MyCity » Ambulanta -> Arhiva Ambulante » Komplet pregled

Komplet pregled

Napisano na dan: 26.8.2012

Komplet pregled
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Avg 2012 21:05
Idi na vrh
offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Ima mi drug problena sa računarom. Od kad ga je nabavio nije ga konteoliso . I sada su iskrsli problemi... stopanje ima puno zastarjelih programa stopa net.... ima i virusa..


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.6.2
Run by EP at 16:29:31 on 2012-08-26
.
============== Running Processes ===============
.
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\SocialSay\ExtensionUpdaterService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SocialSay\ExtensionUpdaterService.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\TeamViewer\Version7\TeamViewer.exe
C:\Program Files\TeamViewer\Version7\tv_w32.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Opera\opera.exe
c:\program files\teamviewer\version7\TeamViewer_Desktop.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Documents and Settings\EP\Desktop\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
uStart Page = hxxp://domredi.com/1/
uSearch Page =
uSearch Bar =
mDefault_Page_URL = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
mLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
mStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant =
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,userinit.exe
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live pomagaè za prijavljivanje: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Expresso: {a6629839-6636-4998-95d6-2b0f52141861} - c:\program files\socialsay\Extension32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: RadioBar Toolbar: {5b291e6c-9a74-4034-971b-a4b007a0b315} -
TB: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - No File
EB: {bdea95cf-f0e6-41e0-bd3d-b00f39a4e939} - ShopperReports
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [<NO NAME>]
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusear.....2009122217
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\ep\application data\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\ep\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.20
TCP: Interfaces\{0E6E70AF-F53C-4862-B434-88E5B91FA0A6} : DhcpNameServer = 192.168.1.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\windowsupdate.com
Hosts: 66.98.148.65 auto.search.msn.com
Hosts: 66.98.148.65 auto.search.msn.es
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\ep\application data\mozilla\firefox\profiles\vgmttski.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ZTV&o=14502&locale=en_EU&apn_uid=A26CB608-CABA-4B64-AC5E-65BBFE12B631&apn_ptnrs=T5&apn_sauid=C4161044-DFA6-4452-85A5-65F1F0F4E26E&apn_dtid=YYYYYYYYRS&&q=
FF - plugin: c:\documents and settings\ep\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\ep\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\ep\application data\mozilla\firefox\profiles\vgmttski.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ep\application data\mozilla\firefox\profiles\vgmttski.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\plugins\np-mswmp.dll
FF - plugin: c:\documents and settings\ep\local settings\application data\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\documents and settings\ep\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\ep\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\opera\program\plugins\npdrmv2.dll
FF - plugin: c:\program files\opera\program\plugins\NPJPI142_05.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.softonic_i.newTab - false
FF - user.js: extensions.softonic_i.tlbrSrchUrl - hxxp://search.softonic.com/MON00006/tb_v1?SearchSource=1&cc=&q=
FF - user.js: extensions.softonic_i.id - e4a4fab3000000000000001a92d9e8ed
FF - user.js: extensions.softonic_i.instlDay - 15400
FF - user.js: extensions.softonic_i.vrsn - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsni - 1.5.11.5
FF - user.js: extensions.softonic_i.vrsnTs - 1.5.11.511:49:52
FF - user.js: extensions.softonic_i.prtnrId - softonic
FF - user.js: extensions.softonic_i.prdct - softonic
FF - user.js: extensions.softonic_i.aflt - SD
FF - user.js: extensions.softonic_i.smplGrp - eng7
FF - user.js: extensions.softonic_i.tlbrId - en12JANdefault_chrome
FF - user.js: extensions.softonic_i.instlRef - MON00006
FF - user.js: extensions.softonic_i.dfltLng -
FF - user.js: extensions.softonic_i.excTlbr - false
.
============= SERVICES / DRIVERS ===============
.
R? cpuz135;cpuz135
R? fsssvc;Usluga Windows Live Porodi
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google
R? NEWDRIVER;NEWDRIVER
R? Pasacdmnchrn;Pasacdmnchrn
R? SkypeUpdate;Skype Updater
S? aswFsBlk;aswFsBlk
S? aswFW;avast! TDI Firewall driver
S? aswKbd;aswKbd
S? aswNdis;avast! Firewall NDIS Filter Service
S? aswNdis2;avast! Firewall Core Firewall Service
S? aswSnx;aswSnx
S? aswSP;aswSP
S? avast! Antivirus;avast! Antivirus
S? avast! Firewall;avast! Firewall
S? Expresso Updater;Expresso Updater
S? fssfltr;fssfltr
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? S3GIGP;S3GIGP
S? SocialSay Updater;SocialSay Updater
S? xfilt;VIA SATA IDE Hot-plug Driver
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-08-26 13:58:08 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 08:55:32 -------- d-----w- c:\documents and settings\ep\local settings\application data\Sun
2012-08-24 18:31:19 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-21 09:15:34 558133 ----a-w- c:\windows\system32\sqlite3.dll
2012-08-11 13:53:03 -------- d-----w- C:\askola
2012-08-11 13:53:01 -------- d-----w- c:\program files\aSkola
2012-08-08 16:34:01 -------- d-----w- c:\documents and settings\ep\local settings\application data\Facebook
2012-08-04 18:33:44 1409 ----a-w- c:\windows\QTFont.for
.
==================== Find3M ====================
.
2012-08-24 18:30:42 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-24 18:30:38 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13:14 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13:13 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 20:33:54 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
2012-06-16 12:05:48 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
.
============= FINISH: 16:39:45,31 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Poslao: 27 Avg 2012 09:23
Idi na vrh
offline
  • Pridružio: 04 Jul 2011
  • Poruke: 5424

