MyCity » Ambulanta -> Arhiva Ambulante » Provera loga,pokupio sam trojance neke.

Provera loga,pokupio sam trojance neke.

Napisano na dan: 9.7.2009

Provera loga,pokupio sam trojance neke.
Sledeća strana Pagination

Idi na vrh

Poslao: 09 Jul 2009 16:54
Idi na vrh
offline
  • Pridružio: 21 Sep 2008
  • Poruke: 238
  • Gde živiš: Bačka Palanka

PoZz...AVG IS 8.5 mi stalno iyacuje kako je nasao neke infekcije,sto puta sam ih brisao,i sto puta su se vratili,ne ynam kako da ih se resim.Evo prekopirao sam sve koje sam do sad stavio u vault,svi su skoro isti,ali ne mogu da ih rucno pronadjem u System32 folderu.Postavio sam takodje i HT log.
Evo te infekcije:
>POCETAK
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:28"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:27"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:27"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:26"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:25"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:40:23"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:10"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:09"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:09"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:08"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:07"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:06"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:06"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:05"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:04"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:03"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:03"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:02"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:01"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:00"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:39:00"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:38:59"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:38:58"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:38:56"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 16:34:43"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:56:59"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:56:56"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:56:47"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:56:26"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:56:23"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:06"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:05"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:04"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:04"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:02"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:55:02"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:54:59"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:53:08"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:53:04"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:53:03"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:53:02"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:59"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:39"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:30"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:28"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:28"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:27"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:26"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:25"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:24"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:23"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:23"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:22"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:21"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:20"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:19"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:18"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:17"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:16"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:15"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:15"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:14"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:13"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:12"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:11"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:11"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:10"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:09"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:08"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:07"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:06"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:06"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:05"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:52:04"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 13:51:59"
"Infection";"Trojan horse Generic_r.CD";"C:\Windows\winsys.exe";"";"9.7.2009, 13:51:46"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 12:08:14"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:51:11"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:44:34"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:44:34"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:44:33"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:43:10"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:37"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:37"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:36"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:36"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:35"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:27"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:27"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:26"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:41:24"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:50"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:49"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:48"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:47"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:46"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:39"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:40:37"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:49"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:49"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:48"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:48"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:48"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:39"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:39"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:38"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:37"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:36"
"Infection";"Trojan horse BackDoor.Generic11.ZNE";"C:\Windows\System32\SKYNETdmxhiaau.dll";"";"9.7.2009, 2:39:34"
"Infection";"Virus identified Worm/VB.EZP";"D:\Downloads\Daemon Tools Pro Activation (zabranjeno).exe";"";"6.7.2009, 13:58:12"
"Infection";"Trojan horse FakeAlert.LG";"C:\Windows\Temp\ujmwkfwwlg.exe";"";"6.7.2009, 13:24:13"
"Infection";"Trojan horse FakeAlert.LG";"C:\Windows\Temp\dhfshpheef.exe";"";"6.7.2009, 13:18:56"
"Infection";"Trojan horse FakeAlert.LG";"C:\Windows\Temp\yadfgxlqof.exe";"";"6.7.2009, 13:13:33"
"Infection";"Trojan horse FakeAlert.LG";"C:\Windows\Temp\rhoqldcxij.exe";"";"6.7.2009, 13:08:14"
"Infection";"Trojan horse FakeAlert.LG";"C:\Windows\Temp\rvcyxgqdld.exe";"";"6.7.2009, 13:03:03"
"Infection";"Trojan horse Dropper.Generic.ARTZ.dropper";"C:\Users\Stefan\Downloads\WinRAR_3.80_Professional\winrar380pro.exe";"";"5.7.2009, 15:03:11"
"Infection";"Virus found Win32/Heur";"C:\Windows\System32\SKYNETxspuhnvl.dll";"";"4.7.2009, 21:50:09"
"Infection";"Virus found Win32/Heur";"C:\Windows\System32\SKYNETpimfplvr.dll";"";"4.7.2009, 21:49:20"
>KRAJ
/////////////////////////////////////////////////////////////////////////////////////
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:43:59, on 9.7.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248-)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Stefan\Desktop\New Folder\TR3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 91.121.97.18 thepiratebay.org
O1 - Hosts: 91.121.97.18 www.thepiratebay.org
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [syswin] winsys.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: santa.bat
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Iz&vezi u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Preuzmi odabrano Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Preuzmi sa Free Download Managerom - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Preuzmi sve sa Free Download Manager-om - file://C:\Program Files\Free Download Manager\dlall.htm
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{129B3AA6-C7FF-4F45-B416-7C3A024079EB}: NameServer = 89.216.64.8
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport Manager\client32.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 5194 bytes

Poslao: 09 Jul 2009 17:15
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Poslao: 09 Jul 2009 17:52
Idi na vrh
offline
  • Pridružio: 21 Sep 2008
  • Poruke: 238
  • Gde živiš: Bačka Palanka

ComboFix 09-07-08.A0 - Stefan 09.07.2009 17:26.1.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.381.1033.18.1919.964 [GMT 2:00]
Running from: c:\users\Stefan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\SKYNETtoixcoep.sys
c:\windows\system32\drivers\SKYNETvwymewxr.sys
c:\windows\system32\SKYNETdmxhiaau.dll
c:\windows\system32\SKYNETeoxmxpvb.dat
c:\windows\system32\SKYNETpimfplvr.dll
c:\windows\system32\SKYNETxgyspohi.dat
c:\windows\system32\SKYNETxspuhnvl.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETbeqkrvau
-------\Service_SKYNETperbvpmt


