06-05.02 - nikola 06/06/2011 20:38:05.1.2 - x86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1013.680 [GMT 2:00]
Running from: c:\documents and settings\nikola\Desktop\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\fxmdk.exe
c:\documents and settings\LocalService\Application Data\Microsoft\lasofag.exe
c:\documents and settings\LocalService\Application Data\Microsoft\tety.exe
c:\documents and settings\LocalService\Application Data\Microsoft\woozyj.exe
c:\documents and settings\nikola\Application Data\facemoods.com
c:\documents and settings\nikola\fxmdk.exe
c:\documents and settings\nikola\My Documents\BackupRegistry(20110606).reg
c:\recycler\S-1-5-21-3197867793-2602222726-396358751-6476\djwi2kcew.exe
c:\windows\system32\msupdte.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AtapiDrv
.
.
((((((((((((((((((((((((( Files Created from 2011-05-06 to 2011-06-06 )))))))))))))))))))))))))))))))
.
.
2011-06-06 18:05 . 2011-06-06 18:44 -------- d-----w- c:\documents and settings\Administrator
2011-06-06 16:42 . 2011-06-06 16:42 -------- d-----w- c:\program files\Yamicsoft
2011-06-06 16:41 . 2011-06-06 16:41 -------- d-----w- c:\windows\LastGood.Tmp
2011-06-06 16:39 . 2011-06-06 16:39 237568 ----a-w- c:\windows\system32\suzassop.exe
2011-06-06 16:26 . 2011-06-06 16:39 237568 ----a-w- c:\windows\system32\boukubeci.exe
2011-06-06 16:25 . 2011-06-06 16:39 237568 ----a-w- c:\windows\system32\zicizylou.exe
2011-06-06 16:23 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-06 15:50 . 2008-04-14 03:42 76800 ------w- c:\windows\system32\qutil.dll
2011-06-06 15:46 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-06-06 15:46 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-06-06 15:21 . 2011-06-06 15:22 -------- d-----w- C:\b4fc9c3ce687edd38301c03567
2011-06-06 15:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-06 14:30 . 2011-06-06 14:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-06 14:20 . 2011-06-06 14:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 14:19 . 2011-06-06 14:19 -------- d-----w- c:\documents and settings\nikola\Application Data\Qualys
2011-06-06 13:40 . 2011-06-06 13:40 237568 ----a-w- c:\windows\system32\woozyj.exe
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\MacSearch_v.1.4.3
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\TrueTransparency
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\Styler
2011-06-03 01:45 . 2011-06-03 01:45 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\PCHealth
2011-06-02 23:23 . 2011-06-02 23:23 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\CyberLink
2011-06-02 21:44 . 2011-06-06 18:47 -------- d-----w- c:\program files\Common Files\Akamai
2011-06-02 21:11 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-06-02 21:11 . 2011-06-02 21:11 -------- d-----w- c:\program files\CamStudio 2.6b
2011-06-02 19:41 . 2011-06-02 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PDVD
2011-06-02 19:30 . 2011-06-02 19:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\MediaServer
2011-06-02 19:28 . 2011-06-02 19:28 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\MediaServer
2011-06-02 08:23 . 2011-06-02 08:23 -------- d-----w- c:\documents and settings\nikola\Application Data\BSplayer Pro
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\program files\MSBuild
2011-06-02 01:06 . 2011-06-02 01:06 -------- d-----w- c:\program files\Reference Assemblies
2011-06-02 01:06 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-02 01:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2011-06-02 01:06 -------- d-----w- C:\dd895d9eab67ad66bb5394429b8b
2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files\MSXML 6.0
2011-06-02 00:31 . 2011-06-02 00:31 -------- d-----w- c:\program files\Common Files\CyberLink
2011-06-02 00:28 . 2011-06-02 00:27 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-31 11:27 . 2011-05-31 11:28 -------- d-----w- c:\documents and settings\nikola\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\program files\Safari
2011-05-31 11:26 . 2011-05-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-05-30 22:37 . 2011-06-06 17:16 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Conduit
2011-05-30 07:29 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 07:29 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-29 13:25 . 2011-05-29 13:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-27 19:34 . 2011-06-04 09:54 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-05-27 19:18 . 2011-05-27 19:22 -------- d-----w- c:\program files\Tennis Elbow
2011-05-27 18:36 . 2011-06-02 18:30 -------- d-----w- c:\program files\Tennis Elbow 2006
2011-05-25 21:55 . 2011-05-25 21:55 -------- d-----w- c:\program files\Common Files\Java
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 -------- d-----w- c:\program files\Java
2011-05-25 20:42 . 2011-05-25 22:04 -------- d-----w- c:\program files\JDownloader
2011-05-25 20:06 . 2011-05-25 20:06 -------- d-----w- c:\program files\uTorrent
2011-05-25 20:05 . 2011-06-06 12:45 -------- d-----w- c:\documents and settings\nikola\Application Data\uTorrent
2011-05-25 19:34 . 2010-05-04 17:20 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-25 19:34 . 2010-05-04 17:20 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-25 19:34 . 2010-05-04 17:20 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-25 19:34 . 2010-05-04 17:20 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-25 19:34 . 2010-05-04 17:20 63488 -c----w- c:\windows\system32\dllcache\icardie.dll
2011-05-25 19:34 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-25 19:34 . 2010-02-22 22:04 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-25 19:34 . 2010-05-04 17:20 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-25 16:44 . 2011-05-25 16:45 -------- d-----w- c:\program files\vShare.tv plugin
2011-05-25 14:12 . 2011-05-25 14:12 -------- d-----w- c:\documents and settings\nikola\Application Data\DivX
2011-05-20 17:53 . 2011-05-21 12:25 237568 ----a-w- c:\windows\system32\foovooquamag.exe
2011-05-17 19:23 . 2011-06-06 17:11 -------- d-----w- c:\program files\DivX
2011-05-17 19:21 . 2011-06-06 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-05-17 19:10 . 2011-06-06 17:26 -------- d-----w- c:\program files\Real
2011-05-17 08:43 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-16 14:12 . 2011-05-16 14:12 -------- d-----w- c:\program files\Veetle
2011-05-16 12:05 . 2011-05-16 12:05 -------- d-----w- c:\program files\FreeZ Online TV
2011-05-16 12:00 . 2011-06-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2011-05-16 11:37 . 2011-06-06 18:04 -------- d-----w- c:\program files\AVAST Software
2011-05-16 11:37 . 2011-06-06 16:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 07:29 . 2011-06-06 15:47 -------- d-----w- c:\windows\ServicePackFiles
2011-05-15 20:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-15 20:04 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-05-15 20:04 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-05-15 20:04 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-05-15 20:04 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-05-15 20:04 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-05-15 20:04 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-05-15 20:04 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-05-15 20:04 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-05-15 20:04 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-05-15 20:04 . 2009-02-06 11:06 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-05-15 20:04 . 2009-02-06 11:08 2189056 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-05-15 20:04 . 2009-02-06 10:32 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-05-15 19:53 . 2009-10-12 13:38 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2011-05-15 19:53 . 2009-10-12 13:38 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2011-05-15 19:52 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-05-15 19:52 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2011-05-15 19:51 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2011-05-15 19:49 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-05-15 19:46 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-05-15 19:46 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-05-15 19:20 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-05-15 19:01 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-05-15 18:55 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2011-05-15 18:55 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-05-15 18:48 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbser6k.sys
2011-05-15 18:48 . 2009-10-29 17:28 9216 ----a-w- c:\windows\system32\drivers\massfilter.sys
2011-05-15 18:48 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbnmea.sys
2011-05-15 18:48 . 2009-10-29 17:28 105088 ----a-w- c:\windows\system32\drivers\ZTEusbmdm6k.sys
2011-05-15 18:48 . 2011-05-15 18:50 -------- d-----w- c:\program files\Join Air
