Poslao: 17 Maj 2009 15:22
|
offline
- AleX
- Građanin
- Pridružio: 20 Jul 2008
- Poruke: 197
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:17:08, on 17.5.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pmonsvc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\pmhk.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\FixCamera.exe
C:\WINDOWS\tsnpstd3.exe
C:\WINDOWS\vsnpstd3.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\COMODO\Firewall\cfp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\PROGRA~1\MYSECR~1\MSFMON.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\log\logger engine.exe
D:\Program Files\bobby\cnn\cnn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Winamp\Winamp.exe
C:\Documents and Settings\Alex and Johny\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - d:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - d:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [MSF_Monitor] C:\PROGRA~1\MYSECR~1\MSFMON.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SpeedConnectStartUp] C:\Program Files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe -run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: logger engine.lnk = D:\Program Files\log\logger engine.exe
O4 - Startup: Shortcut to cnn.lnk = D:\Program Files\bobby\cnn\cnn.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Download by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
O8 - Extra context menu item: Do&wnload selected by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://d:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Profile Monitor (PMonSvc) - Salience Corporation - C:\WINDOWS\system32\pmonsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
--
End of file - 12816 bytes
|
|
|
|
|
Poslao: 17 Maj 2009 19:44
|
offline
- AleX
- Građanin
- Pridružio: 20 Jul 2008
- Poruke: 197
|
ComboFix 09-05-16.05 - Alex and Johny 17.05.2009 18:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1317 [GMT 2:00]
Running from: c:\documents and settings\Alex and Johny\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Cache\files.ini
c:\program files\FunWebProducts\ScreenSaver\Images\008C92A2.urr
c:\program files\FunWebProducts\ScreenSaver\Images\00DFA319.urr
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\FunWebProducts\Shared\0065F36D.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn-new.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0000F992
c:\program files\MyWebSearch\bar\Cache\00011F5A.bin
c:\program files\MyWebSearch\bar\Cache\00012778.bin
c:\program files\MyWebSearch\bar\Cache\00012CA8.bin
c:\program files\MyWebSearch\bar\Cache\00012E8D.bin
c:\program files\MyWebSearch\bar\Cache\00014B9A
c:\program files\MyWebSearch\bar\Cache\00017AD8
c:\program files\MyWebSearch\bar\Cache\0001B85E
c:\program files\MyWebSearch\bar\Cache\0001EC01
c:\program files\MyWebSearch\bar\Cache\0001FE31
c:\program files\MyWebSearch\bar\Cache\000203CE.bin
c:\program files\MyWebSearch\bar\Cache\00020601.bin
c:\program files\MyWebSearch\bar\Cache\00020814.bin
c:\program files\MyWebSearch\bar\Cache\00020C5A
c:\program files\MyWebSearch\bar\Cache\00020D25.bin
c:\program files\MyWebSearch\bar\Cache\0002B711
c:\program files\MyWebSearch\bar\Cache\0003D09F
c:\program files\MyWebSearch\bar\Cache\000C3A01
c:\program files\MyWebSearch\bar\Cache\00111C8D
c:\program files\MyWebSearch\bar\Cache\001DF995
c:\program files\MyWebSearch\bar\Cache\001E50FC
c:\program files\MyWebSearch\bar\Cache\002CD878
c:\program files\MyWebSearch\bar\Cache\0047E3FD
c:\program files\MyWebSearch\bar\Cache\004B2E75
c:\program files\MyWebSearch\bar\Cache\007A9E03
c:\program files\MyWebSearch\bar\Cache\008D62F2
c:\program files\MyWebSearch\bar\Cache\00B52C6E