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 10:37 . 2009-07-09 10:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-09 00:37 . 2009-07-09 00:06 2314496 ----a-w- c:\programdata\avg8\update\backup\avgdiagex.exe
2009-07-09 00:37 . 2009-07-09 00:06 1368952 ----a-w- c:\programdata\avg8\update\backup\avgfws8.exe
2009-07-09 00:20 . 2009-04-15 06:33 -------- d-----w- C:\v64000T_20090324_x32
2009-07-09 00:06 . 2009-07-09 00:06 -------- d-----w- c:\programdata\Downloaded Installations
2009-07-09 00:06 . 2009-07-09 00:06 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-09 00:06 . 2009-07-09 00:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-09 00:06 . 2009-07-09 00:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-09 00:06 . 2009-07-09 00:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 00:06 . 2009-07-09 00:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-09 00:06 . 2009-07-09 00:34 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-09 00:06 . 2009-07-09 00:06 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-07-08 20:01 . 2009-07-08 20:01 -------- d-----w- c:\windows\CheckSur
2009-07-08 17:07 . 2009-07-08 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-07-08 13:53 . 2009-07-08 13:53 -------- d-----w- c:\windows\system32\EventProviders
2009-07-06 18:22 . 2009-07-06 18:22 -------- d-----w- c:\programdata\DVD Shrink
2009-07-06 18:22 . 2009-07-06 18:22 -------- d-----w- c:\program files\DVD Shrink
2009-07-06 18:15 . 2009-07-06 18:21 -------- d-----w- c:\program files\Virtual Dub
2009-07-06 17:13 . 2004-03-23 02:26 48556 ----a-r- c:\windows\system32\drivers\SktBt2k.sys
2009-07-06 17:13 . 2004-02-11 05:29 48076 ----a-r- c:\windows\system32\drivers\Sio9502k.sys
2009-07-06 17:13 . 2003-07-03 18:58 63488 ----a-r- c:\windows\system32\drivers\wssbtr1f.sys
2009-07-06 17:13 . 2003-04-28 17:31 51169 ----a-r- c:\windows\system32\drivers\OXSER.SYS
2009-07-06 17:13 . 2002-09-22 23:30 40960 ----a-r- c:\windows\system32\drivers\SCTray.exe
2009-07-06 17:13 . 2002-09-17 23:11 77824 ----a-r- c:\windows\system32\drivers\SioUi2k.dll
2009-07-06 11:40 . 2009-07-06 11:40 -------- d-----w- c:\users\Stefan\AppData\Roaming\GRETECH
2009-07-06 11:39 . 2009-07-06 11:39 -------- d-----w- c:\program files\GRETECH
2009-07-06 11:32 . 2009-07-06 11:49 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\users\Stefan\AppData\Local\Toshiba
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\programdata\TOSHIBA
2009-07-06 11:06 . 2009-07-06 11:50 -------- d-----w- c:\users\Stefan\AppData\Roaming\DAEMON Tools Pro
2009-07-06 10:34 . 2009-07-06 10:34 -------- d-----w- c:\programdata\ATI
2009-07-05 14:58 . 2009-07-05 14:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-05 14:58 . 2009-07-05 15:42 -------- d-----w- c:\users\Stefan\AppData\Roaming\Winamp
2009-07-05 14:58 . 2009-07-05 14:59 -------- d-----w- c:\program files\Winamp
2009-07-05 12:39 . 2009-07-05 12:39 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-05 12:37 . 2009-07-05 12:37 10134 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}\ARPPRODUCTICON.exe
2009-07-05 12:32 . 2009-07-05 12:32 -------- d-----w- c:\users\Stefan\AppData\Local\WinZip
2009-07-05 12:31 . 2009-07-05 12:31 181 ---h--w- c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
2009-07-05 12:31 . 2009-07-05 13:25 -------- d-----w- c:\programdata\WinZip
2009-07-05 11:50 . 2009-07-05 11:50 -------- d-----w- c:\users\Stefan\AppData\Roaming\NetSupport
2009-07-05 11:05 . 2009-07-05 11:05 -------- d-----w- c:\users\Stefan\AppData\Roaming\AVG8
2009-07-05 10:51 . 2009-07-05 10:51 -------- d-----w- c:\users\Stefan\AppData\Local\GHISLER
2009-07-05 10:44 . 2009-07-09 11:22 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-05 10:36 . 2009-07-09 00:06 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-05 10:36 . 2009-07-09 00:06 1454360 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-05 10:36 . 2009-07-04 17:33 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-07-05 10:36 . 2009-07-04 17:33 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-07-05 02:06 . 2009-07-05 02:06 -------- d-----w- c:\users\Stefan\Program Files
2009-07-05 02:00 . 2009-07-09 14:34 -------- d-----w- c:\users\Stefan\Tracing
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\users\Stefan\AppData\Local\DNA
2009-07-05 01:59 . 2009-07-08 17:07 -------- d-----w- c:\users\Stefan\AppData\Roaming\DNA
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\BitTorrent
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\DNA
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\AskBarDis
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\Microsoft
2009-07-05 01:58 . 2009-07-05 01:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 01:58 . 2009-07-05 01:58 -------- d-----w- c:\program files\Windows Live
2009-07-05 01:42 . 2009-07-09 10:37 -------- d-----w- c:\users\Stefan\AppData\Roaming\skypePM
2009-07-05 01:41 . 2009-07-09 10:53 -------- d-----w- c:\users\Stefan\AppData\Roaming\Skype
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-05 01:39 . 2009-07-05 10:51 -------- d-----w- c:\users\Stefan\AppData\Roaming\GHISLER
2009-07-05 01:39 . 2009-07-05 10:49 -------- d-----w- C:\totalcmd
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----w- c:\program files\Common Files\Skype
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----r- c:\program files\Skype
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----w- c:\programdata\Skype
2009-07-05 01:30 . 2009-07-05 01:30 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-05 00:31 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-07-05 00:31 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2009-07-05 00:31 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-07-05 00:31 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-07-05 00:29 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-04 23:50 . 2009-07-04 13:56 -------- d-----w- c:\windows\Panther
2009-07-04 23:50 . 2009-07-04 23:50 -------- d-sh--w- C:\Boot
2009-07-04 23:47 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-04 23:47 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-04 23:47 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-04 23:47 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-04 23:47 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-04 23:47 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-04 23:47 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-04 23:37 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-04 23:37 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-04 23:37 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-04 23:37 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-04 23:37 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-04 23:22 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-04 23:22 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-07-04 23:22 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-07-04 23:09 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-04 23:09 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-07-04 23:05 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-07-04 23:04 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-04 23:04 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-07-04 23:00 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
2009-07-04 22:59 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-07-04 22:59 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2009-07-04 22:59 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2009-07-04 22:59 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2009-07-04 22:59 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2009-07-04 22:59 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2009-07-04 22:59 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-07-04 22:59 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-07-04 22:59 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-07-04 22:59 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-07-04 22:58 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-07-04 22:58 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-07-04 22:58 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-07-04 22:58 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll
2009-07-04 22:58 . 2008-06-06 03:27 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2009-07-04 22:58 . 2008-12-16 05:31 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-07-04 22:58 . 2008-12-16 05:31 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-07-04 22:58 . 2008-12-16 03:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-07-04 22:58 . 2008-04-26 08:26 891448 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-07-04 22:58 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2009-07-04 22:58 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2009-07-04 22:56 . 2008-06-23 01:59 2868736 ----a-w- c:\windows\system32\mf.dll
2009-07-04 22:50 . 2008-12-06 04:42 376832 ----a-w- c:\windows\system32\winhttp.dll
2009-07-04 22:28 . 2008-10-16 21:13 1809944 ----a-w- c:\windows\system32\wuaueng.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 15:31 . 2009-07-09 15:31 421 ----a-w- c:\windows\system32\SKYNETpvwcsswv.dat
2009-07-09 15:26 . 2009-07-09 15:24 508 ----a-w- c:\windows\system32\SKYNETnvkbdxnc.dat
2009-07-09 15:24 . 2009-07-09 15:24 19968 ----a-w- c:\windows\system32\SKYNETwofljqrp.dll
2009-07-09 00:06 . 2009-07-05 10:45 327688 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-09 00:06 . 2009-07-05 10:45 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-09 00:06 . 2009-07-05 10:45 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-09 00:06 . 2009-07-05 10:45 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-09 00:06 . 2009-07-05 10:45 3402008 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-09 00:06 . 2009-07-05 10:45 1204504 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-09 00:06 . 2009-07-05 10:45 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-08 17:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-08 17:11 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-06 17:22 . 2009-07-05 10:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\BitTorrent
2009-07-04 17:59 . 2009-07-04 17:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nskbfltr_01005.Wdf
2009-07-04 13:55 . 2009-07-04 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-24 16:05 . 2009-07-04 23:10 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-07-04 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-07-04 23:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-07-04 22:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-21 11:55 . 2009-07-04 22:56 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 15:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-09 1948440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]