2011-05-13 15:19 . 2011-06-06 14:33 -------- d--h--w- c:\windows\$hf_mig$
2011-05-12 14:52 . 2009-05-07 15:32 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2011-05-12 14:51 . 2009-11-27 17:11 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2011-05-12 14:51 . 2009-11-27 17:11 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2011-05-12 13:56 . 2011-05-12 14:29 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\AskToolbar
2011-05-12 13:56 . 2011-05-12 13:56 -------- d-----w- c:\documents and settings\nikola\Application Data\BabylonToolbar
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-06 13:40 . 2011-04-26 09:59 237568 ----a-w- c:\windows\system32\tety.exe
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-14 16:26 . 2011-05-12 14:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"S6000Mnt"="S6000Rmv.dll " [X]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-06-17 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"rofi"="c:\windows\system32\woozyj.exe" [2011-06-06 237568]
"fougo"="c:\windows\system32\zicizylou.exe" [2011-06-06 237568]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
c:\documents and settings\nikola\Start Menu\Programs\Startup\
0dtz2fv.exe [2011-6-2 11776]
0fbww6i.exe [2011-6-6 11776]
0p0fvb6.exe [2011-5-15 42496]
1grsnde.exe [2011-6-2 11776]
5jfabg8.exe [2011-5-12 42496]
5ukk6w0.exe [2011-6-2 11776]
60zffvb.exe [2011-6-6 11776]
6a81xst.exe [2011-5-15 42496]
6kfbb2h.exe [2011-5-12 42496]
70nidep.exe [2011-6-2 11776]
70zvqq6.exe [2011-6-6 11776]
9euu81g.exe [2011-5-16 43008]
a86cxtt2zav.exe [2011-6-2 11776]
brx66o81alm.exe [2011-6-2 11776]
e6u81g2hi.exe [2011-5-12 42496]
f0lhcc6oo.exe [2011-6-6 11776]
g3iiduupggb.exe [2011-4-26 39936]
i1efk86w.exe [2011-6-2 11776]
i1y97081w.exe [2011-5-16 42496]
jj2f0bg97.exe [2011-6-6 11776]
k0lhh2ndez.exe [2011-5-12 42496]
kfl66c87.exe [2011-5-15 43008]
kkaq1h70.exe [2011-5-12 43008]
lccxoojaavm.exe [2011-4-26 39936]
o1efk86w81.exe [2011-4-26 39936]
oz0fg6w81.exe [2011-5-15 43008]
q6sntjzu.exe [2011-6-2 11776]
qgw1n70jff.exe [2011-5-16 42496]
rhidtupfgb.exe [2011-6-2 11776]
rw81i3upfg.exe [2011-6-2 11776]
ty81kvwrx6.exe [2011-6-2 11776]
u3q69sdd.exe [2011-6-6 11776]
u3wwrii9o1k.exe [2011-6-6 11776]
vqwchs9ok.exe [2011-6-6 11776]
vrr2xyjo86a.exe [2011-5-16 43008]
w70xtoo6a.exe [2011-4-26 50176]
w8dijppql.exe [2011-5-12 43008]
xcdyoppql.exe [2011-5-12 43008]
y0zf5wwmns.exe [2011-6-6 11776]
y6o8avlmh.exe [2011-6-6 11776]
y7081g91sdt.exe [2011-5-16 43008]
yy6kk6ww6.exe [2011-6-6 11776]
zqqlccx2.exe [2011-6-6 11776]
zulbbrx60z.exe [2011-6-2 11776]
zva3w1ni1pp.exe [2011-5-12 43008]
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^0dtz2fv.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\0dtz2fv.exe
backup=c:\windows\pss\0dtz2fv.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^0p0fvb6.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\0p0fvb6.exe
backup=c:\windows\pss\0p0fvb6.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^1grsnde.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\1grsnde.exe
backup=c:\windows\pss\1grsnde.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^5jfabg8.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\5jfabg8.exe
backup=c:\windows\pss\5jfabg8.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^5ukk6w0.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\5ukk6w0.exe
backup=c:\windows\pss\5ukk6w0.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^6a81xst.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\6a81xst.exe
backup=c:\windows\pss\6a81xst.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^6kfbb2h.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\6kfbb2h.exe
backup=c:\windows\pss\6kfbb2h.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^70nidep.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\70nidep.exe
backup=c:\windows\pss\70nidep.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^9euu81g.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\9euu81g.exe
backup=c:\windows\pss\9euu81g.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^a86cxtt2zav.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\a86cxtt2zav.exe
backup=c:\windows\pss\a86cxtt2zav.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^brx66o81alm.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\brx66o81alm.exe
backup=c:\windows\pss\brx66o81alm.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^e6u81g2hi.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\e6u81g2hi.exe
backup=c:\windows\pss\e6u81g2hi.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^g3iiduupggb.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\g3iiduupggb.exe
backup=c:\windows\pss\g3iiduupggb.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^i1efk86w.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\i1efk86w.exe
backup=c:\windows\pss\i1efk86w.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^i1y97081w.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\i1y97081w.exe
backup=c:\windows\pss\i1y97081w.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^k0lhh2ndez.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\k0lhh2ndez.exe
backup=c:\windows\pss\k0lhh2ndez.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^kfl66c87.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\kfl66c87.exe
backup=c:\windows\pss\kfl66c87.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^kkaq1h70.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\kkaq1h70.exe
backup=c:\windows\pss\kkaq1h70.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^lccxoojaavm.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\lccxoojaavm.exe
backup=c:\windows\pss\lccxoojaavm.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^o1efk86w81.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\o1efk86w81.exe
backup=c:\windows\pss\o1efk86w81.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^oz0fg6w81.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\oz0fg6w81.exe
backup=c:\windows\pss\oz0fg6w81.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^q6sntjzu.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\q6sntjzu.exe
backup=c:\windows\pss\q6sntjzu.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^qgw1n70jff.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\qgw1n70jff.exe
backup=c:\windows\pss\qgw1n70jff.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^rhidtupfgb.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\rhidtupfgb.exe
backup=c:\windows\pss\rhidtupfgb.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^rw81i3upfg.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\rw81i3upfg.exe
backup=c:\windows\pss\rw81i3upfg.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^ty81kvwrx6.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\ty81kvwrx6.exe
backup=c:\windows\pss\ty81kvwrx6.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^vrr2xyjo86a.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\vrr2xyjo86a.exe
backup=c:\windows\pss\vrr2xyjo86a.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^w70xtoo6a.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\w70xtoo6a.exe
backup=c:\windows\pss\w70xtoo6a.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^w8dijppql.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\w8dijppql.exe
backup=c:\windows\pss\w8dijppql.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^xcdyoppql.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\xcdyoppql.exe
backup=c:\windows\pss\xcdyoppql.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^y7081g91sdt.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\y7081g91sdt.exe
backup=c:\windows\pss\y7081g91sdt.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^zulbbrx60z.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\zulbbrx60z.exe
backup=c:\windows\pss\zulbbrx60z.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^zva3w1ni1pp.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\zva3w1ni1pp.exe
backup=c:\windows\pss\zva3w1ni1pp.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BabylonToolbar
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facebook
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl11
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-07-14 19:37 138584 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-25 20:06 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/8/2011 6:01 PM 691696]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/3/2004 3:44 PM 14336]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [5/15/2011 8:48 PM 252784]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/23/2011 3:38 PM 63088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/24/2011 9:35 PM 6650752]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [4/24/2011 4:32 PM 3221120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S2 orutvya36rvdu;Canon BJ Memory Card Manager;c:\windows\system32\getybe.exe --> c:\windows\system32\getybe.exe [?]