Pozdrav, šemahenry23.



Arrow Idi u Start - Control Panel - Add or Remove Programs. Tu deinstaliraj sledeće:

Conduit Engine
ZiggyTV Toolbar
ZiggyTV Toolbar Updater

Takođe deinstaliraj i sve aplikacije koje ne koristiš.




Arrow Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.








Ivance95 (AMF Tim)

Poslao: 28 Avg 2012 23:21
Idi na vrh
offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Napisano: 28 Avg 2012 1:49

Orisali smo...



ComboFix 12-08-25.04 - EP 28.08.2012 0:20.1.1 - x86
Running from: c:\documents and settings\EP\Desktop\ComboFix.exe
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Internet Security 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: avast! Internet Security *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: AVG Internet Security 2012 *Enabled* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\5dc251b83daa48739168bc9f29b51e51_c
c:\documents and settings\All Users\Application Data\QueryBrowser
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\documents and settings\All Users\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\documents and settings\EP\Application Data\inst.exe
c:\documents and settings\EP\Application Data\PriceGong
c:\documents and settings\EP\Application Data\PriceGong\Data\1.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\a.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\b.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\c.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\d.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\e.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\f.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\g.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\h.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\i.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\J.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\k.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\l.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\m.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\n.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\o.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\p.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\q.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\r.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\s.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\t.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\u.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\v.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\w.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\x.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\y.xml
c:\documents and settings\EP\Application Data\PriceGong\Data\z.xml
c:\documents and settings\EP\Application Data\ShoppingReport2
c:\documents and settings\EP\Application Data\ShoppingReport2\cs\Config.xml
c:\documents and settings\EP\Application Data\ShoppingReport2\cs\db\Aliases.dbs
c:\documents and settings\EP\Application Data\ShoppingReport2\cs\db\Sites.dbs
c:\documents and settings\EP\Application Data\ShoppingReport2\cs\report\aggr_storage.xml
c:\documents and settings\EP\Application Data\ShoppingReport2\cs\report\send_storage.xml
c:\documents and settings\EP\Application Data\Toolbar4
c:\documents and settings\EP\Application Data\vso_ts_preview.xml
c:\documents and settings\EP\WINDOWS
C:\prefs.js
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\00B04F8F.swf
c:\program files\FunWebProducts\ScreenSaver\Cache\00EF9995.jpg
c:\program files\FunWebProducts\ScreenSaver\Cache\00F5AD3F
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\00329FC7.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0073A623.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00AF0CBE.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00B0B9C2.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00B22A2B.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00EAA41D.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00EF8D22.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00EFB7BC.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00F6204D.dat
c:\program files\FunWebProducts\ScreenSaver\Images\00F74237.dat
c:\program files\FunWebProducts\ScreenSaver\Images\0135F59C.dat
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\0073A623.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\101x135\00EFB7BC.jpg
c:\program files\FunWebProducts\ScreenSaver\Images\f3wallpp.bmp
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\003DBA2F.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}
c:\program files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\chrome\querybrowser.jar
c:\program files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{2B52746B-CDBB-49A6-A80D-912BC6636A6C}\install.rdf
c:\program files\Mozilla Firefox\extensions\flvtube@flvtube.com