c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
santa.bat [2009-7-5 181]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,06,c9,e7,d7,ff,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4575C314-8971-469E-9AD6-F6CDAD7CE32B}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{FB7CC126-27AF-4B63-9190-100F3CDD4161}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{F4517623-51A8-4F44-9B2E-CE8AC85C98CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7ED5DBE4-3252-4D45-9C73-739DDB716679}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D177A631-B8A1-43FF-AE52-3BE3C17DA58A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{C730C48A-417B-4500-81DD-55E4218BE726}c:\\users\\stefan\\program files\\dna\\btdna.exe"= UDP:c:\users\stefan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9FFE9011-9FA9-4864-A300-58E132943E71}c:\\users\\stefan\\program files\\dna\\btdna.exe"= TCP:c:\users\stefan\program files\dna\btdna.exe:btdna.exe
"{9BBBBC7E-FF64-4026-B67A-1632639CCDBC}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{00BCE2AA-EFA5-487C-9551-249F8EA18570}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{46BB9F7A-D494-4153-A5D3-2CEB732581C8}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{F1C93A31-85EF-40A5-ADBA-AA104F7BBAD4}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{F940B650-8C4F-4D4C-A1D3-0A1C625F6D00}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{9C6B866D-A258-4C36-90A3-3EC3AD4D7164}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0E6DCC66-95D9-4446-9AA0-8CD0F6362B7E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{136F21BB-7B17-4909-B4F2-B897DE23B83B}"= UDP:c:\program files\NetSupport\NetSupport Manager\client32.exe:NetSupport Client
"{5E3FD29F-7227-47EB-A165-469E3CDDE044}"= TCP:c:\program files\NetSupport\NetSupport Manager\client32.exe:NetSupport Client
"{E9AEFB8A-5591-4582-A80F-C6DC9A1B0111}"= UDP:c:\program files\NetSupport\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{9CA0D1BA-99F6-45F6-94EF-360FAF92BD2D}"= TCP:c:\program files\NetSupport\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{5EF38D25-FE20-48F3-89DA-D36A8E2B8A20}"= UDP:c:\program files\NetSupport\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{A4BCF847-8579-478C-A95E-BD8A61D3CEBA}"= TCP:c:\program files\NetSupport\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{84DD2E24-1DC0-4BE3-A3A0-DADBC40B863E}"= UDP:c:\program files\NetSupport\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{95D9781A-CEBF-47D9-AB7C-E18781830233}"= TCP:c:\program files\NetSupport\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{BCB332E6-3DDF-4D79-836B-5906599578E5}"= UDP:c:\program files\NetSupport\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{069DE708-D78B-4A85-94E6-D5F1BAC2C7DA}"= TCP:c:\program files\NetSupport\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{B855572E-B2C9-4886-A791-3638F255072F}"= UDP:c:\program files\NetSupport\NetSupport Manager\runscrip.exe:NetSupport Run Script
"{33C64460-927B-4FF8-8825-90851C8A98B3}"= TCP:c:\program files\NetSupport\NetSupport Manager\runscrip.exe:NetSupport Run Script