S2 s1e0efdaow9y;SigmaTel Audio Service;c:\windows\system32\tety.exe [4/26/2011 11:59 AM 237568]
S2 uijziiayqaa;Crystal Report Application Server;c:\windows\system32\boukubeci.exe [6/6/2011 6:26 PM 237568]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2011 3:39 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [5/15/2011 8:48 PM 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
uInternet Settings,ProxyOverride = *.local
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nikola\Application Data\Mozilla\Firefox\Profiles\s6zub8do.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q=
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Microsoft WinUpdate - c:\windows\system32\msupdte.exe
MSConfigStartUp-PWRISOVM - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 20:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3884)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\WebCam\S6000\S6000Mnt.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-06 20:52:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-06 18:52
.
Pre-Run: 197,234,446,336 bytes free
Post-Run: 197,472,407,552 bytes free
.
Current=2 Default=2 Failed=1 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - CFB8A8CF20539D0722F73E89F7D3D4A8
|
|
|
|
Poslao: 06 Jun 2011 18:04
|
offline
- NIx Car
- Legendarni građanin
- Més que un club
- Glavni vokal @ Harpun
- Pridružio: 27 Feb 2009
- Poruke: 3898
- Gde živiš: Novi Sad,Klisa
|
Otvoriti Notepad i iskopirati sledeci tekst:
KillAll::
File::
c:\windows\system32\tety.exe
c:\windows\system32\foovooquamag.exe
c:\windows\system32\woozyj.exe
c:\windows\system32\zicizylou.exe
c:\windows\system32\boukubeci.exe
c:\windows\system32\suzassop.exe
c:\windows\pss\0dtz2fv.exeStartup
c:\windows\pss\0p0fvb6.exeStartup
c:\windows\pss\1grsnde.exeStartup
c:\windows\pss\5jfabg8.exeStartup
c:\windows\pss\5ukk6w0.exeStartup
c:\windows\pss\6a81xst.exeStartup
c:\windows\pss\6kfbb2h.exeStartup
c:\windows\pss\70nidep.exeStartup
c:\windows\pss\9euu81g.exeStartup
c:\windows\pss\a86cxtt2zav.exeStartup
c:\windows\pss\brx66o81alm.exeStartup
c:\windows\pss\e6u81g2hi.exeStartup
c:\windows\pss\g3iiduupggb.exeStartup
c:\windows\pss\i1efk86w.exeStartup
c:\windows\pss\i1y97081w.exeStartup
c:\windows\pss\kfl66c87.exeStartup
c:\windows\pss\kkaq1h70.exeStartup
c:\windows\pss\k0lhh2ndez.exeStartup
c:\windows\pss\lccxoojaavm.exeStartup
c:\windows\pss\o1efk86w81.exeStartup
c:\windows\pss\oz0fg6w81.exeStartup
c:\windows\pss\q6sntjzu.exeStartup
c:\windows\pss\qgw1n70jff.exeStartup
c:\windows\pss\rhidtupfgb.exeStartup
c:\windows\pss\rw81i3upfg.exeStartup
c:\windows\pss\ty81kvwrx6.exeStartup
c:\windows\pss\vrr2xyjo86a.exeStartup
c:\windows\pss\w70xtoo6a.exeStartup
c:\windows\pss\w8dijppql.exeStartup
c:\windows\pss\xcdyoppql.exeStartup
c:\windows\pss\y7081g91sdt.exeStartup
c:\windows\pss\zulbbrx60z.exeStartup
c:\windows\pss\zva3w1ni1pp.exeStartup
c:\windows\system32\getybe.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\0dtz2fv.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\0fbww6i.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\0p0fvb6.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\1grsnde.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\5jfabg8.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\5ukk6w0.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\60zffvb.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\6a81xst.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\6kfbb2h.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\70nidep.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\70zvqq6.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\9euu81g.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\a86cxtt2zav.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\brx66o81alm.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\e6u81g2hi.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\f0lhcc6oo.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\g3iiduupggb.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\i1efk86w.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\i1y97081w.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\jj2f0bg97.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\k0lhh2ndez.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\kfl66c87.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\kkaq1h70.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\lccxoojaavm.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\o1efk86w81.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\oz0fg6w81.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\q6sntjzu.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\qgw1n70jff.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\rhidtupfgb.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\rw81i3upfg.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\ty81kvwrx6.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\u3q69sdd.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\u3wwrii9o1k.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\vqwchs9ok.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\vrr2xyjo86a.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\w70xtoo6a.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\w8dijppql.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\xcdyoppql.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\y0zf5wwmns.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\y6o8avlmh.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\y7081g91sdt.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\yy6kk6ww6.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\zqqlccx2.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\zulbbrx60z.exe
c:\documents and settings\nikola\Start Menu\Programs\Startup\zva3w1ni1pp.exe
Driver::
orutvya36rvdu
s1e0efdaow9y
uijziiayqaa
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facebook]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\facemoods]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^0dtz2fv.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^0p0fvb6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^1grsnde.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^5jfabg8.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^5ukk6w0.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^6a81xst.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^6kfbb2h.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^70nidep.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^9euu81g.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^a86cxtt2zav.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^brx66o81alm.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^e6u81g2hi.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^g3iiduupggb.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^i1efk86w.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^i1y97081w.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^k0lhh2ndez.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^kfl66c87.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^kkaq1h70.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^lccxoojaavm.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^o1efk86w81.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^oz0fg6w81.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^q6sntjzu.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^qgw1n70jff.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^rhidtupfgb.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^rw81i3upfg.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^ty81kvwrx6.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^vrr2xyjo86a.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^w70xtoo6a.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^w8dijppql.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^xcdyoppql.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^y7081g91sdt.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^zulbbrx60z.exe]
[-HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^zva3w1ni1pp.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rofi"=-
"fougo"=-
DDS::
uStart Page = hxxp://start.facemoods.com/?a=ddrnw
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
Poslao: 06 Jun 2011 18:56
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
U medjuvremenu sam instalirao MCShield i Avast free a evo loga:
ComboFix 11-06-06.01 - nikola 06/07/2011 18:29:24.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1013.720 [GMT 2:00]