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\3.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\3.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\4.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\5.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\5.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\5.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\5.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\5.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\5.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\5.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\5.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\5.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\5.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\5.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\5.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\5.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\5.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\5.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\5.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\5.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\5.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\5.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\5.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\6.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\8.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\9.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0044DA19.bin
c:\program files\MyWebSearch\bar\Cache\0044DC1C.bin
c:\program files\MyWebSearch\bar\Cache\0044DE5F.bin
c:\program files\MyWebSearch\bar\Cache\004F6A23
c:\program files\MyWebSearch\bar\Cache\0052C5E1
c:\program files\MyWebSearch\bar\Cache\006DC263.bin
c:\program files\MyWebSearch\bar\Cache\00E9BE32
c:\program files\MyWebSearch\bar\Cache\00E9D4E6
c:\program files\MyWebSearch\bar\Cache\00E9D999.bin
c:\program files\MyWebSearch\bar\Cache\00E9DC58.bin
c:\program files\MyWebSearch\bar\Cache\00E9E0BD.bin
c:\program files\MyWebSearch\bar\Cache\00E9E428.bin
c:\program files\MyWebSearch\bar\Cache\01031580.bin
c:\program files\MyWebSearch\bar\Cache\011BC41A.bin
c:\program files\MyWebSearch\bar\Cache\011BCA73.bin
c:\program files\MyWebSearch\bar\Cache\011BCC77.bin
c:\program files\MyWebSearch\bar\Cache\011BCDDE.bin
c:\program files\MyWebSearch\bar\Cache\011BE0BA
c:\program files\MyWebSearch\bar\Cache\011C0327
c:\program files\MyWebSearch\bar\Cache\011C0D97
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\firefox\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\firefox\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\firefox\INSTALL.RDF
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\8_step1.gif
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\bkwebfet.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\bkzwinky.jpg
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn2r.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3d.png
c:\program files\MyWebSearch\bar\Message\COMMON\blubtn3r.png
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\logo_ZJ.png
c:\program files\MyWebSearch\bar\Message\COMMON\logo_ZR.png
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\reb_bg.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebbtnbg.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebbtnn1.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebbtnn2.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebbtny1.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebbtny2.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebclose.png
c:\program files\MyWebSearch\bar\Message\COMMON\rebut.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut2.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut3.htm
c:\program files\MyWebSearch\bar\Message\COMMON\rebut3b.htm
c:\program files\MyWebSearch\bar\Message\COMMON\repmidsm.png
c:\program files\MyWebSearch\bar\Message\COMMON\shield.png
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat
c:\program files\MyWebSearch\bar\Settings\s_FeatCk.dat.bak
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\QueryBrowser
c:\program files\RelevantKnowledge
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\MSVCP71.DLL
c:\program files\RelevantKnowledge\MSVCR71.DLL
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\shfscp.dat
c:\program files\ShoppingReport2
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\windows\admintxt.txt
c:\windows\iun6002.exe
c:\windows\recover.reg
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5d08bc5448fbd818.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\DEBUG.log
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\sqlite3.dll
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\wt
.
.
((((((((((((((((((((((((( Files Created from 2012-07-27 to 2012-08-27 )))))))))))))))))))))))))))))))
.
.
2012-08-27 16:30 . 2012-08-24 18:30 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-27 13:47 . 2012-08-27 13:47 -------- d-----w- c:\program files\Common Files\Skype
2012-08-27 13:47 . 2012-08-27 13:47 -------- d-----r- c:\program files\Skype
2012-08-26 22:43 . 2012-08-26 23:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:40 . 2012-08-26 15:40 -------- d-----w- c:\program files\VS Revo Group
2012-08-26 15:16 . 2012-08-26 15:16 -------- d-----w- c:\program files\Defraggler
2012-08-26 13:58 . 2012-08-26 23:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 15:07 . 2012-08-25 15:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentControl2
2012-08-25 08:55 . 2012-08-25 08:55 -------- d-----w- c:\documents and settings\EP\Local Settings\Application Data\Sun
2012-08-24 18:31 . 2012-08-24 18:30 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-24 17:55 . 2012-08-24 17:55 -------- d-----w- c:\program files\Common Files\Apple
2012-08-24 17:54 . 2012-08-24 17:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2012-08-11 13:53 . 2012-08-11 13:53 -------- d-----w- C:\askola
2012-08-11 13:53 . 2012-08-11 13:53 -------- d-----w- c:\program files\aSkola
2012-08-08 16:34 . 2012-08-08 21:43 -------- d-----w- c:\documents and settings\EP\Local Settings\Application Data\Facebook
