Poslao: 22 Feb 2010 10:08
|
offline
- trajan
- Novi MyCity građanin
- Pridružio: 10 Feb 2006
- Poruke: 4
|
Evo vec treci put pokusavam da vam posaljem logove ali kad kopiram gmer 3 izbaci mi fatalnu grsku i ugasi komp.
Problem je sledeci,od pre otprilike mesec dana racunar je uporio i nekoliko puta mi se zabagovao pa moram da ga restartujem.Od pre par dana mi se desava da pocrni ekran kao da je iskljucen.Imam 32bitni licenciran windows.
DDS (Ver_09-12-01.01) - NTFSx86
Run by User at 9:08:27,65 on pon 22.02.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.215 [GMT 1:00]
AV: avast! antivirus 4.8.1368 [VPS 100221-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\SCForte.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Weather Watcher\ww.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\dds.scr
C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.yahoo.com
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_2_0.dll
BHO: Yahoo! Companion BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_2_0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: &Yahoo! Companion: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\ycomp5_6_2_0.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
TB: {E738F11F-B0F3-4E0D-A5CA-6ED7B0BD4F5D} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [WeatherWatcher] c:\program files\weather watcher\ww.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRunServices: [MS Shell Services] c:\program files\teslain kidlogger\MainWnd.exe -m
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [nusbantivirus] "c:\program files\naevius usb antivirus\usbantivirus.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IObit Security 360] "c:\program files\iobit\iobit security 360\IS360tray.exe" /autostart
mRun: [UIUCU] c:\docume~1\user\locals~1\temp\UIUCU.EXE -CLEAN_UP -S
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Nokia.PCSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
uPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
uPolicies-explorer: NoActiveDesktop = 2 (0x2)
uPolicies-system: Wallpaper =
IE: &Search
IE: Add to AMV Converter... - c:\program files\mp3 player utilities 4.15\amvconverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\mp3 player utilities 4.15\mediamanager\grab.html
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/da2/PCPitStop2.cab
TCP: {9B5225C2-7F5E-441B-ACAD-FEC7B3765330} = 192.168.0.254,212.200.36.11
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: 0aMCPClient - {F5DF91F9-15E9-416B-A7C3-7519B11ECBFC} - No File
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\v8nkt1cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\v8nkt1cn.default\extensions\{7378b8c2-fc38-41b8-a8c9-875d1f5b0a24}\components\NativeComponent.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\v8nkt1cn.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\user\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll
FF - plugin: c:\program files\openoffice.org 2.0\program\npsoplugin.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [2006-7-27 25067]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [2008-1-31 17264]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-6-15 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-6-15 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-6-15 138680]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-11-7 311568]
R2 ServiceAceSpy;SCfortify;c:\windows\system32\SCForte.exe [2009-7-19 577872]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-10-23 10752]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-6-15 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-6-15 352920]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-7-12 133104]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebsearch\bar\2.bin\mwssvc.exe --> c:\progra~1\mywebsearch\bar\2.bin\mwssvc.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2006-7-27 25244]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2006-10-30 33792]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2009-1-20 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2009-1-20 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-1-20 42112]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [2006-8-3 25600]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\msn messenger\usnsvc.exe [2007-1-19 97136]
S4 Dmu-rs012m;Dmu-rs012m; [x]
=============== Created Last 30 ================
2010-02-21 10:40:57 54156 ---ha-w- c:\windows\QTFont.qfn
2010-02-21 10:40:57 1409 ----a-w- c:\windows\QTFont.for
2010-02-19 18:47:36 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-19 18:47:34 0 d-----w- c:\program files\PCPitstop
2010-02-11 08:16:19 0 d-----w- c:\docume~1\user\applic~1\Facebook
2010-02-03 15:19:14 0 d-----w- c:\docume~1\user\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-02 07:35:46 0 d-----w- c:\docume~1\user\applic~1\Agnitum
2010-02-01 12:09:27 0 d-----w- c:\program files\Agnitum
2010-01-23 22:47:30 618496 ----a-w- c:\windows\system32\MSSTTFTTM.ocx
2010-01-23 22:47:29 98304 ----a-w- c:\windows\system32\Msdxm11.ocx
2010-01-23 22:47:28 212992 ----a-w- c:\windows\system32\sql.dll
2010-01-23 22:47:27 0 d-----w- c:\program files\MP3 Cutter
2010-01-23 17:20:53 0 d-----w- C:\Intel
==================== Find3M ====================
2008-09-24 21:24:57 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-06-10 13:09:36 80 --sha-w- c:\windows\system32\indata.dat
2007-10-16 10:16:45 22073376 -csha-w- c:\windows\system32\drivers\fidbox.dat
============= FINISH: 9:09:59,25 ===============
mycity.rs/must-login.png
mycity.rs/must-login.png
mycity.rs/must-login.png
|
|
|
|
|
Poslao: 25 Feb 2010 11:40
|
offline
- trajan
- Novi MyCity građanin
- Pridružio: 10 Feb 2006
- Poruke: 4
|
Napisano: 24 Feb 2010 10:28
ComboFix 10-02-23.04 - User 24.02.2010 10:11:27.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.381.1033.18.511.282 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
.