c:\program files\MyWebSearch\bar\Cache\00D3B9F7
c:\program files\MyWebSearch\bar\Cache\00DAC167
c:\program files\MyWebSearch\bar\Cache\01035DA4
c:\program files\MyWebSearch\bar\Cache\0120765F.bin
c:\program files\MyWebSearch\bar\Cache\012078A2
c:\program files\MyWebSearch\bar\Cache\0125637B
c:\program files\MyWebSearch\bar\Cache\0126B2FE
c:\program files\MyWebSearch\bar\Cache\01B85F3A
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\windows\IE4 Error Log.txt
c:\windows\system32\AutoRun.inf
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\mndosnet.dll
c:\windows\system32\zip32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-17 13:01 . 2009-05-17 13:07 -------- d-----w c:\program files\RegCure
2009-05-17 10:01 . 2009-05-17 10:01 -------- d-----w c:\program files\SoftPerfect Network Protocol Analyzer
2009-05-16 10:35 . 2009-05-16 10:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-16 10:26 . 2009-05-16 10:27 -------- d-----w c:\program files\Common Files\Adobe
2009-05-16 10:18 . 2009-05-16 10:36 -------- d-----w c:\program files\NOS
2009-05-16 10:18 . 2009-05-16 10:36 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-16 10:01 . 2009-05-16 10:01 -------- d-----w c:\documents and settings\Dzony\Application Data\AdobeUM
2009-05-15 20:28 . 2009-05-15 20:28 -------- d-----w c:\program files\UselessCreations
2009-05-15 19:36 . 1998-09-03 22:56 6851 ----a-r C:\ea.reg
2009-05-15 19:36 . 1998-08-14 12:33 61 ----a-w C:\eauninst.dat
2009-05-15 19:35 . 1998-08-03 08:42 93382 ----a-w C:\VOODOO2A.DLL
2009-05-15 19:35 . 1998-08-13 19:42 93858 ----a-w C:\VOODOOA.DLL
2009-05-15 19:35 . 1998-08-04 14:03 42496 ----a-w C:\EACSND.DLL
2009-05-15 19:35 . 1998-08-26 13:19 304482 ----a-w C:\SOFTTRIA.DLL
2009-05-15 19:35 . 1998-08-13 19:41 98641 ----a-w C:\D3DA.DLL
2009-05-15 19:35 . 1998-09-05 01:50 1312 ----a-w C:\TRNCAR.EXE
2009-05-15 19:35 . 1998-08-29 00:36 1589248 ----a-w C:\nfs3.exe
2009-05-15 19:35 . 2009-05-15 19:36 -------- d-----w C:\3dSetup
2009-05-15 19:35 . 2009-05-15 19:35 -------- d-----w C:\FeData
2009-05-15 19:35 . 2009-05-15 19:35 -------- d-----w C:\GameData
2009-05-15 15:42 . 2009-05-15 15:42 716272 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\documents and settings\Dzony\Application Data\DAEMON Tools
2009-05-15 15:25 . 2009-05-17 13:07 -------- d-----w c:\program files\Counter-Strike Source
2009-05-15 00:56 . 2009-05-15 00:56 -------- d-----w c:\program files\MSXML 4.0
2009-05-14 19:05 . 2009-05-16 10:27 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Adobe
2009-05-14 17:49 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-14 17:49 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-14 17:49 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-14 17:48 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-14 17:34 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-14 17:18 . 2009-05-15 00:59 -------- d--h--w c:\windows\$hf_mig$
2009-05-14 11:54 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-14 11:54 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-14 09:59 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-14 09:59 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-13 18:06 . 2009-05-13 18:06 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Mozilla
2009-05-10 11:46 . 2009-05-10 11:46 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-10 11:45 . 2009-05-10 11:45 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-10 11:44 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-10 11:44 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-10 11:44 . 2009-02-09 05:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-10 11:44 . 2009-02-09 05:37 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-05-10 11:44 . 2009-02-09 05:37 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-10 11:44 . 2009-02-09 05:32 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-09 18:10 . 2009-05-16 12:29 -------- d-----w c:\program files\Liberty BASIC v4.03