2012-08-04 18:33 . 2012-08-04 18:33 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 18:30 . 2012-06-16 12:07 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 18:30 . 2011-09-05 16:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-07-02 13:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-02 13:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-02 13:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-02 13:43 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-07-02 13:43 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2012-07-02 13:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-07-02 13:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-07-02 13:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-07-02 13:43 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-07-02 13:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-07-02 13:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-07-02 13:11 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-02 13:11 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2011-06-25 22:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 20:33 . 2012-07-02 13:42 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Raketa Krstarice.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Raketa Krstarice.lnk
backup=c:\windows\pss\Raketa Krstarice.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^EP^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\EP\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-08-08 21:32 138096 ----atw- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 22:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
2006-08-14 02:51 352256 ------w- c:\windows\system32\JMRaidTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 22:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2006-07-10 18:33 176128 ------w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 22:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 01:11 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-08-03 06:53 53248 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FlvTube Toolbar Helper"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_05\bin\jusched.exe
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"GhostStartTrayApp"=c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"tcomantidialerrun"=c:\program files\T-Com Antidialer\T-Com Antidialer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Documents and Settings\\EP\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2.7.2012 15:42 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2.7.2012 15:43 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2.7.2012 15:43 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2.7.2012 15:43 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.7.2012 15:13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.7.2012 15:13 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.7.2012 15:13 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2.7.2012 15:42 133912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.6.2011 0:18 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.6.2011 0:18 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.12.2009 19:34 135664]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\WinVDEdrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S2 SocialSay Updater;SocialSay Updater;c:\program files\SocialSay\ExtensionUpdaterService.exe --> c:\program files\SocialSay\ExtensionUpdaterService.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.8.2012 0:43 250056]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16.3.2011 11:44 47360]
S4 Pasacdmnchrn;Pasacdmnchrn;c:\windows\system32\drivers\pxhelp20.sys [8.7.2006 0:12 45648]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 23:45]
.
2012-08-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 09:12]
.
2012-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-1788223648-839522115-1003Core.job
- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:32]
.
2012-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-1788223648-839522115-1003UA.job
- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:32]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:34]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:34]
.
2012-08-27 c:\windows\Tasks\User_Feed_Synchronization-{25DB7D09-59B9-4B29-810C-77BB6F5A5BEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
uStart Page = hxxp://domredi.com/1/
mLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
mStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\EP\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\EP\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.20
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{872b5b88-9db5-4310-bdd0-ac189557e5f5} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
SafeBoot-WinFLAdrv.sys
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
MSConfigStartUp-FLBackup - c:\program files\NewSoftware's\Folder Lock\FLComServCtrl.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-Raketa-veza - c:\program files\Raketa Krstarice\raketa-veza.exe
MSConfigStartUp-SlipStream - c:\program files\Raketa Krstarice\raketa-core.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-28 00:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1788223648-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-08-28 00:49:15
ComboFix-quarantined-files.txt 2012-08-27 22:48
.
Pre-Run: 21.576.339.456 bytes free
Post-Run: 21.633.028.096 bytes free
.
- - End Of File - - 42E45B0AD622C0427A2A9F11C02C0600