ADS - netcfgx.dll: deleted 68 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\documents and settings\User\Application Data\.#
c:\documents and settings\User\Application Data\AD ON Multimedia
c:\documents and settings\User\Application Data\AD ON Multimedia\eBay Shortcuts\config.ini
c:\documents and settings\User\Application Data\AD ON Multimedia\eBay Shortcuts\eBayShortcuts.exe
c:\documents and settings\User\Application Data\BITS
c:\documents and settings\User\Application Data\BITS\BITS.ini
c:\documents and settings\User\Application Data\BITS\DHTTable.dat
c:\documents and settings\User\Application Data\BITS\UPnP.ini
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet universal\fgoption.ini
c:\program files\FlashGet Network\FlashGet universal\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet universal\p2spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\p4spmgr.ini
c:\program files\FlashGet Network\FlashGet universal\Profiles\config.dat
c:\program files\FlashGet Network\FlashGet universal\Profiles\tasks.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\taskmgr.dll
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2010-01-24 to 2010-02-24 )))))))))))))))))))))))))))))))
.
2010-02-22 10:17 . 2010-02-11 18:53 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-22 10:17 . 2010-02-11 18:53 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-22 10:12 . 2010-02-22 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-19 18:47 . 2010-02-19 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-19 18:47 . 2010-02-19 20:39 -------- d-----w- c:\program files\PCPitstop
2010-02-11 08:16 . 2010-02-11 08:16 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-02-11 08:16 . 2010-02-11 08:16 -------- d-----w- c:\documents and settings\User\Application Data\Facebook
2010-02-03 15:19 . 2010-02-03 15:19 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-03 15:18 . 2009-07-19 17:19 38200 ----a-w- c:\documents and settings\User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-02 07:35 . 2010-02-22 10:14 -------- d-----w- c:\documents and settings\User\Application Data\Agnitum
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\User\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 12:09 . 2010-02-22 10:14 -------- d-----w- c:\program files\Agnitum
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 10:17 . 2007-11-19 09:23 -------- d-----w- c:\program files\Alwil Software
2010-02-22 10:08 . 2006-08-29 09:54 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org2
2010-02-19 20:40 . 2007-09-08 11:28 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-02-19 19:45 . 2009-12-10 21:10 -------- d-----w- c:\program files\ALCATEL PC Suite
2010-02-19 17:51 . 2009-07-19 22:41 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-02-05 08:35 . 2007-06-05 15:51 -------- d-----w- c:\program files\Google
2010-01-30 17:28 . 2008-04-20 19:24 -------- d-----w- c:\documents and settings\User\Application Data\WeatherWatcher
2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\program files\MP3 Cutter
2010-01-23 22:42 . 2006-11-20 19:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 17:18 . 2010-01-23 17:18 2837016 ----a-w- c:\documents and settings\User\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_27708_3_0_1011.exe
2010-01-23 17:16 . 2009-12-04 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-16 22:48 . 2007-09-03 17:43 -------- d-----w- c:\program files\MotoKup
2010-01-16 22:33 . 2009-01-22 21:27 -------- d-----w- c:\program files\Motorola USB Treiber
2010-01-16 17:11 . 2006-07-27 14:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 17:23 . 2010-01-15 17:23 -------- d-----w- c:\program files\AMR to MP3 Converter
2010-01-15 17:18 . 2010-01-15 17:18 -------- d-----w- c:\program files\LitexMedia
2010-01-09 19:26 . 2009-10-23 23:09 -------- d-----w- c:\program files\Folder Lock
2010-01-09 18:19 . 2009-10-22 15:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-09 18:19 . 2009-10-22 15:24 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-08 11:14 . 2009-10-12 18:24 -------- d-----w- c:\documents and settings\User\Application Data\MagicEffect Photo
2009-12-28 07:03 . 2007-11-14 22:21 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-12-28 07:03 . 2007-11-14 22:21 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-28 07:03 . 2007-11-14 22:21 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-12-21 10:12 . 2009-12-21 10:12 38261728 ----a-w- c:\documents and settings\User\Application Data\Uniblue\DriverScanner\Download\usb_vid_03f0_pid_1d1710_1_1_3.exe