Running from: c:\documents and settings\nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\nikola\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\nikola\Start Menu\Programs\Startup\0dtz2fv.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\0fbww6i.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\0p0fvb6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\1grsnde.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\5jfabg8.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\5ukk6w0.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\60zffvb.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\6a81xst.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\6kfbb2h.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\70nidep.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\70zvqq6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\9euu81g.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\a86cxtt2zav.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\brx66o81alm.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\e6u81g2hi.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\f0lhcc6oo.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\g3iiduupggb.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\i1efk86w.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\i1y97081w.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\jj2f0bg97.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\k0lhh2ndez.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\kfl66c87.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\kkaq1h70.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\lccxoojaavm.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\o1efk86w81.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\oz0fg6w81.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\q6sntjzu.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\qgw1n70jff.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\rhidtupfgb.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\rw81i3upfg.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\ty81kvwrx6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\u3q69sdd.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\u3wwrii9o1k.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\vqwchs9ok.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\vrr2xyjo86a.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\w70xtoo6a.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\w8dijppql.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\xcdyoppql.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\y0zf5wwmns.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\y6o8avlmh.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\y7081g91sdt.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\yy6kk6ww6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\zqqlccx2.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\zulbbrx60z.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\zva3w1ni1pp.exe"
"c:\windows\pss\0dtz2fv.exeStartup"
"c:\windows\pss\0p0fvb6.exeStartup"
"c:\windows\pss\1grsnde.exeStartup"
"c:\windows\pss\5jfabg8.exeStartup"
"c:\windows\pss\5ukk6w0.exeStartup"
"c:\windows\pss\6a81xst.exeStartup"
"c:\windows\pss\6kfbb2h.exeStartup"
"c:\windows\pss\70nidep.exeStartup"
"c:\windows\pss\9euu81g.exeStartup"
"c:\windows\pss\a86cxtt2zav.exeStartup"
"c:\windows\pss\brx66o81alm.exeStartup"
"c:\windows\pss\e6u81g2hi.exeStartup"
"c:\windows\pss\g3iiduupggb.exeStartup"
"c:\windows\pss\i1efk86w.exeStartup"
"c:\windows\pss\i1y97081w.exeStartup"
"c:\windows\pss\k0lhh2ndez.exeStartup"
"c:\windows\pss\kfl66c87.exeStartup"
"c:\windows\pss\kkaq1h70.exeStartup"
"c:\windows\pss\lccxoojaavm.exeStartup"
"c:\windows\pss\o1efk86w81.exeStartup"
"c:\windows\pss\oz0fg6w81.exeStartup"
"c:\windows\pss\q6sntjzu.exeStartup"
"c:\windows\pss\qgw1n70jff.exeStartup"
"c:\windows\pss\rhidtupfgb.exeStartup"
"c:\windows\pss\rw81i3upfg.exeStartup"
"c:\windows\pss\ty81kvwrx6.exeStartup"
"c:\windows\pss\vrr2xyjo86a.exeStartup"
"c:\windows\pss\w70xtoo6a.exeStartup"
"c:\windows\pss\w8dijppql.exeStartup"
"c:\windows\pss\xcdyoppql.exeStartup"
"c:\windows\pss\y7081g91sdt.exeStartup"
"c:\windows\pss\zulbbrx60z.exeStartup"
"c:\windows\pss\zva3w1ni1pp.exeStartup"
"c:\windows\system32\boukubeci.exe"
"c:\windows\system32\foovooquamag.exe"
"c:\windows\system32\getybe.exe"
"c:\windows\system32\suzassop.exe"
"c:\windows\system32\tety.exe"
"c:\windows\system32\woozyj.exe"
"c:\windows\system32\zicizylou.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\zicizylou.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ORUTVYA36RVDU
-------\Legacy_S1E0EFDAOW9Y
-------\Legacy_UIJZIIAYQAA
-------\Service_orutvya36rvdu
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 15:12 . 2011-06-07 15:12 -------- d-sh--w- c:\documents and settings\nikola\IETldCache
2011-06-07 15:01 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-07 15:00 . 2011-02-22 23:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-07 15:00 . 2011-02-22 23:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-07 15:00 . 2011-02-22 23:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-07 14:57 . 2011-06-07 15:00 -------- dc-h--w- c:\windows\ie8
2011-06-07 12:11 . 2011-06-07 12:11 -------- d-----w- c:\documents and settings\nikola\Application Data\Media Player Classic
2011-06-07 11:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-06-07 11:50 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-06-07 11:50 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-07 11:50 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-07 11:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-06-07 11:50 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-06-07 11:50 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-07 11:50 . 2011-06-07 11:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-06-07 11:03 . 2011-06-07 11:03 7808 ----a-w- c:\windows\system32\drivers\gflmouhid.sys
2011-06-07 10:51 . 2011-06-07 10:51 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-06-07 10:36 . 2011-06-07 10:44 -------- d-----w- c:\documents and settings\nikola\Application Data\Uniblue
2011-06-07 10:36 . 2011-06-07 10:36 -------- d-----w- c:\program files\Uniblue
2011-06-06 20:19 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 20:19 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-06 20:19 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-06 20:19 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-06 20:19 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-06 20:19 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-06 20:19 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-06 20:18 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-06 20:18 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-06 20:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-06 20:15 . 2011-06-07 16:46 -------- d-----w- c:\documents and settings\nikola\Application Data\MCShield
2011-06-06 20:15 . 2011-06-06 20:15 -------- d-----w- c:\program files\MCShield
2011-06-06 18:05 . 2011-06-06 18:44 -------- d-----w- c:\documents and settings\Administrator
2011-06-06 16:43 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-06 16:42 . 2011-06-06 16:42 -------- d-----w- c:\program files\Yamicsoft
2011-06-06 16:39 . 2011-06-06 16:39 237568 ----a-w- c:\windows\system32\suzassop.exe
2011-06-06 16:23 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-06 15:50 . 2008-04-14 03:42 76800 ------w- c:\windows\system32\qutil.dll
2011-06-06 15:46 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-06-06 15:46 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-06-06 15:21 . 2011-06-06 15:22 -------- d-----w- C:\b4fc9c3ce687edd38301c03567
2011-06-06 15:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-06 14:30 . 2011-06-06 14:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-06 14:20 . 2011-06-06 14:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 14:19 . 2011-06-06 14:19 -------- d-----w- c:\documents and settings\nikola\Application Data\Qualys
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\MacSearch_v.1.4.3
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\TrueTransparency
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\Styler
2011-06-03 01:45 . 2011-06-03 01:45 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\PCHealth
2011-06-02 23:23 . 2011-06-02 23:23 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\CyberLink
2011-06-02 21:44 . 2011-06-07 16:46 -------- d-----w- c:\program files\Common Files\Akamai
2011-06-02 21:11 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-06-02 21:11 . 2011-06-02 21:11 -------- d-----w- c:\program files\CamStudio 2.6b
2011-06-02 19:41 . 2011-06-02 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PDVD
2011-06-02 19:30 . 2011-06-02 19:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\MediaServer
2011-06-02 19:28 . 2011-06-02 19:28 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\MediaServer
2011-06-02 08:23 . 2011-06-02 08:23 -------- d-----w- c:\documents and settings\nikola\Application Data\BSplayer Pro
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\program files\MSBuild
2011-06-02 01:06 . 2011-06-02 01:06 -------- d-----w- c:\program files\Reference Assemblies
2011-06-02 01:06 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-02 01:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2011-06-02 01:06 -------- d-----w- C:\dd895d9eab67ad66bb5394429b8b
2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files\MSXML 6.0
2011-06-02 00:31 . 2011-06-02 00:31 -------- d-----w- c:\program files\Common Files\CyberLink
2011-06-02 00:28 . 2011-06-02 00:27 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-31 11:27 . 2011-05-31 11:28 -------- d-----w- c:\documents and settings\nikola\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\program files\Safari