https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

Dopuna: 28 Avg 2012 18:12

--------------------------------

Dopuna: 28 Avg 2012 23:21

--------------------
?

Poslao: 28 Avg 2012 23:29
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Pozdrav,
Kolega je trenutno sprecen da nastavi te cu ga ja odmeniti.

Arrow Prvo iz control panela deinstaliraj:
uTorrentControl2 Toolbar

Potom...

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


SecCenter::
{17DDD097-36FF-435F-9E1B-52D74245D6BF}

ClearJavaCache::

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

Folder::
c:\program files\uTorrentControl2
c:\program files\SocialSay

Driver::
SocialSay Updater

DDS::
uLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
uStart Page = hxxp://domredi.com/1/
mLocal Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5
mStart Page = hxxp://flvtubesearch.co/?tmp=toolbar_FLVTube_homepage&prt=flvtubetb04ie&clid=b27d8c7e5d904d3cb3ad145a9d685ff9&subid=5045_lm5

RegNull::
[HKEY_USERS\S-1-5-21-746137067-1788223648-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 29 Avg 2012 20:16
Idi na vrh
offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

ComboFix 12-08-28.03 - EP 29.08.2012 18:54:46.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.446.93 [GMT 2:00]
Running from: c:\documents and settings\EP\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\EP\Desktop\CFScript.txt
AV: avast! Internet Security *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Internet Security *Enabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SOCIALSAY_UPDATER
-------\Service_SocialSay Updater
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-29 )))))))))))))))))))))))))))))))
.
.
2012-08-28 19:37 . 2012-08-28 19:37 -------- d-----w- c:\program files\Conduit
2012-08-28 19:33 . 2012-08-28 19:33 -------- d-----w- c:\program files\uTorrent
2012-08-28 19:32 . 2012-08-29 11:02 -------- d-----w- c:\documents and settings\EP\Application Data\uTorrent
2012-08-27 16:30 . 2012-08-24 18:30 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-27 13:47 . 2012-08-27 13:47 -------- d-----w- c:\program files\Common Files\Skype
2012-08-27 13:47 . 2012-08-27 13:47 -------- d-----r- c:\program files\Skype
2012-08-26 22:43 . 2012-08-26 23:45 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-26 15:40 . 2012-08-26 15:40 -------- d-----w- c:\program files\VS Revo Group
2012-08-26 15:16 . 2012-08-26 15:16 -------- d-----w- c:\program files\Defraggler
2012-08-26 13:58 . 2012-08-26 23:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-25 15:07 . 2012-08-25 15:07 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentControl2
2012-08-25 08:55 . 2012-08-25 08:55 -------- d-----w- c:\documents and settings\EP\Local Settings\Application Data\Sun
2012-08-11 13:53 . 2012-08-11 13:53 -------- d-----w- C:\askola
2012-08-11 13:53 . 2012-08-11 13:53 -------- d-----w- c:\program files\aSkola
2012-08-08 16:34 . 2012-08-08 21:43 -------- d-----w- c:\documents and settings\EP\Local Settings\Application Data\Facebook
2012-08-04 18:33 . 2012-08-04 18:33 1409 ----a-w- c:\windows\QTFont.for
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-24 18:30 . 2012-08-24 18:31 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-24 18:30 . 2012-06-16 12:07 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-24 18:30 . 2011-09-05 16:17 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2012-07-02 13:13 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2012-07-02 13:13 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2012-07-02 13:13 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2012-07-02 13:43 202928 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2012-08-21 09:13 . 2012-07-02 13:43 18544 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-08-21 09:13 . 2012-07-02 13:13 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2012-07-02 13:13 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-21 09:13 . 2012-07-02 13:13 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-21 09:13 . 2012-07-02 13:43 113776 ----a-w- c:\windows\system32\drivers\aswFW.sys
2012-08-21 09:13 . 2012-07-02 13:13 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:13 . 2012-07-02 13:13 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-21 09:12 . 2012-07-02 13:11 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2012-07-02 13:11 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 11:46 . 2011-06-25 22:18 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-27 20:33 . 2012-07-02 13:42 12112 ----a-w- c:\windows\system32\drivers\aswNdis.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-27_22.42.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-11-03 01:03 . 2012-08-27 22:53 345016 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Raketa Krstarice.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Raketa Krstarice.lnk