2009-05-09 18:05 . 2009-05-09 18:11 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\LBWorkshop
2009-05-09 18:04 . 2009-05-09 18:05 -------- d-----w c:\program files\LB Workshop
2009-05-09 08:03 . 2009-05-16 12:38 -------- d-----w c:\program files\Bonjour
2009-05-08 22:53 . 2009-05-08 22:53 -------- d-----w c:\documents and settings\Alex and Johny\Application Data\X-Setup Pro
2009-05-08 22:53 . 2009-05-08 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\X-Setup Pro
2009-05-07 13:40 . 2009-05-07 13:40 -------- d-sh--w C:\found.000
2009-05-05 11:03 . 2009-05-05 11:03 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Help
2009-05-05 10:52 . 2009-05-15 00:55 -------- d-----w c:\documents and settings\Dzony\Application Data\Skype
2009-05-03 15:06 . 2009-05-03 15:06 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\Yahoo
2009-05-02 17:53 . 2009-05-13 11:13 -------- d-----w c:\program files\API-Guide
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\pssuspend.exe
2009-05-02 16:41 . 2006-12-04 14:53 207664 ----a-w c:\windows\system32\psshutdown.exe
2009-05-02 16:41 . 2008-01-09 13:36 107560 ----a-w c:\windows\system32\psservice.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\pspasswd.exe
2009-05-02 16:41 . 2006-12-04 14:53 113456 ----a-w c:\windows\system32\psloglist.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\psloggedon.exe
2009-05-02 16:41 . 2006-12-04 14:53 125744 ----a-w c:\windows\system32\pslist.exe
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\pskill.exe
2009-05-02 16:41 . 2007-07-09 08:23 243072 ----a-w c:\windows\system32\Psinfo.exe
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\psgetsid.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\psfile.exe
2009-05-02 16:41 . 2008-01-03 08:40 234536 ----a-w c:\windows\system32\psexec.exe
2009-05-02 16:27 . 2009-05-02 16:27 -------- d-----w c:\program files\ps
2009-05-02 14:40 . 2009-05-02 14:41 -------- d-----w c:\documents and settings\Alex\Application Data\Orbit
2009-05-02 14:40 . 2009-05-02 14:40 -------- d-----w c:\documents and settings\Alex\Application Data\Comodo
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\Opera
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w c:\program files\Opera
2009-05-02 14:24 . 2009-05-09 08:04 -------- d-----w c:\program files\Safari
2009-05-02 08:59 . 2009-05-02 08:59 -------- d-----w c:\program files\POKER
2009-05-02 08:48 . 2009-05-02 08:48 -------- d-----w C:\command
2009-05-02 08:37 . 2009-05-02 08:37 -------- d-----w C:\Casino
2009-05-01 21:09 . 2009-05-01 21:12 -------- d-----w c:\program files\KLS Soft
2009-05-01 20:53 . 2009-05-01 20:53 -------- d-----w c:\documents and settings\Alex and Johny\Application Data\GetRightToGo
2009-05-01 20:21 . 2009-05-01 20:21 -------- d-----w c:\program files\Microsys Com
2009-05-01 07:34 . 1999-10-04 23:18 57344 ----a-w c:\windows\system32\GKSUI16.EXE
2009-05-01 07:34 . 2009-05-01 07:34 -------- d-----w c:\program files\FREEGAME
2009-05-01 07:30 . 2009-05-01 07:30 -------- d-----w c:\program files\Common Files\Java
2009-04-30 20:09 . 2009-04-30 20:09 -------- d-----w c:\program files\NJ Soft
2009-04-30 19:10 . 2009-04-30 22:13 -------- d-----w C:\Microgaming
2009-04-30 18:29 . 2009-05-02 13:06 -------- d-----w c:\program files\hilopoker
2009-04-30 18:29 . 2009-05-09 18:04 249856 ------w c:\windows\Setup1.exe