2011-05-31 11:26 . 2011-05-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-05-30 22:37 . 2011-06-06 17:16 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Conduit
2011-05-30 07:29 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 07:29 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-29 13:25 . 2011-05-29 13:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-27 19:34 . 2011-06-04 09:54 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-05-27 19:18 . 2011-05-27 19:22 -------- d-----w- c:\program files\Tennis Elbow
2011-05-27 18:36 . 2011-06-02 18:30 -------- d-----w- c:\program files\Tennis Elbow 2006
2011-05-25 21:55 . 2011-05-25 21:55 -------- d-----w- c:\program files\Common Files\Java
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 -------- d-----w- c:\program files\Java
2011-05-25 20:42 . 2011-05-25 22:04 -------- d-----w- c:\program files\JDownloader
2011-05-25 20:06 . 2011-05-25 20:06 -------- d-----w- c:\program files\uTorrent
2011-05-25 20:05 . 2011-06-06 12:45 -------- d-----w- c:\documents and settings\nikola\Application Data\uTorrent
2011-05-25 19:34 . 2011-02-22 23:06 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-25 19:34 . 2011-02-22 23:06 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-25 19:34 . 2011-02-22 23:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-25 19:34 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-25 19:34 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-25 19:34 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-25 19:34 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-25 19:34 . 2011-02-22 23:06 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-25 16:44 . 2011-05-25 16:45 -------- d-----w- c:\program files\vShare.tv plugin
2011-05-25 14:12 . 2011-05-25 14:12 -------- d-----w- c:\documents and settings\nikola\Application Data\DivX
2011-05-20 17:53 . 2011-05-21 12:25 237568 ----a-w- c:\windows\system32\foovooquamag.exe
2011-05-17 19:23 . 2011-06-06 17:11 -------- d-----w- c:\program files\DivX
2011-05-17 19:21 . 2011-06-06 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-05-17 19:10 . 2011-06-06 17:26 -------- d-----w- c:\program files\Real
2011-05-17 08:43 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-16 14:12 . 2011-05-16 14:12 -------- d-----w- c:\program files\Veetle
2011-05-16 12:05 . 2011-05-16 12:05 -------- d-----w- c:\program files\FreeZ Online TV
2011-05-16 12:00 . 2011-06-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\program files\AVAST Software
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 07:29 . 2011-06-06 15:47 -------- d-----w- c:\windows\ServicePackFiles
2011-05-15 20:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-15 20:04 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-05-15 20:04 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-05-15 20:04 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-05-15 20:04 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-05-15 20:04 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-05-15 20:04 . 2009-06-25 08:25 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2011-05-15 20:04 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 16:01 . 2011-05-08 16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-14 16:26 . 2011-05-12 14:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^0fbww6i.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\0fbww6i.exe
backup=c:\windows\pss\0fbww6i.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^60zffvb.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\60zffvb.exe
backup=c:\windows\pss\60zffvb.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^70zvqq6.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\70zvqq6.exe
backup=c:\windows\pss\70zvqq6.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^f0lhcc6oo.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\f0lhcc6oo.exe
backup=c:\windows\pss\f0lhcc6oo.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^jj2f0bg97.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\jj2f0bg97.exe
backup=c:\windows\pss\jj2f0bg97.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^u3q69sdd.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\u3q69sdd.exe
backup=c:\windows\pss\u3q69sdd.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^u3wwrii9o1k.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\u3wwrii9o1k.exe
backup=c:\windows\pss\u3wwrii9o1k.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^vqwchs9ok.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\vqwchs9ok.exe
backup=c:\windows\pss\vqwchs9ok.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^y0zf5wwmns.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\y0zf5wwmns.exe
backup=c:\windows\pss\y0zf5wwmns.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^y6o8avlmh.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\y6o8avlmh.exe
backup=c:\windows\pss\y6o8avlmh.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^yy6kk6ww6.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\yy6kk6ww6.exe
backup=c:\windows\pss\yy6kk6ww6.exeStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^nikola^Start Menu^Programs^Startup^zqqlccx2.exe]
path=c:\documents and settings\nikola\Start Menu\Programs\Startup\zqqlccx2.exe
backup=c:\windows\pss\zqqlccx2.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-17 03:33 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-01-27 06:57 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-01-21 14:06 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-07-14 19:37 138584 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-25 20:06 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/8/2011 6:01 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 10:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/6/2011 10:19 PM 307928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/3/2004 3:44 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2011 10:19 PM 19544]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [5/15/2011 8:48 PM 252784]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/23/2011 3:38 PM 63088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/24/2011 9:35 PM 6650752]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [4/24/2011 4:32 PM 3221120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2011 3:39 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [5/15/2011 8:48 PM 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nikola\Application Data\Mozilla\Firefox\Profiles\s6zub8do.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q=
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-fougo - c:\windows\system32\zicizylou.exe
MSConfigStartUp-rofi - c:\windows\system32\woozyj.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-07 18:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(628-)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2011-06-07 18:52:38 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 16:52
ComboFix2.txt 2011-06-06 18:52
.
Pre-Run: 195,869,749,248 bytes free
Post-Run: 195,840,995,328 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS\="Microsoft Windows" /noexecute=optin /fastdetect
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 9E1F2FCD7D174E92719F66A6F12C8290
|
|
|
|
|
Poslao: 07 Jun 2011 01:56
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Evo loga...
ComboFix 11-06-06.02 - nikola 06/08/2011 1:31.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1013.722 [GMT 2:00]
Running from: c:\documents and settings\nikola\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\nikola\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
FILE ::
"c:\documents and settings\nikola\Start Menu\Programs\Startup\0fbww6i.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\60zffvb.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\70zvqq6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\f0lhcc6oo.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\jj2f0bg97.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\u3q69sdd.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\u3wwrii9o1k.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\vqwchs9ok.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\y0zf5wwmns.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\y6o8avlmh.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\yy6kk6ww6.exe"
"c:\documents and settings\nikola\Start Menu\Programs\Startup\zqqlccx2.exe"
"c:\windows\pss\0fbww6i.exeStartup"
"c:\windows\pss\60zffvb.exeStartup"
"c:\windows\pss\70zvqq6.exeStartup"
"c:\windows\pss\f0lhcc6oo.exeStartup"
"c:\windows\pss\jj2f0bg97.exeStartup"
"c:\windows\pss\u3q69sdd.exeStartup"
"c:\windows\pss\u3wwrii9o1k.exeStartup"
"c:\windows\pss\vqwchs9ok.exeStartup"
"c:\windows\pss\y0zf5wwmns.exeStartup"
"c:\windows\pss\y6o8avlmh.exeStartup"
"c:\windows\pss\yy6kk6ww6.exeStartup"
"c:\windows\pss\zqqlccx2.exeStartup"
"c:\windows\system32\foovooquamag.exe"
"c:\windows\system32\suzassop.exe"
"c:\windows\system32\woozyj.exe"
"c:\windows\system32\zicizylou.exe"
.
.
((((((((((((((((((((((((( Files Created from 2011-05-07 to 2011-06-07 )))))))))))))))))))))))))))))))
.
.