backup=c:\windows\pss\Raketa Krstarice.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^EP^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\EP\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-08-08 21:32 138096 ----atw- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-10-27 22:21 61952 ------w- c:\windows\system32\HdAShCut.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X Configure]
2006-08-14 02:51 352256 ------w- c:\windows\system32\JMRaidTool.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-08-03 22:56 1667584 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\S3Trayp]
2006-07-10 18:33 176128 ------w- c:\windows\system32\S3Trayp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2005-09-07 22:35 716800 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
2005-05-20 01:11 925696 ----a-r- c:\program files\Analog Devices\Core\smax4pnp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 07:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2006-08-03 06:53 53248 ------w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"FlvTube Toolbar Helper"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_05\bin\jusched.exe
"InCD"=c:\program files\Nero\Nero 7\InCD\InCD.exe
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"NeroFilterCheck"=c:\windows\system32\NeroCheck.exe
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"GhostStartTrayApp"=c:\program files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
"tcomantidialerrun"=c:\program files\T-Com Antidialer\T-Com Antidialer.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Documents and Settings\\EP\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
"c:\\Program Files\\ACSPMonitor\\ASMonitor.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
R0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\drivers\aswNdis.sys [2.7.2012 15:42 12112]
R0 aswNdis2;avast! Firewall Core Firewall Service;c:\windows\system32\drivers\aswNdis2.sys [2.7.2012 15:43 202928]
R1 aswFW;avast! TDI Firewall driver;c:\windows\system32\drivers\aswFW.sys [2.7.2012 15:43 113776]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2.7.2012 15:43 18544]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2.7.2012 15:13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2.7.2012 15:13 355632]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2.7.2012 15:13 21256]
R2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2.7.2012 15:42 133912]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [26.6.2011 0:18 655944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [26.6.2011 0:18 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25.12.2009 19:34 135664]
S2 NEWDRIVER;NEWDRIVER;\??\c:\windows\system32\WinVDEdrv6.sys --> c:\windows\system32\WinVDEdrv6.sys [?]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13.7.2012 13:28 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [27.8.2012 0:43 250056]
S3 cpuz135;cpuz135;\??\c:\windows\TEMP\cpuz135\cpuz135_x32.sys --> c:\windows\TEMP\cpuz135\cpuz135_x32.sys [?]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [16.3.2011 11:44 47360]
S4 Pasacdmnchrn;Pasacdmnchrn;c:\windows\system32\drivers\pxhelp20.sys [8.7.2006 0:12 45648]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-26 23:45]
.
2012-08-29 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-07-02 09:12]
.
2012-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-1788223648-839522115-1003Core.job
- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:32]
.
2012-08-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-746137067-1788223648-839522115-1003UA.job
- c:\documents and settings\EP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2012-08-08 21:32]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:34]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-25 17:34]
.
2012-08-29 c:\windows\Tasks\User_Feed_Synchronization-{25DB7D09-59B9-4B29-810C-77BB6F5A5BEE}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.adobe.com/
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube Download - c:\documents and settings\EP\Application Data\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\documents and settings\EP\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.20
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre7\bin\jusched.exe
MSConfigStartUp-APSDaemon - c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-29 19:45
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-746137067-1788223648-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2560)
c:\windows\system32\WININET.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\msls31.dll
c:\program files\Common Files\Microsoft Shared\INK\SKCHUI.DLL
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-08-29 19:55:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-29 17:55
ComboFix2.txt 2012-08-27 22:49
.
Pre-Run: 19.199.430.656 bytes free
Post-Run: 19.939.692.544 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 77A065E2FC91FC87D30BCD6048E900D3