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\Stefan\\AppData\\Local\\Temp\\Rar$EX06.330\\b-tcmd750pb5-patch.exe"= c:\users\Stefan\AppData\Local\Temp\Rar$EX06.330\b-tcmd750pb5-patch.exe:*:Enabled:syswin
"c:\\Users\\Stefan\\Desktop\\b-tcmd750pb5-patch.exe"= c:\users\Stefan\Desktop\b-tcmd750pb5-patch.exe:*:Enabled:syswin
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9.7.2009 2:06 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [9.7.2009 2:06 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9.7.2009 2:06 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9.7.2009 2:06 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9.7.2009 2:06 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [9.7.2009 2:06 1368952]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [4.7.2009 20:03 603904]
R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [4.7.2009 19:17 891392]
R3 DCamUSBTP10;StarCam mini+;c:\windows\System32\drivers\iP293x.SYS [4.7.2009 16:44 242176]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [4.7.2009 19:42 19096]
R3 nskbfltr;nskbfltr;c:\windows\System32\drivers\nskbfltr.sys [4.7.2009 19:59 20512]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4.7.2009 19:42 195856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [4.7.2009 19:42 38160]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\faeb216e.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Stefan\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 17:35
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETbeqkrvau]
"imagepath"="\systemroot\system32\drivers\SKYNETvwymewxr.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\N6008d48c]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="M"
"InternetCode"="GU73N4ZFLKKKC3BDOSMP3JDXJH64N6MCJP2BJCQ8"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SKYNETbeqkrvau]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\SKYNETvwymewxr.sys"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\windows\System32\wbem\WMIADAP.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2009-07-09 17:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 15:39

Pre-Run: 14.656.651.264 bytes free
Post-Run: 14.636.658.688 bytes free

333 --- E O F --- 2009-07-06 00:32

Poslao: 09 Jul 2009 19:01
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\SKYNETpvwcsswv.dat
c:\windows\system32\SKYNETnvkbdxnc.dat
c:\windows\system32\SKYNETwofljqrp.dll

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 09 Jul 2009 21:40
Idi na vrh
offline
  • Pridružio: 21 Sep 2008
  • Poruke: 238
  • Gde živiš: Bačka Palanka

ComboFix 09-07-08.A0 - Stefan 09.07.2009 21:11.2.1 - NTFSx86
Microsoft® Windows Vista™ Ultimate 6.0.6001.1.1250.381.1033.18.1919.1133 [GMT 2:00]
Running from: c:\users\Stefan\Desktop\ComboFix.exe
Command switches used :: c:\users\Stefan\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\SKYNETnvkbdxnc.dat"
"c:\windows\system32\SKYNETpvwcsswv.dat"
"c:\windows\system32\SKYNETwofljqrp.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\SKYNETnvkbdxnc.dat
c:\windows\system32\SKYNETpvwcsswv.dat
c:\windows\system32\SKYNETwofljqrp.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETbeqkrvau


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 19:15 . 2009-07-09 19:19 -------- d-----w- c:\users\Stefan\AppData\Local\temp
2009-07-09 18:23 . 2009-07-09 18:29 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2009-07-09 18:23 . 2007-05-02 09:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2009-07-09 18:23 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2009-07-09 18:23 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2009-07-09 18:23 . 2007-05-02 09:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2009-07-09 18:23 . 2007-05-02 09:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2009-07-09 18:23 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2009-07-09 18:23 . 2007-05-02 09:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2009-07-09 18:23 . 2009-07-09 18:23 -------- d-----w- c:\program files\Samsung
2009-07-09 10:37 . 2009-07-09 10:37 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-09 00:37 . 2009-07-09 00:06 2314496 ----a-w- c:\programdata\avg8\update\backup\avgdiagex.exe
2009-07-09 00:37 . 2009-07-09 00:06 1368952 ----a-w- c:\programdata\avg8\update\backup\avgfws8.exe
2009-07-09 00:20 . 2009-04-15 06:33 -------- d-----w- C:\v64000T_20090324_x32
2009-07-09 00:06 . 2009-07-09 00:06 -------- d-----w- c:\programdata\Downloaded Installations
2009-07-09 00:06 . 2009-07-09 00:06 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-07-09 00:06 . 2009-07-09 00:06 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-09 00:06 . 2009-07-09 00:06 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-09 00:06 . 2009-07-09 00:37 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-09 00:06 . 2009-07-09 00:06 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-09 00:06 . 2009-07-09 00:34 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-09 00:06 . 2009-07-09 00:06 23832 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2009-07-08 20:01 . 2009-07-08 20:01 -------- d-----w- c:\windows\CheckSur
2009-07-08 17:07 . 2009-07-08 17:07 -------- d-----w- c:\windows\system32\SPReview
2009-07-08 13:53 . 2009-07-08 13:53 -------- d-----w- c:\windows\system32\EventProviders
2009-07-06 18:22 . 2009-07-06 18:22 -------- d-----w- c:\programdata\DVD Shrink
2009-07-06 18:22 . 2009-07-06 18:22 -------- d-----w- c:\program files\DVD Shrink
2009-07-06 18:15 . 2009-07-06 18:21 -------- d-----w- c:\program files\Virtual Dub
2009-07-06 17:13 . 2004-03-23 02:26 48556 ----a-r- c:\windows\system32\drivers\SktBt2k.sys
2009-07-06 17:13 . 2004-02-11 05:29 48076 ----a-r- c:\windows\system32\drivers\Sio9502k.sys
2009-07-06 17:13 . 2003-07-03 18:58 63488 ----a-r- c:\windows\system32\drivers\wssbtr1f.sys
2009-07-06 17:13 . 2003-04-28 17:31 51169 ----a-r- c:\windows\system32\drivers\OXSER.SYS
2009-07-06 17:13 . 2002-09-22 23:30 40960 ----a-r- c:\windows\system32\drivers\SCTray.exe
2009-07-06 17:13 . 2002-09-17 23:11 77824 ----a-r- c:\windows\system32\drivers\SioUi2k.dll
2009-07-06 11:40 . 2009-07-06 11:40 -------- d-----w- c:\users\Stefan\AppData\Roaming\GRETECH
2009-07-06 11:39 . 2009-07-06 11:39 -------- d-----w- c:\program files\GRETECH
2009-07-06 11:32 . 2009-07-06 11:49 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\programdata\DAEMON Tools Pro
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\users\Stefan\AppData\Local\Toshiba
2009-07-06 11:32 . 2009-07-06 11:32 -------- d-----w- c:\programdata\TOSHIBA
2009-07-06 11:06 . 2009-07-06 11:50 -------- d-----w- c:\users\Stefan\AppData\Roaming\DAEMON Tools Pro
2009-07-06 10:34 . 2009-07-06 10:34 -------- d-----w- c:\programdata\ATI
2009-07-05 14:58 . 2009-07-05 14:58 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2009-07-05 14:58 . 2009-07-05 15:42 -------- d-----w- c:\users\Stefan\AppData\Roaming\Winamp
2009-07-05 14:58 . 2009-07-05 14:59 -------- d-----w- c:\program files\Winamp
2009-07-05 12:39 . 2009-07-05 12:39 0 ----a-w- c:\windows\ativpsrm.bin
2009-07-05 12:37 . 2009-07-05 12:37 10134 ----a-r- c:\users\Stefan\AppData\Roaming\Microsoft\Installer\{580D6A69-F3F7-CB21-A5F5-3451A38CA1C2}\ARPPRODUCTICON.exe
2009-07-05 12:32 . 2009-07-05 12:32 -------- d-----w- c:\users\Stefan\AppData\Local\WinZip
2009-07-05 12:31 . 2009-07-05 12:31 181 ---h--w- c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\santa.bat
2009-07-05 12:31 . 2009-07-05 13:25 -------- d-----w- c:\programdata\WinZip
2009-07-05 11:50 . 2009-07-05 11:50 -------- d-----w- c:\users\Stefan\AppData\Roaming\NetSupport
2009-07-05 11:05 . 2009-07-05 11:05 -------- d-----w- c:\users\Stefan\AppData\Roaming\AVG8
2009-07-05 10:51 . 2009-07-05 10:51 -------- d-----w- c:\users\Stefan\AppData\Local\GHISLER
2009-07-05 10:44 . 2009-07-09 11:22 3561743 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-05 10:36 . 2009-07-09 00:06 1085208 ----a-w- c:\programdata\avg8\update\backup\avgupd.exe
2009-07-05 10:36 . 2009-07-09 00:06 1454360 ----a-w- c:\programdata\avg8\update\backup\avgupd.dll
2009-07-05 10:36 . 2009-07-04 17:33 587032 ----a-w- c:\programdata\avg8\update\backup\avgiproxy.exe
2009-07-05 10:36 . 2009-07-04 17:33 755992 ----a-w- c:\programdata\avg8\update\backup\avginet.dll
2009-07-05 02:06 . 2009-07-05 02:06 -------- d-----w- c:\users\Stefan\Program Files
2009-07-05 02:00 . 2009-07-09 18:41 -------- d-----w- c:\users\Stefan\Tracing
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\users\Stefan\AppData\Local\DNA
2009-07-05 01:59 . 2009-07-08 17:07 -------- d-----w- c:\users\Stefan\AppData\Roaming\DNA
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\BitTorrent
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\DNA
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\AskBarDis
2009-07-05 01:59 . 2009-07-05 01:59 -------- d-----w- c:\program files\Microsoft
2009-07-05 01:58 . 2009-07-05 01:58 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-07-05 01:58 . 2009-07-05 01:58 -------- d-----w- c:\program files\Windows Live
2009-07-05 01:42 . 2009-07-09 18:21 -------- d-----w- c:\users\Stefan\AppData\Roaming\skypePM
2009-07-05 01:41 . 2009-07-09 18:42 -------- d-----w- c:\users\Stefan\AppData\Roaming\Skype
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\UC.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\RAR.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKZIP.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\LHA.PIF
2009-07-05 01:39 . 2008-08-08 05:04 545 ----a-w- c:\windows\ARJ.PIF
2009-07-05 01:39 . 2009-07-05 10:51 -------- d-----w- c:\users\Stefan\AppData\Roaming\GHISLER
2009-07-05 01:39 . 2009-07-05 10:49 -------- d-----w- C:\totalcmd
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----w- c:\program files\Common Files\Skype
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----r- c:\program files\Skype
2009-07-05 01:35 . 2009-07-05 01:35 -------- d-----w- c:\programdata\Skype
2009-07-05 01:30 . 2009-07-05 01:30 -------- d-----w- c:\program files\Common Files\Windows Live
2009-07-05 00:31 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2009-07-05 00:31 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2009-07-05 00:31 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-07-05 00:31 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2009-07-05 00:29 . 2008-10-22 01:22 2048 ----a-w- c:\windows\system32\tzres.dll
2009-07-04 23:50 . 2009-07-04 13:56 -------- d-----w- c:\windows\Panther
2009-07-04 23:50 . 2009-07-04 23:50 -------- d-sh--w- C:\Boot
2009-07-04 23:47 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2009-07-04 23:47 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2009-07-04 23:47 . 2008-06-20 01:14 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2009-07-04 23:47 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2009-07-04 23:47 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2009-07-04 23:47 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2009-07-04 23:47 . 2008-06-20 01:14 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2009-07-04 23:37 . 2008-07-27 18:03 96760 ----a-w- c:\windows\system32\dfshim.dll
2009-07-04 23:37 . 2008-07-27 18:03 282112 ----a-w- c:\windows\system32\mscoree.dll
2009-07-04 23:37 . 2008-07-27 18:03 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-07-04 23:37 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2009-07-04 23:37 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2009-07-04 23:22 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2009-07-04 23:22 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2009-07-04 23:22 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2009-07-04 23:09 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-07-04 23:09 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll
2009-07-04 23:05 . 2008-11-01 03:44 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-07-04 23:04 . 2008-11-01 01:21 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-07-04 23:04 . 2008-03-08 04:21 1695744 ----a-w- c:\windows\system32\gameux.dll
2009-07-04 23:00 . 2008-11-27 04:43 268288 ----a-w- c:\windows\system32\schannel.dll
2009-07-04 22:59 . 2008-02-29 07:14 19000 ----a-w- c:\windows\system32\kd1394.dll
2009-07-04 22:59 . 2008-02-29 07:11 988216 ----a-w- c:\windows\system32\winload.exe
2009-07-04 22:59 . 2008-02-22 05:05 615992 ----a-w- c:\windows\system32\ci.dll
2009-07-04 22:59 . 2008-02-29 07:11 927288 ----a-w- c:\windows\system32\winresume.exe
2009-07-04 22:59 . 2008-02-29 06:53 378368 ----a-w- c:\windows\system32\srcore.dll
2009-07-04 22:59 . 2008-02-29 06:53 40960 ----a-w- c:\windows\system32\srclient.dll
2009-07-04 22:59 . 2008-02-29 06:53 46592 ----a-w- c:\windows\system32\setbcdlocale.dll
2009-07-04 22:59 . 2008-02-29 06:35 6656 ----a-w- c:\windows\system32\kbd106n.dll
2009-07-04 22:59 . 2008-02-29 04:12 318464 ----a-w- c:\windows\system32\rstrui.exe
2009-07-04 22:59 . 2008-02-29 04:12 14848 ----a-w- c:\windows\system32\srdelayed.exe
2009-07-04 22:58 . 2008-04-18 05:48 269312 ----a-w- c:\windows\system32\es.dll
2009-07-04 22:58 . 2008-10-29 06:29 2927104 ----a-w- c:\windows\explorer.exe
2009-07-04 22:58 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
2009-07-04 22:58 . 2008-06-06 03:27 38912 ----a-w- c:\windows\system32\xolehlp.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 19:16 . 2009-07-05 10:45 -------- d-----w- c:\users\Stefan\AppData\Roaming\BitTorrent