2009-04-30 18:29 . 2009-05-09 18:04 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-30 18:27 . 2009-05-02 14:49 -------- d-----w c:\program files\TruePoker
2009-04-26 16:21 . 2009-04-26 16:21 -------- d-----w c:\documents and settings\Alex\Application Data\HPAppData
2009-04-26 15:30 . 2009-04-26 15:30 64568 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-26 15:18 . 2009-04-26 15:18 64568 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 15:14 . 2009-05-02 14:41 -------- d-----w c:\documents and settings\Alex\Local Settings\Application Data\Microsoft
2009-04-26 15:14 . 2009-05-02 14:40 -------- d-----w c:\documents and settings\Alex
2009-04-26 15:13 . 2009-04-26 15:13 -------- d-----w c:\windows\ServiceProfiles
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-sh--w c:\windows\ftpcache
2009-04-25 10:04 . 2009-05-11 16:05 -------- d-----w c:\program files\Liberty BASIC v4.04 beta 3
2009-04-24 14:57 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-04-24 14:57 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-04-24 14:57 . 2009-05-17 15:19 -------- d-----w c:\program files\Cheat Engine
2009-04-22 22:16 . 2009-04-22 22:16 -------- d-----w c:\program files\TotalImageConverter
2009-04-22 20:34 . 2009-04-22 21:28 -------- d-----w c:\program files\MySecretFolder XP
2009-04-22 18:42 . 2009-04-22 18:42 -------- d-----w c:\program files\2BrightSparks
2009-04-22 18:42 . 2009-04-22 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\2BrightSparks
2009-04-22 11:33 . 2009-04-22 11:33 -------- d-s---w c:\documents and settings\Alex and Johny\UserData
2009-04-19 19:53 . 2007-07-31 12:27 13312 ----a-w c:\windows\system32\drivers\BTCamAudioDrv.sys
2009-04-19 18:53 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-04-19 16:41 . 2009-04-19 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\XSign
2009-04-19 16:41 . 2009-04-19 16:49 -------- d-----w c:\program files\XSign
2009-04-19 07:56 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-04-19 07:53 . 2009-05-10 11:45 -------- d-----w c:\program files\Common Files\Nokia
2009-04-19 07:52 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-19 07:52 . 2009-05-16 12:25 -------- d-----w c:\program files\Nokia
2009-04-18 20:19 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys
2009-04-18 20:19 . 2009-04-18 20:19 -------- d-----w c:\program files\NSS
2009-04-18 19:06 . 2008-03-14 08:47 442368 ----a-w c:\windows\system32\nvunrm.exe
2009-04-18 18:46 . 2009-04-18 18:46 -------- d-----w C:\hibrid
2009-04-18 10:45 . 2008-04-13 22:16 15232 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-04-18 10:45 . 2008-04-13 22:16 15232 ----a-w c:\windows\system32\drivers\MPE.sys
2009-04-18 10:45 . 2007-06-22 17:44 9760 ----a-r c:\windows\system32\34CoInstaller.dll
2009-04-18 10:45 . 2007-06-22 17:45 104992 ----a-r c:\windows\system32\NXPMV32.dll
2009-04-18 10:45 . 2008-04-14 03:42 363520 -c--a-w c:\windows\system32\dllcache\psisdecd.dll
2009-04-18 10:45 . 2008-04-14 03:42 363520 ----a-w c:\windows\system32\PsisDecd.dll
2009-04-18 10:45 . 2008-04-13 22:16 11776 -c--a-w c:\windows\system32\dllcache\bdasup.sys
2009-04-18 10:45 . 2008-04-13 22:16 11776 ----a-w c:\windows\system32\drivers\BdaSup.sys
2009-04-18 10:43 . 2008-06-10 11:04 31048 ----a-w c:\windows\system32\drivers\point32.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 16:06 . 2009-03-22 09:28 -------- d-----w c:\program files\Common Files\Akamai
2009-05-17 16:05 . 2009-03-15 12:36 -------- d-----w c:\program files\DNA
2009-05-16 10:52 . 2009-03-14 19:55 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-05-14 14:35 . 2009-03-16 21:22 -------- d-----w c:\program files\Counter-Strike 1.6
2009-05-03 15:05 . 2009-03-14 21:12 -------- d-----w c:\program files\Yahoo!