2009-12-14 08:06 . 2009-12-14 08:06 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-14 08:06 . 2009-12-14 08:06 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2008-09-24 21:24 . 2008-09-24 21:25 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-06-10 13:09 . 2008-08-05 08:32 80 --sha-w- c:\windows\system32\indata.dat
2007-10-16 10:16 . 2007-09-24 15:57 22073376 -csha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712]
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2008-01-22 1028096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-11-20 2335880]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"nusbantivirus"="c:\program files\Naevius USB Antivirus\usbantivirus.exe" [2009-08-19 1956864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Winamp Agent.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Winamp Agent.lnk
backup=c:\windows\pss\Winamp Agent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2007-06-19 08:17 1241088 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-30 13:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [27.7.2006 14:47 25067]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [31.1.2008 13:49 17264]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7.11.2009 19:06 311568]
R2 ServiceAceSpy;SCfortify;c:\windows\system32\SCForte.exe [19.7.2009 17:41 577872]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [23.10.2009 23:48 10752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 20:21 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [27.7.2006 15:09 25244]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [30.10.2006 20:52 33792]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [20.1.2009 12:47 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [20.1.2009 12:47 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [20.1.2009 12:47 42112]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [3.8.2006 20:30 25600]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 11:54 97136]
S4 Dmu-rs012m;Dmu-rs012m; [x]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-02-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-15 10:49]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 19:21]
2010-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 19:21]
2010-02-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
TCP: {9B5225C2-7F5E-441B-ACAD-FEC7B3765330} = 192.168.0.254,212.200.36.11
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\OpenOffice.org 2.0\program\npsoplugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{E738F11F-B0F3-4E0D-A5CA-6ED7B0BD4F5D} - (no file)
HKCU-RunServices-MS Shell Services - c:\program files\Teslain KidLogger\MainWnd.exe
MSConfigStartUp-AVG7_CC - c:\progra~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-Di dictionary - c:\program files\Di recnik\Di.exe
MSConfigStartUp-flockbox - c:\program files\My Lockbox\flockbox.exe
MSConfigStartUp-SmartRAM - c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-02-24 10:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(712)
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\wscntfy.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2010-02-24 10:23:36 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-24 09:23
ComboFix2.txt 2007-10-13 18:37
Pre-Run: 3.102.687.232 bytes free
Post-Run: 3.039.404.032 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 9D607002BA5954CAA6487A49035C89F1
Dopuna: 25 Feb 2010 11:40
Sta dalje?
|
|
|
|
|
Poslao: 26 Feb 2010 18:02
|
offline
- trajan
- Novi MyCity građanin
- Pridružio: 10 Feb 2006
- Poruke: 4
|
Napisano: 26 Feb 2010 17:51
Neznam.moguce.
Dopuna: 26 Feb 2010 17:56
nevidim ga u instaliranim programima
Dopuna: 26 Feb 2010 18:02
Inace je vec bolje stanje racunara-skoro pa normalno radi.
|
|
|
|
|
Poslao: 26 Feb 2010 23:56
|
offline
- trajan
- Novi MyCity građanin
- Pridružio: 10 Feb 2006
- Poruke: 4
|
ComboFix 10-02-23.04 - User 26.02.2010 18:16:07.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.511.95 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Norton Internet Worm Protection *disabled* {990F9400-4CEE-43EA-A83A-D013ADD8EA6E}
FILE ::
"c:\windows\system32\SCForte.exe"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\SCForte.exe
----- BITS: Possible infected sites -----
hxxp://armmf.adobe.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SERVICEACESPY
-------\Service_Dmu-rs012m
-------\Service_ServiceAceSpy
((((((((((((((((((((((((( Files Created from 2010-01-26 to 2010-02-26 )))))))))))))))))))))))))))))))
.