2009-07-09 00:06 . 2009-07-05 10:45 327688 ----a-w- c:\programdata\avg8\update\backup\avgldx86.sys
2009-07-09 00:06 . 2009-07-05 10:45 3298072 ----a-w- c:\programdata\avg8\update\backup\setup.exe
2009-07-09 00:06 . 2009-07-05 10:45 2052888 ----a-w- c:\programdata\avg8\update\backup\avgcorex.dll
2009-07-09 00:06 . 2009-07-05 10:45 337176 ----a-w- c:\programdata\avg8\update\backup\avglogx.dll
2009-07-09 00:06 . 2009-07-05 10:45 3402008 ----a-w- c:\programdata\avg8\update\backup\avgui.exe
2009-07-09 00:06 . 2009-07-05 10:45 1204504 ----a-w- c:\programdata\avg8\update\backup\avgabout.dll
2009-07-09 00:06 . 2009-07-05 10:45 829208 ----a-w- c:\programdata\avg8\update\backup\avgcfgx.dll
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-07-08 17:30 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Sidebar
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Journal
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Collaboration
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Photo Gallery
2009-07-08 17:30 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Defender
2009-07-08 17:11 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-07-04 17:59 . 2009-07-04 17:59 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_nskbfltr_01005.Wdf
2009-07-04 13:55 . 2009-07-04 13:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-24 16:05 . 2009-07-04 23:10 827904 ----a-w- c:\windows\system32\wininet.dll
2009-04-24 16:02 . 2009-07-04 23:10 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-04-24 13:44 . 2009-07-04 23:10 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-04-23 12:43 . 2009-07-04 22:56 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-21 11:55 . 2009-07-04 22:56 2033152 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-07-09_15.35.34 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 01:56 . 2009-07-09 15:48 36382 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:03 . 2009-07-09 19:19 68122 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-09 18:29 . 2007-07-19 07:44 70904 c:\windows\System32\Samsung_USB_Drivers\5\SSSDUninstall.exe
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdwhnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 99712 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdobex.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 14848 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmdfl.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdcmnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 83456 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdbus.sys
+ 2009-07-09 18:27 . 2007-07-03 14:53 70824 c:\windows\System32\Samsung_USB_Drivers\3\SSCDUninstall.exe
+ 2009-07-09 18:27 . 2007-07-03 14:59 86824 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdserd.sys
+ 2009-07-09 18:27 . 2007-07-03 14:57 11944 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdfl.sys
+ 2009-07-09 18:27 . 2007-07-03 14:54 80552 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdbus.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 72968 c:\windows\System32\Samsung_USB_Drivers\2\SSM_Uninstall.exe
+ 2009-07-09 18:25 . 2007-05-02 09:12 12424 c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_whnt.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 15112 c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_mdfl.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 12424 c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_cmnt.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 83592 c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_bus.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 72968 c:\windows\System32\Samsung_USB_Drivers\1\SS_Uninstall.exe
+ 2009-07-09 18:23 . 2007-05-02 09:11 12424 c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_whnt.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 15112 c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_mdfl.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 12424 c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_cmnt.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 83592 c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_bus.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\DriverStore\FileRepository\sssdsdm2.inf_bf4a684c\i386\sssdcmnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 99712 c:\windows\System32\DriverStore\FileRepository\sssdobx2.inf_5b5c5c4e\i386\sssdobex.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\DriverStore\FileRepository\sssdobx2.inf_5b5c5c4e\i386\sssdcmnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 14848 c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdmdfl.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdcmnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 12160 c:\windows\System32\DriverStore\FileRepository\sssdbus.inf_e57a582b\i386\sssdwhnt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 83456 c:\windows\System32\DriverStore\FileRepository\sssdbus.inf_e57a582b\i386\sssdbus.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 12424 c:\windows\System32\DriverStore\FileRepository\ssm_ser2.inf_2087b83d\i386\ssm_cmnt.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 15112 c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_mdfl.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 12424 c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_cmnt.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 12424 c:\windows\System32\DriverStore\FileRepository\ssm_bus.inf_64872c61\i386\ssm_whnt.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 83592 c:\windows\System32\DriverStore\FileRepository\ssm_bus.inf_64872c61\i386\ssm_bus.sys
+ 2009-07-09 18:27 . 2007-07-03 14:57 11944 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdmdfl.sys
+ 2009-07-09 18:27 . 2007-07-03 14:59 86824 c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_ae69cd61\i386\sscdserd.sys
+ 2009-07-09 18:27 . 2007-07-03 14:54 80552 c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_5421c7a9\i386\sscdbus.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 15112 c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_mdfl.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 12424 c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_cmnt.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 12424 c:\windows\System32\DriverStore\FileRepository\ss_bus.inf_7d09b845\i386\ss_whnt.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 83592 c:\windows\System32\DriverStore\FileRepository\ss_bus.inf_7d09b845\i386\ss_bus.sys
+ 2006-11-02 10:25 . 2009-07-09 18:31 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-09 00:19 86016 c:\windows\inf\infstor.dat
- 2006-11-02 10:25 . 2009-07-09 00:19 51200 c:\windows\inf\infpub.dat
+ 2006-11-02 10:25 . 2009-07-09 18:31 51200 c:\windows\inf\infpub.dat
+ 2009-07-04 14:05 . 2009-07-09 19:19 4442 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-498679449-1444959887-3570755769-1000_UserData.bin
+ 2009-07-09 18:27 . 2007-07-03 15:00 9256 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdwhnt.sys
+ 2009-07-09 18:27 . 2007-07-03 14:56 9256 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdcmnt.sys
+ 2009-07-09 18:27 . 2007-07-03 14:56 9256 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdcmnt.sys
+ 2009-07-09 18:27 . 2007-07-03 14:56 9256 c:\windows\System32\DriverStore\FileRepository\sscdsdm2.inf_ae69cd61\i386\sscdcmnt.sys
+ 2009-07-09 18:27 . 2007-07-03 15:00 9256 c:\windows\System32\DriverStore\FileRepository\sscdbus.inf_5421c7a9\i386\sscdwhnt.sys
+ 2009-07-09 19:17 . 2009-07-09 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-07-09 15:34 . 2009-07-09 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2009-07-09 19:17 . 2009-07-09 19:17 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-09 15:34 . 2009-07-09 15:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-09 18:29 . 2007-07-05 10:37 103808 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmgmt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 109696 c:\windows\System32\Samsung_USB_Drivers\5\i386\sssdmdm.sys
+ 2009-07-09 18:27 . 2007-07-03 14:58 106792 c:\windows\System32\Samsung_USB_Drivers\3\i386\sscdmdm.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 109704 c:\windows\System32\Samsung_USB_Drivers\2\i386\ssm_mdm.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 109704 c:\windows\System32\Samsung_USB_Drivers\1\i386\ss_mdm.sys
+ 2006-11-02 10:33 . 2009-07-09 15:52 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-09 15:33 587178 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2009-07-09 15:33 101250 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2009-07-09 15:52 101250 c:\windows\System32\perfc009.dat
+ 2009-07-09 18:29 . 2007-07-05 10:37 103808 c:\windows\System32\DriverStore\FileRepository\sssdsdm2.inf_bf4a684c\i386\sssdmgmt.sys
+ 2009-07-09 18:29 . 2007-07-05 10:37 109696 c:\windows\System32\DriverStore\FileRepository\sssdmdm2.inf_747975cf\i386\sssdmdm.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 109704 c:\windows\System32\DriverStore\FileRepository\ssm_ser2.inf_2087b83d\i386\ssm_mdm.sys
+ 2009-07-09 18:25 . 2007-05-02 09:12 109704 c:\windows\System32\DriverStore\FileRepository\ssm_mdm2.inf_f497af07\i386\ssm_mdm.sys
+ 2009-07-09 18:27 . 2007-07-03 14:58 106792 c:\windows\System32\DriverStore\FileRepository\sscdw2k.inf_542f1bcb\i386\sscdmdm.sys
+ 2009-07-09 18:23 . 2007-05-02 09:11 109704 c:\windows\System32\DriverStore\FileRepository\ss_mdm2.inf_076b4357\i386\ss_mdm.sys
- 2006-11-02 10:25 . 2009-07-09 00:19 143360 c:\windows\inf\infstrng.dat
+ 2006-11-02 10:25 . 2009-07-09 18:31 143360 c:\windows\inf\infstrng.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 15:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTProAgent.exe" [2009-04-09 228808]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"WindowsWelcomeCenter"="oobefldr.dll" - c:\windows\System32\oobefldr.dll [2008-01-21 2153472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-09 1948440]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-06-17 414992]