2011-06-07 17:29 . 2011-06-07 17:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-07 16:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-07 16:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-07 16:03 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-07 15:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-07 15:12 . 2011-06-07 15:12 -------- d-sh--w- c:\documents and settings\nikola\IETldCache
2011-06-07 15:01 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-07 15:00 . 2011-02-22 23:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-07 15:00 . 2011-02-22 23:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-07 15:00 . 2011-02-22 23:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-07 14:57 . 2011-06-07 15:00 -------- dc-h--w- c:\windows\ie8
2011-06-07 12:11 . 2011-06-07 12:11 -------- d-----w- c:\documents and settings\nikola\Application Data\Media Player Classic
2011-06-07 11:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-06-07 11:50 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-06-07 11:50 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-07 11:50 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-07 11:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-06-07 11:50 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-06-07 11:50 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-07 11:50 . 2011-06-07 11:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-06-07 11:03 . 2011-06-07 11:03 7808 ----a-w- c:\windows\system32\drivers\gflmouhid.sys
2011-06-07 10:51 . 2011-06-07 10:51 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-06-07 10:36 . 2011-06-07 10:44 -------- d-----w- c:\documents and settings\nikola\Application Data\Uniblue
2011-06-07 10:36 . 2011-06-07 10:36 -------- d-----w- c:\program files\Uniblue
2011-06-06 20:19 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 20:19 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-06 20:19 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-06 20:19 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-06 20:19 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-06 20:19 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-06 20:19 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-06 20:18 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-06 20:18 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-06 20:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-06 20:15 . 2011-06-07 23:49 -------- d-----w- c:\documents and settings\nikola\Application Data\MCShield
2011-06-06 20:15 . 2011-06-06 20:15 -------- d-----w- c:\program files\MCShield
2011-06-06 18:05 . 2011-06-06 18:44 -------- d-----w- c:\documents and settings\Administrator
2011-06-06 16:43 . 2011-02-17 13:18 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-06 16:42 . 2011-06-06 16:42 -------- d-----w- c:\program files\Yamicsoft
2011-06-06 16:39 . 2011-06-06 16:39 237568 ----a-w- c:\windows\system32\suzassop.exe
2011-06-06 16:23 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-06 15:50 . 2008-04-14 03:42 76800 ------w- c:\windows\system32\qutil.dll
2011-06-06 15:46 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-06-06 15:46 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-06-06 15:21 . 2011-06-06 15:22 -------- d-----w- C:\b4fc9c3ce687edd38301c03567
2011-06-06 15:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-06 14:30 . 2011-06-06 14:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-06 14:20 . 2011-06-06 14:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 14:19 . 2011-06-06 14:19 -------- d-----w- c:\documents and settings\nikola\Application Data\Qualys
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\MacSearch_v.1.4.3
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\TrueTransparency
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\Styler
2011-06-03 01:45 . 2011-06-03 01:45 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\PCHealth
2011-06-02 23:23 . 2011-06-02 23:23 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\CyberLink
2011-06-02 21:44 . 2011-06-07 23:48 -------- d-----w- c:\program files\Common Files\Akamai
2011-06-02 21:11 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-06-02 21:11 . 2011-06-02 21:11 -------- d-----w- c:\program files\CamStudio 2.6b
2011-06-02 19:41 . 2011-06-02 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PDVD
2011-06-02 19:30 . 2011-06-02 19:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\MediaServer
2011-06-02 19:28 . 2011-06-02 19:28 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\MediaServer
2011-06-02 08:23 . 2011-06-02 08:23 -------- d-----w- c:\documents and settings\nikola\Application Data\BSplayer Pro
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\program files\MSBuild
2011-06-02 01:06 . 2011-06-02 01:06 -------- d-----w- c:\program files\Reference Assemblies
2011-06-02 01:06 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-02 01:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2011-06-02 01:06 -------- d-----w- C:\dd895d9eab67ad66bb5394429b8b
2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files\MSXML 6.0
2011-06-02 00:31 . 2011-06-02 00:31 -------- d-----w- c:\program files\Common Files\CyberLink
2011-06-02 00:28 . 2011-06-02 00:27 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-31 11:27 . 2011-05-31 11:28 -------- d-----w- c:\documents and settings\nikola\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\program files\Safari
2011-05-31 11:26 . 2011-05-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-05-30 22:37 . 2011-06-06 17:16 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Conduit
2011-05-30 07:29 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 07:29 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-29 13:25 . 2011-05-29 13:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-27 19:34 . 2011-06-04 09:54 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-05-27 19:18 . 2011-05-27 19:22 -------- d-----w- c:\program files\Tennis Elbow
2011-05-27 18:36 . 2011-06-02 18:30 -------- d-----w- c:\program files\Tennis Elbow 2006
2011-05-25 21:55 . 2011-05-25 21:55 -------- d-----w- c:\program files\Common Files\Java
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 -------- d-----w- c:\program files\Java
2011-05-25 20:42 . 2011-05-25 22:04 -------- d-----w- c:\program files\JDownloader
2011-05-25 20:06 . 2011-05-25 20:06 -------- d-----w- c:\program files\uTorrent
2011-05-25 20:05 . 2011-06-06 12:45 -------- d-----w- c:\documents and settings\nikola\Application Data\uTorrent
2011-05-25 19:34 . 2011-02-22 23:06 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-25 19:34 . 2011-02-22 23:06 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-25 19:34 . 2011-02-22 23:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-25 19:34 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-25 19:34 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-25 19:34 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-25 19:34 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-25 19:34 . 2011-02-22 23:06 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-25 16:44 . 2011-05-25 16:45 -------- d-----w- c:\program files\vShare.tv plugin
2011-05-25 14:12 . 2011-05-25 14:12 -------- d-----w- c:\documents and settings\nikola\Application Data\DivX
2011-05-20 17:53 . 2011-05-21 12:25 237568 ----a-w- c:\windows\system32\foovooquamag.exe
2011-05-17 19:23 . 2011-06-06 17:11 -------- d-----w- c:\program files\DivX
2011-05-17 19:21 . 2011-06-06 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-05-17 19:10 . 2011-06-06 17:26 -------- d-----w- c:\program files\Real
2011-05-17 08:43 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-16 14:12 . 2011-05-16 14:12 -------- d-----w- c:\program files\Veetle
2011-05-16 12:05 . 2011-05-16 12:05 -------- d-----w- c:\program files\FreeZ Online TV
2011-05-16 12:00 . 2011-06-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\program files\AVAST Software
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 07:29 . 2011-06-06 15:47 -------- d-----w- c:\windows\ServicePackFiles
2011-05-15 20:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-15 20:04 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-05-15 20:04 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 16:01 . 2011-05-08 16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-14 16:26 . 2011-05-12 14:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
c:\documents and settings\nikola\Start Menu\Programs\Startup\
g3iiduupggb.exe [2011-4-26 39936]
lccxoojaavm.exe [2011-4-26 39936]
o1efk86w81.exe [2011-4-26 39936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-17 03:33 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-01-27 06:57 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-01-21 14:06 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-07-14 19:37 138584 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-25 20:06 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/8/2011 6:01 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 10:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/6/2011 10:19 PM 307928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/3/2004 3:44 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2011 10:19 PM 19544]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [5/15/2011 8:48 PM 252784]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/23/2011 3:38 PM 63088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/24/2011 9:35 PM 6650752]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [4/24/2011 4:32 PM 3221120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2011 3:39 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [5/15/2011 8:48 PM 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: Interfaces\{5CC8D970-3434-45F1-9CFB-05FE01B9A096}: NameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\documents and settings\nikola\Application Data\Mozilla\Firefox\Profiles\s6zub8do.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 01:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2776)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe
.
**************************************************************************
.
Completion time: 2011-06-08 01:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-07 23:55
ComboFix2.txt 2011-06-07 16:52
ComboFix3.txt 2011-06-06 18:52
.
Pre-Run: 194,625,777,664 bytes free
Post-Run: 194,629,238,784 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - E50D9C30A0DBF87D30FF0ADF82C3E109
|
|
|
|
|
Poslao: 07 Jun 2011 03:28
|
offline
- Springfield
- Moderator foruma
- 100%Milanista
- Information Technology
- Pridružio: 23 Avg 2008
- Poruke: 2634
- Gde živiš: Milan, Italy
|
Korak 1:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File "c:\windows\system32\suzassop.exe" deleted successfully.
File "c:\windows\system32\foovooquamag.exe" deleted successfully.