2010-02-24 10:42 . 2010-02-11 18:42 162512 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-02-24 10:42 . 2010-02-11 18:38 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-02-24 10:42 . 2010-02-11 18:39 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-02-24 10:42 . 2010-02-11 18:42 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-02-24 10:42 . 2010-02-11 18:38 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-02-24 10:42 . 2010-02-11 18:38 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-02-24 10:42 . 2010-02-11 18:38 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-19 18:47 . 2010-02-19 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-19 18:47 . 2010-02-19 20:39 -------- d-----w- c:\program files\PCPitstop
2010-02-11 08:16 . 2010-02-11 08:16 50354 ----a-w- c:\documents and settings\User\Application Data\Facebook\uninstall.exe
2010-02-11 08:16 . 2010-02-11 08:16 -------- d-----w- c:\documents and settings\User\Application Data\Facebook
2010-02-03 15:19 . 2010-02-03 15:19 -------- d-----w- c:\documents and settings\User\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2010-02-02 07:35 . 2010-02-22 10:14 -------- d-----w- c:\documents and settings\User\Application Data\Agnitum
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\documents and settings\User\Application Data\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
2010-02-01 12:09 . 2010-02-22 10:14 -------- d-----w- c:\program files\Agnitum
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-26 16:37 . 2006-08-29 09:54 -------- d-----w- c:\documents and settings\User\Application Data\OpenOffice.org2
2010-02-25 09:37 . 2009-10-30 22:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-24 10:41 . 2010-02-22 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-02-24 10:02 . 2006-07-27 13:46 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-24 10:02 . 2009-10-30 21:16 -------- d-----w- c:\program files\eSobi
2010-02-24 10:01 . 2009-07-19 16:38 -------- d-----w- c:\program files\DreamRender
2010-02-24 09:53 . 2009-09-24 11:04 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-02-22 10:17 . 2007-11-19 09:23 -------- d-----w- c:\program files\Alwil Software
2010-02-19 20:40 . 2007-09-08 11:28 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2010-02-19 19:45 . 2009-12-10 21:10 -------- d-----w- c:\program files\ALCATEL PC Suite
2010-02-19 17:51 . 2009-07-19 22:41 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2010-02-11 18:53 . 2010-02-24 10:41 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-02-11 18:53 . 2010-02-24 10:41 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-02-05 08:35 . 2007-06-05 15:51 -------- d-----w- c:\program files\Google
2010-01-30 17:28 . 2008-04-20 19:24 -------- d-----w- c:\documents and settings\User\Application Data\WeatherWatcher
2010-01-23 22:47 . 2010-01-23 22:47 -------- d-----w- c:\program files\MP3 Cutter
2010-01-23 22:42 . 2006-11-20 19:35 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 17:18 . 2010-01-23 17:18 2837016 ----a-w- c:\documents and settings\User\Application Data\Uniblue\DriverScanner\Download\pci_ven_8086_dev_27708_3_0_1011.exe
2010-01-23 17:16 . 2009-12-04 17:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-16 22:48 . 2007-09-03 17:43 -------- d-----w- c:\program files\MotoKup
2010-01-16 22:33 . 2009-01-22 21:27 -------- d-----w- c:\program files\Motorola USB Treiber
2010-01-16 17:11 . 2006-07-27 14:08 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-15 17:23 . 2010-01-15 17:23 -------- d-----w- c:\program files\AMR to MP3 Converter
2010-01-15 17:18 . 2010-01-15 17:18 -------- d-----w- c:\program files\LitexMedia
2010-01-09 19:26 . 2009-10-23 23:09 -------- d-----w- c:\program files\Folder Lock
2010-01-09 18:19 . 2009-10-22 15:24 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-01-09 18:19 . 2009-10-22 15:24 -------- d-----w- c:\program files\DVDVideoSoft
2010-01-08 11:14 . 2009-10-12 18:24 -------- d-----w- c:\documents and settings\User\Application Data\MagicEffect Photo
2009-12-31 16:14 . 2004-08-04 12:00 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-28 07:03 . 2007-11-14 22:21 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstCCD.exe
2009-12-28 07:03 . 2007-11-14 22:21 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCSFEMsi.exe
2009-12-28 07:03 . 2007-11-14 22:21 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A982E6CC-9F0D-4948-9B18-BDFD55DE4A72}\Installations\CommonCustomActions\UninstPCS.exe
2009-12-22 05:42 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-21 10:12 . 2009-12-21 10:12 38261728 ----a-w- c:\documents and settings\User\Application Data\Uniblue\DriverScanner\Download\usb_vid_03f0_pid_1d1710_1_1_3.exe