c:\users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
santa.bat [2009-7-5 181]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):43,06,c9,e7,d7,ff,c9,01

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{4575C314-8971-469E-9AD6-F6CDAD7CE32B}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{FB7CC126-27AF-4B63-9190-100F3CDD4161}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{F4517623-51A8-4F44-9B2E-CE8AC85C98CA}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{7ED5DBE4-3252-4D45-9C73-739DDB716679}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{D177A631-B8A1-43FF-AE52-3BE3C17DA58A}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{C730C48A-417B-4500-81DD-55E4218BE726}c:\\users\\stefan\\program files\\dna\\btdna.exe"= UDP:c:\users\stefan\program files\dna\btdna.exe:btdna.exe
"UDP Query User{9FFE9011-9FA9-4864-A300-58E132943E71}c:\\users\\stefan\\program files\\dna\\btdna.exe"= TCP:c:\users\stefan\program files\dna\btdna.exe:btdna.exe
"{9BBBBC7E-FF64-4026-B67A-1632639CCDBC}"= UDP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (TCP-In)
"{00BCE2AA-EFA5-487C-9551-249F8EA18570}"= TCP:c:\program files\BitTorrent\BitTorrent.exe:BitTorrent (UDP-In)
"{46BB9F7A-D494-4153-A5D3-2CEB732581C8}"= c:\program files\AVG\AVG8\avgam.exe:avgam.exe
"{F1C93A31-85EF-40A5-ADBA-AA104F7BBAD4}"= c:\program files\AVG\AVG8\avgdiag.exe:avgdiag.exe
"{F940B650-8C4F-4D4C-A1D3-0A1C625F6D00}"= c:\program files\AVG\AVG8\avgdiagex.exe:avgdiagex.exe
"{9C6B866D-A258-4C36-90A3-3EC3AD4D7164}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{0E6DCC66-95D9-4446-9AA0-8CD0F6362B7E}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"{2A3BF0C4-2E40-47BA-BC70-71F1E302CECA}"= UDP:c:\program files\NetSupport\NetSupport Manager\client32.exe:NetSupport Client
"{7830B0A0-81CE-4FC3-A3E1-1AE75C711805}"= TCP:c:\program files\NetSupport\NetSupport Manager\client32.exe:NetSupport Client
"{7A8B90F4-2DBF-4FC3-839D-E16FE5FC6D4D}"= UDP:c:\program files\NetSupport\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{C686A094-186F-4024-ABA1-34ACD3C63866}"= TCP:c:\program files\NetSupport\NetSupport Manager\PCICTLUI.EXE:NetSupport Control
"{EA94FCC7-8038-4856-8271-D57F9EA76F3B}"= UDP:c:\program files\NetSupport\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{F4E9C127-92AD-40FD-99B2-E15B91FE57AE}"= TCP:c:\program files\NetSupport\NetSupport Manager\pcideply.exe:NetSupport Deploy
"{5EF3782E-A59A-480C-9586-9B862C3A54EA}"= UDP:c:\program files\NetSupport\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{314ADBCB-F6B5-4BD8-A596-485DD76A4813}"= TCP:c:\program files\NetSupport\NetSupport Manager\PCISA.EXE:NetSupport Scripting Agent
"{0852F4B7-1D3C-45CC-82A1-62E113E89C48}"= UDP:c:\program files\NetSupport\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{8B1A8F77-40E7-4D4A-A40F-ACE5B47C8266}"= TCP:c:\program files\NetSupport\NetSupport Manager\pciscrui.exe:NetSupport Script Editor
"{24A69710-D97A-4F5B-8C39-C73D238298F3}"= UDP:c:\program files\NetSupport\NetSupport Manager\runscrip.exe:NetSupport Run Script
"{46F6DEB2-0068-4E63-8EA8-C75CC37E472E}"= TCP:c:\program files\NetSupport\NetSupport Manager\runscrip.exe:NetSupport Run Script