https://www.mycity.rs/must-login.png

Poslao: 29 Avg 2012 20:45
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Ovde nema aktivnog malware-a.

Mozes obrisati rucno Conduit folder
c:\program files\Conduit


- Privremeno deaktiviraj antivirus.

- Potrebno je deinstalirati ComboFix:

klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.




Mozes obrisati koriscene programe.


-----------------------------------------

Arrow Preporučujem ti da instaliraš Service Pack 3 za
Windows XP. Na taj način ćeš ažurirati operativni sistem i zakrpiti odgovarajuće bezbednosne propuste na računaru. Prednosti su brojne, u odnosu na Service Pack 2, koji trenutno poseduješ.

Idea Preporučujem ti da koristiš program MCShield za zaštitu USB memorijskih uređaja.

Program možeš preuzeti sa OVOG linka. Nakon instalacije programa, priključi USB memorijske uređaje, i oni će biti skenirani. Na kraju skeniranja ćeš dobiti izveštaj da je uređaj čist ili obaveštenje o uklonjenom malware-u.


Idea Takođe, poseti ovu temu da vidiš da li ti je pretraživač ranjiv i instaliraš ažurirane komponente
http://www.mycity.rs/Propusti-i-azuriranja/Testira.....anjiv.html

Poslao: 30 Avg 2012 16:20
Idi na vrh
offline
  • Pridružio: 23 Dec 2011
  • Poruke: 290

Napisano: 30 Avg 2012 14:46

instalirali smo sp 3i mcs shield. sada komp stopa kao lud.

Dopuna: 30 Avg 2012 16:20

-----------

Poslao: 30 Avg 2012 18:51
Idi na vrh
offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6104

Napisano: 30 Avg 2012 18:37

šemahenry23 ::instalirali smo sp 3i mcs shield. sada komp stopa kao lud.

Otvori novu temu u forum Windows i izlozi im situaciju.
Predpostavljam da je problem nastao negde kod instalacije SP3 jer problem nije prouzrokovan malware-om.

Dopuna: 30 Avg 2012 18:51

S'obzirom da ti se problem sa kocenjem ispoljavao i pre instalacije SP3-ke, Windows je pravo mesto za tebe.
Pozdrav.

MyCity » Ambulanta -> Arhiva Ambulante » Komplet pregled

Ko je trenutno na forumu
 

Ukupno su 967 korisnika na forumu :: 25 registrovanih, 4 sakrivenih i 938 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ben Roj, bigfoot, bobomicek, bojan_t, dekan.m, dijica, FOX, galerija, gasha, Georgius, goxin, ivan1973, janbo, kuntalo, laganini123, ljuba, Lošmi, milos.cbr, mocnijogurt, Romibrat, vladulns, wizzardone, x9, ZetaMan, zziko