2009-05-01 07:33 . 2009-03-14 21:12 -------- d-----w c:\program files\Java
2009-04-19 09:48 . 2009-04-19 09:48 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-18 10:47 . 2009-03-14 19:20 64568 ----a-w c:\documents and settings\Alex and Johny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 20:46 . 2009-04-17 20:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-17 20:45 . 2009-04-17 20:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-17 13:58 . 2009-04-15 05:32 -------- d-----w c:\program files\Galaxy Online
2009-04-07 22:43 . 2009-03-15 11:31 10 ----a-w c:\windows\popcinfo.dat
2009-04-03 14:21 . 2009-04-03 14:21 -------- d-----w c:\program files\YouTube Downloader
2009-03-25 15:18 . 2009-03-25 15:18 -------- d-----w c:\program files\TeamViewer
2009-03-22 11:26 . 2009-03-22 11:25 -------- d-----w c:\program files\QuickTime
2009-03-22 11:25 . 2009-03-22 11:25 -------- d-----w c:\program files\Apple Software Update
2009-03-22 10:32 . 2009-03-22 10:15 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-03-22 10:16 . 2009-03-22 10:16 -------- d-----w c:\program files\DIFX
2009-03-22 10:15 . 2009-03-14 19:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 10:05 . 2009-03-22 10:05 -------- d-----w c:\program files\LizardTech
2009-03-22 10:03 . 2009-03-22 10:03 -------- d-----w c:\program files\Samsung
2009-03-14 22:35 . 2009-03-14 22:26 141048 ----a-w c:\windows\hpoins14.dat
2009-03-14 22:35 . 2009-03-14 22:35 87312 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-03-14 22:35 . 2009-03-14 22:35 23824 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-03-14 22:35 . 2009-03-14 22:35 139008 ----a-w c:\windows\system32\guard32.dll
2009-03-14 21:12 . 2009-03-14 21:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-14 21:11 . 2009-03-14 21:11 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-14 19:52 . 2009-03-14 19:52 1856 ----a-w c:\windows\system32\whp.bin
2009-03-14 19:49 . 2009-03-14 19:49 0 ----a-w c:\windows\nsreg.dat
2009-03-14 19:36 . 2009-03-14 19:36 315392 ----a-w c:\windows\HideWin.exe
2009-03-14 19:12 . 2009-03-14 19:12 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2008-04-14 03:42 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 10:38 . 2009-03-03 10:38 128840 ----a-w c:\windows\system32\Metacafe.scr
2009-02-20 08:10 . 2008-04-14 03:42 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 03:41 81920 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-15 321344]
"SpeedConnectStartUp"="c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe" [2008-08-18 565760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"FixCamera"="c:\windows\FixCamera.exe" [2005-12-06 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-14 1572608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-24 99920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Alex and Johny\Start Menu\Programs\Startup\
logger engine.lnk - d:\program files\log\logger engine.exe [2009-5-9 1254912]
Shortcut to cnn.lnk - d:\program files\bobby\cnn\cnn.exe [2009-5-10 1254912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"AllowMultipleTSSessions"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1292428093-606747145-682003330-1005]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\VP-EYE\\avi\\avi.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Alex and Johny\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1962:TCP"= 1962:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3118:TCP"= 3118:TCP:Akamai NetSession Interface
"3175:TCP"= 3175:TCP:Akamai NetSession Interface
"3360:TCP"= 3360:TCP:Akamai NetSession Interface
"3752:TCP"= 3752:TCP:Akamai NetSession Interface
"3908:TCP"= 3908:TCP:Akamai NetSession Interface
"4180:TCP"= 4180:TCP:Akamai NetSession Interface
"4258:TCP"= 4258:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"3434:TCP"= 3434:TCP:Akamai NetSession Interface