2009-12-16 12:58 . 2006-07-27 13:29 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 08:06 . 2009-12-14 08:06 152576 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-14 08:06 . 2009-12-14 08:06 79488 ----a-w- c:\documents and settings\User\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-14 07:35 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 18:55 . 2004-08-04 12:00 2180352 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:19 . 2004-08-03 22:59 2057728 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 14:41 . 2004-08-04 12:00 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2008-09-24 21:24 . 2008-09-24 21:25 774144 ----a-w- c:\program files\RngInterstitial.dll
2008-06-10 13:09 . 2008-08-05 08:32 80 --sha-w- c:\windows\system32\indata.dat
2007-10-16 10:16 . 2007-09-24 15:57 22073376 -csha-w- c:\windows\system32\drivers\fidbox.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WeatherWatcher"="c:\program files\Weather Watcher\ww.exe" [2008-01-22 1028096]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-12 39408]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-02-08 2343632]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2010-01-22 200280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"nusbantivirus"="c:\program files\Naevius USB Antivirus\usbantivirus.exe" [2009-08-19 1956864]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-11-30 198160]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-12-24 1280272]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-02-11 2756488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk
backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^OpenOffice.org 2.0.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\OpenOffice.org 2.0.lnk
backup=c:\windows\pss\OpenOffice.org 2.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Winamp Agent.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\Winamp Agent.lnk
backup=c:\windows\pss\Winamp Agent.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24 1694208 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
2007-06-19 08:17 1241088 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
2007-06-18 13:10 271360 ----a-w- c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 03:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2009-11-30 13:18 198160 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\InterVideo\\DVD6\\WinDVD.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [27.7.2006 14:47 25067]
R0 MPRIFL;MPRIFL;c:\windows\system32\drivers\mprifl.sys [31.1.2008 13:49 17264]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [24.2.2010 11:42 162512]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [24.2.2010 11:42 19024]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [7.11.2009 19:06 311568]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [23.10.2009 23:48 10752]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12.7.2009 20:21 133104]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [27.7.2006 15:09 25244]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [30.10.2006 20:52 33792]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [20.1.2009 12:47 18176]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [20.1.2009 12:47 7680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [20.1.2009 12:47 42112]
S3 USBModem000;LGE Mobile USB Modem TC;c:\windows\system32\drivers\usbser.sys [3.8.2006 20:30 25600]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 11:54 97136]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
2010-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-15 10:49]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cab6339bd2af86.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 19:21]
2010-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-12 19:21]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: &Search
IE: Add to AMV Converter... - c:\program files\MP3 Player Utilities 4.15\AMVConverter\grab.html
IE: MediaManager tool grab multimedia file - c:\program files\MP3 Player Utilities 4.15\MediaManager\grab.html
TCP: {9B5225C2-7F5E-441B-ACAD-FEC7B3765330} = 192.168.0.254,212.200.36.11
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\v8nkt1cn.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}\components\FFExternalAlert.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\User\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npracplug.dll
FF - plugin: c:\program files\OpenOffice.org 2.0\program\npsoplugin.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2010-02-26 23:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(720)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscdll.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\1.2.183.17\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
.
**************************************************************************
.
Completion time: 2010-02-26 23:53:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-26 22:53
ComboFix2.txt 2010-02-24 09:23
ComboFix3.txt 2007-10-13 18:37
Pre-Run: 7.723.634.688 bytes free
Post-Run: 7.720.644.608 bytes free
- - End Of File - - 7ABE3F7EB268E0A5F0AF72574561BD94
|
|
|
|