File "c:\documents and settings\nikola\Start Menu\Programs\Startup\g3iiduupggb.exe" deleted successfully.
File "c:\documents and settings\nikola\Start Menu\Programs\Startup\lccxoojaavm.exe" deleted successfully.
File "c:\documents and settings\nikola\Start Menu\Programs\Startup\o1efk86w81.exe" deleted successfully.
File "c:\windows\pss\0fbww6i.exeStartup" deleted successfully.
File "c:\windows\pss\60zffvb.exeStartup" deleted successfully.
File "c:\windows\pss\70zvqq6.exeStartup" deleted successfully.
File "c:\windows\pss\f0lhcc6oo.exeStartup" deleted successfully.
File "c:\windows\pss\jj2f0bg97.exeStartup" deleted successfully.
File "c:\windows\pss\u3q69sdd.exeStartup" deleted successfully.
File "c:\windows\pss\u3wwrii9o1k.exeStartup" deleted successfully.
File "c:\windows\pss\vqwchs9ok.exeStartup" deleted successfully.
File "c:\windows\pss\y0zf5wwmns.exeStartup" deleted successfully.
File "c:\windows\pss\y6o8avlmh.exeStartup" deleted successfully.
File "c:\windows\pss\yy6kk6ww6.exeStartup" deleted successfully.
File "c:\windows\pss\zqqlccx2.exeStartup" deleted successfully.
Completed script processing.
*******************
Finished! Terminate.
Korak 2:
ComboFix 11-06-06.02 - nikola 06/08/2011 2:59.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1013.720 [GMT 2:00]
Running from: c:\documents and settings\nikola\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))
.
.
2011-06-07 17:29 . 2011-06-07 17:29 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2011-06-07 16:06 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-06-07 16:03 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-06-07 16:03 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-06-07 15:46 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-06-07 15:12 . 2011-06-07 15:12 -------- d-sh--w- c:\documents and settings\nikola\IETldCache
2011-06-07 15:01 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-06-07 15:00 . 2011-02-22 23:06 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-06-07 15:00 . 2011-02-22 23:06 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-06-07 15:00 . 2011-02-22 23:06 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-06-07 14:57 . 2011-06-07 15:00 -------- dc-h--w- c:\windows\ie8
2011-06-07 12:11 . 2011-06-07 12:11 -------- d-----w- c:\documents and settings\nikola\Application Data\Media Player Classic
2011-06-07 11:50 . 2011-03-02 10:43 175616 ----a-w- c:\windows\system32\unrar.dll
2011-06-07 11:50 . 2008-09-24 18:41 839680 ----a-w- c:\windows\system32\lameACM.acm
2011-06-07 11:50 . 2011-03-24 19:28 631808 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-07 11:50 . 2011-03-19 19:00 151552 ----a-w- c:\windows\system32\ac3acm.acm
2011-06-07 11:50 . 2010-11-03 18:08 237568 ----a-w- c:\windows\system32\yv12vfw.dll
2011-06-07 11:50 . 2011-03-29 08:00 80896 ----a-w- c:\windows\system32\ff_vfw.dll
2011-06-07 11:50 . 2011-03-24 19:35 243200 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-07 11:50 . 2011-06-07 11:52 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-06-07 11:03 . 2011-06-07 11:03 7808 ----a-w- c:\windows\system32\drivers\gflmouhid.sys
2011-06-07 10:51 . 2011-06-07 10:51 -------- d-----w- c:\documents and settings\All Users\Uniblue
2011-06-07 10:36 . 2011-06-07 10:44 -------- d-----w- c:\documents and settings\nikola\Application Data\Uniblue
2011-06-07 10:36 . 2011-06-07 10:36 -------- d-----w- c:\program files\Uniblue
2011-06-06 20:19 . 2011-05-10 11:59 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-06 20:19 . 2011-05-10 12:03 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-06-06 20:19 . 2011-05-10 12:02 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-06-06 20:19 . 2011-05-10 11:59 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-06-06 20:19 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-06 20:19 . 2011-05-10 12:02 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-06-06 20:19 . 2011-05-10 12:02 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-06-06 20:18 . 2011-05-10 11:59 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-06-06 20:18 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-06 20:18 . 2011-05-10 12:10 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-06-06 20:15 . 2011-06-08 00:42 -------- d-----w- c:\documents and settings\nikola\Application Data\MCShield
2011-06-06 20:15 . 2011-06-06 20:15 -------- d-----w- c:\program files\MCShield
2011-06-06 18:05 . 2011-06-06 18:44 -------- d-----w- c:\documents and settings\Administrator
2011-06-06 16:43 . 2011-02-17 13:18 455936 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-06-06 16:42 . 2011-06-06 16:42 -------- d-----w- c:\program files\Yamicsoft
2011-06-06 16:23 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-06-06 15:50 . 2008-04-14 03:42 76800 ------w- c:\windows\system32\qutil.dll
2011-06-06 15:46 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-06-06 15:46 . 2008-04-14 03:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-06-06 15:21 . 2011-06-06 15:22 -------- d-----w- C:\b4fc9c3ce687edd38301c03567
2011-06-06 15:00 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2011-06-06 14:30 . 2011-06-06 14:30 -------- d-----w- c:\program files\Common Files\Adobe
2011-06-06 14:20 . 2011-06-06 14:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-06 14:19 . 2011-06-06 14:19 -------- d-----w- c:\documents and settings\nikola\Application Data\Qualys
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\MacSearch_v.1.4.3
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\TrueTransparency
2011-06-05 20:18 . 2011-06-05 20:18 -------- d-----w- c:\program files\Styler
2011-06-03 01:45 . 2011-06-03 01:45 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\PCHealth
2011-06-02 23:23 . 2011-06-02 23:23 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\CyberLink
2011-06-02 21:44 . 2011-06-08 00:57 -------- d-----w- c:\program files\Common Files\Akamai
2011-06-02 21:11 . 2010-10-23 22:56 49664 ----a-w- c:\windows\system32\CamCodec.dll
2011-06-02 21:11 . 2011-06-02 21:11 -------- d-----w- c:\program files\CamStudio 2.6b
2011-06-02 19:41 . 2011-06-02 23:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PDVD
2011-06-02 19:30 . 2011-06-02 19:30 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\MediaServer
2011-06-02 19:28 . 2011-06-02 19:28 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\MediaServer
2011-06-02 08:23 . 2011-06-02 08:23 -------- d-----w- c:\documents and settings\nikola\Application Data\BSplayer Pro
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\windows\system32\XPSViewer
2011-06-02 01:07 . 2011-06-02 01:07 -------- d-----w- c:\program files\MSBuild
2011-06-02 01:06 . 2011-06-02 01:06 -------- d-----w- c:\program files\Reference Assemblies
2011-06-02 01:06 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-06-02 01:05 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-06-02 01:05 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-06-02 01:05 . 2011-06-02 01:06 -------- d-----w- C:\dd895d9eab67ad66bb5394429b8b
2011-06-02 01:01 . 2011-06-02 01:01 -------- d-----w- c:\program files\MSXML 6.0
2011-06-02 00:31 . 2011-06-02 00:31 -------- d-----w- c:\program files\Common Files\CyberLink
2011-06-02 00:28 . 2011-06-02 00:27 29480 ----a-w- c:\windows\system32\msxml3a.dll
2011-05-31 11:27 . 2011-05-31 11:28 -------- d-----w- c:\documents and settings\nikola\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple Computer
2011-05-31 11:27 . 2011-05-31 11:27 -------- d-----w- c:\program files\Safari
2011-05-31 11:26 . 2011-05-31 11:26 -------- d-----w- c:\program files\Common Files\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Apple
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\program files\Apple Software Update
2011-05-31 11:25 . 2011-05-31 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2011-05-30 22:37 . 2011-06-06 17:16 -------- d-----w- c:\documents and settings\nikola\Local Settings\Application Data\Conduit
2011-05-30 07:29 . 2009-08-06 17:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2011-05-30 07:29 . 2009-08-06 17:23 215920 ----a-w- c:\windows\system32\muweb.dll