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\Stefan\\AppData\\Local\\Temp\\Rar$EX06.330\\b-tcmd750pb5-patch.exe"= c:\users\Stefan\AppData\Local\Temp\Rar$EX06.330\b-tcmd750pb5-patch.exe:*:Enabled:syswin
"c:\\Users\\Stefan\\Desktop\\b-tcmd750pb5-patch.exe"= c:\users\Stefan\Desktop\b-tcmd750pb5-patch.exe:*:Enabled:syswin
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 AvgRkx86;avgrkx86.sys;c:\windows\System32\drivers\avgrkx86.sys [9.7.2009 2:06 12552]
R1 Avgfwfd;AVG network filter service;c:\windows\System32\drivers\avgfwd6x.sys [9.7.2009 2:06 23832]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [9.7.2009 2:06 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [9.7.2009 2:06 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [9.7.2009 2:06 298776]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [9.7.2009 2:06 1368952]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [4.7.2009 20:03 603904]
R3 athrusb;TP-LINK Wireless LAN USB device driver;c:\windows\System32\drivers\athrusb.sys [4.7.2009 19:17 891392]
R3 DCamUSBTP10;StarCam mini+;c:\windows\System32\drivers\iP293x.SYS [4.7.2009 16:44 242176]
R3 MBAMProtector;MBAMProtector;c:\windows\System32\drivers\mbam.sys [4.7.2009 19:42 19096]
R3 nskbfltr;nskbfltr;c:\windows\System32\drivers\nskbfltr.sys [4.7.2009 19:59 20512]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [4.7.2009 19:42 195856]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\System32\drivers\mbamswissarmy.sys [4.7.2009 19:42 38160]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Supplementary Scan -------
.
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Iz&vezi u Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Preuzmi odabrano Free Download Manager-om - file://c:\program files\Free Download Manager\dlselected.htm
IE: Preuzmi sa Free Download Managerom - file://c:\program files\Free Download Manager\dllink.htm
IE: Preuzmi sve sa Free Download Manager-om - file://c:\program files\Free Download Manager\dlall.htm
TCP: {129B3AA6-C7FF-4F45-B416-7C3A024079EB} = 89.216.64.8
FF - ProfilePath - c:\users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\faeb216e.default\
FF - prefs.js: browser.startup.homepage - www.google.rs
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\users\Stefan\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 21:18
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\N6008d48c]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="M"
"InternetCode"="GU73N4ZFLKKKC3BDOSMP3JDXJH64N6MCJP2BJCQ8"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\program files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
c:\progra~1\AVG\AVG8\avgam.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\AVG\AVG8\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-07-09 21:23 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 19:23
ComboFix2.txt 2009-07-09 15:40

Pre-Run: 12.283.715.584 bytes free
Post-Run: 11.999.068.160 bytes free

407 --- E O F --- 2009-07-06 00:32

Poslao: 09 Jul 2009 22:09
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Kakvo je sad stanje?

Poslao: 10 Jul 2009 03:05
Idi na vrh
offline
  • Pridružio: 21 Sep 2008
  • Poruke: 238
  • Gde živiš: Bačka Palanka

Pa AVG mi vise ne izbacuje da imam zaraze,valjda je sad sve pod kontrolom.Ja misilm da AMF tim MyCity-a ima pice od mene Wink

Poslao: 10 Jul 2009 15:48
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Uradi jos ovo

Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

combofix /u

Primeti da postoji razmak između "ComboFix" i "/u".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

Pozzz

MyCity » Ambulanta -> Arhiva Ambulante » Provera loga,pokupio sam trojance neke.

Ko je trenutno na forumu
 

Ukupno su 1017 korisnika na forumu :: 32 registrovanih, 4 sakrivenih i 981 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Bobrock1, cavatina, cifra, CikaKURE, Dorcolac, Georgius, ivan1973, jaeger, kolle.the.kid, laganini123, laurusri, Lieutenant, Lord Nem, MB120mm, mercedesamg, mile23, MrNo, ozzy, raptorsi, repac, Romibrat, Silvertooth, stagezin, Stanlio, suton, Tila Painen, Trpe Grozni, Tvrtko I, uruk, vathra, zdrebac, zillbg