"1340:TCP"= 1340:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"1753:TCP"= 1753:TCP:Akamai NetSession Interface
"1830:TCP"= 1830:TCP:Akamai NetSession Interface
"1385:TCP"= 1385:TCP:Akamai NetSession Interface
"3854:TCP"= 3854:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1104:TCP"= 1104:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"4812:TCP"= 4812:TCP:Akamai NetSession Interface
"2349:TCP"= 2349:TCP:Akamai NetSession Interface
"2386:TCP"= 2386:TCP:Akamai NetSession Interface
"3775:TCP"= 3775:TCP:Akamai NetSession Interface
"3874:TCP"= 3874:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"3037:TCP"= 3037:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"2357:TCP"= 2357:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2477:TCP"= 2477:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"2071:TCP"= 2071:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2504:TCP"= 2504:TCP:Akamai NetSession Interface
"4703:TCP"= 4703:TCP:Akamai NetSession Interface
"3858:TCP"= 3858:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1575:TCP"= 1575:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"3090:TCP"= 3090:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"2295:TCP"= 2295:TCP:Akamai NetSession Interface
"2867:TCP"= 2867:TCP:Akamai NetSession Interface
"2620:TCP"= 2620:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"4617:TCP"= 4617:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.3.2009 22:20 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15.3.2009 0:35 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15.3.2009 0:35 23824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 5:42 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.3.2009 22:20 20560]
R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [22.4.2009 23:28 39424]
R2 PMonSvc;Profile Monitor;c:\windows\system32\pmonsvc.exe [23.3.2008 15:43 38152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.1.2009 18:53 226656]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [6.7.2007 12:00 906368]
S3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [19.4.2009 21:53 13312]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15.3.2009 12:04 337800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 07:20]
2009-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 07:20]
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUfox000
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex and Johny\Application Data\Mozilla\Firefox\Profiles\e6inuhs0.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: browser.startup.homepage - google.rs
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=UZpfN5RMfLmJerChQGq1hA&st=kwd&o=kwd&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&searchfor=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Alex and Johny\Application Data\Mozilla\Firefox\Profiles\e6inuhs0.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-17 18:05
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\pmhk.exe
c:\windows\system32\rundll32.exe
c:\windows\ATKKBService.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\program files\CBS Software\SpeedConnect Internet Accelerator\ShowNetworkActivity.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-05-17 18:09 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 16:09
Pre-Run: 29.473.218.560 bytes free
Post-Run: 33.075.376.128 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
540 --- E O F --- 2009-05-15 00:59
|
|
|
|
Poslao: 17 Maj 2009 21:29
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Da li su ti poznati ovi programi:
d:\program files\log\logger engine.exe
d:\program files\bobby\cnn\cnn.exe
|
|
|
|
Poslao: 17 Maj 2009 22:33
|
offline
- AleX
- Građanin
- Pridružio: 20 Jul 2008
- Poruke: 197
|
Jesu, sâm sam ih napravio, bezopasni su, a olakšavaju mi dosta toga.
Nešto osim toga?