2011-05-29 13:25 . 2011-05-29 13:25 -------- d-----w- c:\program files\Microsoft Silverlight
2011-05-27 19:34 . 2011-06-04 09:54 -------- d-----w- c:\program files\Counter-Strike Xtreme V5
2011-05-27 19:18 . 2011-05-27 19:22 -------- d-----w- c:\program files\Tennis Elbow
2011-05-27 18:36 . 2011-06-02 18:30 -------- d-----w- c:\program files\Tennis Elbow 2006
2011-05-25 21:55 . 2011-05-25 21:55 -------- d-----w- c:\program files\Common Files\Java
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-25 21:54 . 2011-05-25 21:54 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-25 21:54 . 2011-05-25 21:54 -------- d-----w- c:\program files\Java
2011-05-25 20:42 . 2011-05-25 22:04 -------- d-----w- c:\program files\JDownloader
2011-05-25 20:06 . 2011-05-25 20:06 -------- d-----w- c:\program files\uTorrent
2011-05-25 20:05 . 2011-06-06 12:45 -------- d-----w- c:\documents and settings\nikola\Application Data\uTorrent
2011-05-25 19:34 . 2011-02-22 23:06 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-05-25 19:34 . 2011-02-22 23:06 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-05-25 19:34 . 2011-02-22 23:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-05-25 19:34 . 2010-04-16 13:24 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe
2011-05-25 19:34 . 2009-03-08 02:31 59904 -c--a-w- c:\windows\system32\dllcache\icardie.dll
2011-05-25 19:34 . 2009-03-08 02:11 445952 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dll
2011-05-25 19:34 . 2009-02-06 19:07 3698584 -c--a-w- c:\windows\system32\dllcache\ieapfltr.dat
2011-05-25 19:34 . 2011-02-22 23:06 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-05-25 16:44 . 2011-05-25 16:45 -------- d-----w- c:\program files\vShare.tv plugin
2011-05-25 14:12 . 2011-05-25 14:12 -------- d-----w- c:\documents and settings\nikola\Application Data\DivX
2011-05-17 19:23 . 2011-06-06 17:11 -------- d-----w- c:\program files\DivX
2011-05-17 19:21 . 2011-06-06 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2011-05-17 19:10 . 2011-06-06 17:26 -------- d-----w- c:\program files\Real
2011-05-17 08:43 . 2011-03-04 19:44 126448 ------w- c:\windows\system32\pxinsi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 123888 ------w- c:\windows\system32\pxcpyi64.exe
2011-05-17 08:43 . 2011-03-04 19:44 59888 ------w- c:\windows\system32\pxwma.dll
2011-05-16 14:12 . 2011-05-16 14:12 -------- d-----w- c:\program files\Veetle
2011-05-16 12:05 . 2011-05-16 12:05 -------- d-----w- c:\program files\FreeZ Online TV
2011-05-16 12:00 . 2011-06-06 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\program files\AVAST Software
2011-05-16 11:37 . 2011-06-06 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-05-16 07:29 . 2011-06-06 15:47 -------- d-----w- c:\windows\ServicePackFiles
2011-05-15 20:30 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-05-15 20:04 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-05-15 20:04 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-05-15 20:04 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2011-05-15 20:04 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-08 16:01 . 2011-05-08 16:01 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr
2011-04-14 16:26 . 2011-05-12 14:37 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23 1385864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield"="c:\program files\MCShield\MCShieldRTM.exe" [2011-03-26 262144]
"MCShieldTray"="c:\program files\MCShield\MCShieldTray.exe" [2010-11-04 73728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S6000Mnt]
S6000Rmv.dll [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-06-17 03:32 173592 ----a-w- c:\windows\system32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-06-17 03:33 141336 ----a-w- c:\windows\system32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-06-17 03:32 141336 ----a-w- c:\windows\system32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerSuite]
2011-01-27 06:57 67448 ----a-w- c:\program files\Uniblue\PowerSuite\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2010-03-12 21:53 19521056 ----a-w- c:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedUpMyPC]
2011-01-21 14:06 67960 ----a-w- c:\program files\Uniblue\SpeedUpMyPC\Launcher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-01-07 11:12 253672 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UIExec]
2010-07-14 19:37 138584 ----a-w- c:\program files\Join Air\UIExec.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-05-25 20:06 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-03-22 18:37 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Counter-Strike Xtreme V5\\hl.exe"=
"c:\\Program Files\\Mozilla Firefox\\plugin-container.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/8/2011 6:01 PM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 10:19 PM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/6/2011 10:19 PM 307928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [9/3/2004 3:44 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/6/2011 10:19 PM 19544]
R2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe [5/15/2011 8:48 PM 252784]
R2 WMCoreService;Mobile Broadband Service;c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode --> c:\program files\Mobile Broadband drivers\WMCore\WMCore.exe servicemode [?]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [4/23/2011 3:38 PM 63088]
R3 NETwNx32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwNx32.sys [4/24/2011 9:35 PM 6650752]
R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\drivers\S6000KNT.sys [4/24/2011 4:32 PM 3221120]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [4/24/2011 3:39 AM 1691480]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [4/26/2011 1:10 PM 136176]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [5/15/2011 8:48 PM 9216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-26 11:09]
.
2011-06-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-05-26 13:23]
.
.
------- Supplementary Scan -------
.
IE: &Download All using 4shared Desktop
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\nikola\Application Data\Mozilla\Firefox\Profiles\s6zub8do.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431400&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-08 03:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2011-06-08 03:25:30
ComboFix-quarantined-files.txt 2011-06-08 01:25
ComboFix2.txt 2011-06-07 23:55
ComboFix3.txt 2011-06-07 16:52
ComboFix4.txt 2011-06-06 18:52
.
Pre-Run: 194,631,176,192 bytes free
Post-Run: 194,415,783,936 bytes free
.
Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 809BB50193748756D1719485A8E47388
|
|
|
|
Poslao: 07 Jun 2011 06:01
|
offline
- 1l padr1n0
- Anti Malware Fighter
Rank 2
- Pridružio: 02 Feb 2008
- Poruke: 14018
- Gde živiš: Nish
|
Preuzmi program SystemLook sa ovog ili ovog linka na Desktop;
Dvoklikom pokreni SystemLook;
- U beli okvir prozora iskopirati sledeći tekst:
:dir
c:\windows\pss
c:\documents and settings\nikola\Start Menu\Programs\Startup
Klikni taster Look;
Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.
Preuzmi aswMBR i sacuvaj ga na Desktop.
Dvoklikom pokreni aswMBR.
Klikni na Scan.
Kada zavrsi skeniranje, klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.
Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe
Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;
a zatim klikni Finish.
Nakon završenog ažuriranja program će se pokrenuti.
Izaberi opciju Perform Quick Scan i klikni Scan.
Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.
Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.
Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).
Ukoliko zelis da ti prekontrolisem USB mem. uredjaje ...
- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save scrambled log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.
Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.
Kakvo je stanje sistema?
goran9888 (AMF Tim)
|
|
|
|