|
|
|
|
|
Poslao: 18 Maj 2009 00:25
|
offline
- AleX
- Građanin
- Pridružio: 20 Jul 2008
- Poruke: 197
|
ComboFix 09-05-16.05 - Alex and Johny 18.05.2009 0:19.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1402 [GMT 2:00]
Running from: c:\documents and settings\Alex and Johny\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Alex and Johny\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090516-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FILE ::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
d:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
d:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-17 13:01 . 2009-05-17 13:07 -------- d-----w c:\program files\RegCure
2009-05-17 10:01 . 2009-05-17 10:01 -------- d-----w c:\program files\SoftPerfect Network Protocol Analyzer
2009-05-16 10:35 . 2009-05-16 10:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-05-16 10:26 . 2009-05-16 10:27 -------- d-----w c:\program files\Common Files\Adobe
2009-05-16 10:18 . 2009-05-16 10:36 -------- d-----w c:\program files\NOS
2009-05-16 10:18 . 2009-05-16 10:36 -------- d-----w c:\documents and settings\All Users\Application Data\NOS
2009-05-16 10:01 . 2009-05-16 10:01 -------- d-----w c:\documents and settings\Dzony\Application Data\AdobeUM
2009-05-15 20:28 . 2009-05-15 20:28 -------- d-----w c:\program files\UselessCreations
2009-05-15 19:36 . 1998-09-03 22:56 6851 ----a-r C:\ea.reg
2009-05-15 19:36 . 1998-08-14 12:33 61 ----a-w C:\eauninst.dat
2009-05-15 19:35 . 1998-08-03 08:42 93382 ----a-w C:\VOODOO2A.DLL
2009-05-15 19:35 . 1998-08-13 19:42 93858 ----a-w C:\VOODOOA.DLL
2009-05-15 19:35 . 1998-08-04 14:03 42496 ----a-w C:\EACSND.DLL
2009-05-15 19:35 . 1998-08-26 13:19 304482 ----a-w C:\SOFTTRIA.DLL
2009-05-15 19:35 . 1998-08-13 19:41 98641 ----a-w C:\D3DA.DLL
2009-05-15 19:35 . 1998-09-05 01:50 1312 ----a-w C:\TRNCAR.EXE
2009-05-15 19:35 . 1998-08-29 00:36 1589248 ----a-w C:\nfs3.exe
2009-05-15 19:35 . 2009-05-15 19:36 -------- d-----w C:\3dSetup
2009-05-15 19:35 . 2009-05-15 19:35 -------- d-----w C:\FeData
2009-05-15 19:35 . 2009-05-15 19:35 -------- d-----w C:\GameData
2009-05-15 15:42 . 2009-05-15 15:42 716272 ----a-w c:\windows\system32\drivers\sptd.sys
2009-05-15 15:42 . 2009-05-15 15:42 -------- d-----w c:\documents and settings\Dzony\Application Data\DAEMON Tools
2009-05-15 15:25 . 2009-05-17 13:07 -------- d-----w c:\program files\Counter-Strike Source
2009-05-15 00:56 . 2009-05-15 00:56 -------- d-----w c:\program files\MSXML 4.0
2009-05-14 19:05 . 2009-05-16 10:27 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Adobe
2009-05-14 17:49 . 2009-02-06 11:06 2145280 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-14 17:49 . 2009-02-06 11:08 2189056 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-14 17:49 . 2009-02-06 10:32 2023936 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-14 17:48 . 2008-10-24 11:21 455296 -c----w c:\windows\system32\dllcache\mrxsmb.sys
2009-05-14 17:34 . 2008-05-03 11:55 2560 ------w c:\windows\system32\xpsp4res.dll
2009-05-14 17:18 . 2009-05-15 00:59 -------- d--h--w c:\windows\$hf_mig$
2009-05-14 11:54 . 2008-06-13 11:05 272128 -c----w c:\windows\system32\dllcache\bthport.sys
2009-05-14 11:54 . 2008-06-13 11:05 272128 ------w c:\windows\system32\drivers\bthport.sys
2009-05-14 09:59 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-14 09:59 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-13 18:06 . 2009-05-13 18:06 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Mozilla
2009-05-10 11:46 . 2009-05-10 11:46 -------- d-----w c:\program files\Common Files\PCSuite
2009-05-10 11:45 . 2009-05-10 11:45 -------- d-----w c:\program files\PC Connectivity Solution
2009-05-10 11:44 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-05-10 11:44 . 2009-02-09 05:37 7808 ----a-w c:\windows\system32\drivers\usbser_lowerflt.sys
2009-05-10 11:44 . 2009-02-09 05:37 22016 ----a-w c:\windows\system32\drivers\ccdcmbo.sys
2009-05-10 11:44 . 2009-02-09 05:37 17664 ----a-w c:\windows\system32\drivers\ccdcmb.sys
2009-05-10 11:44 . 2009-02-09 05:37 659968 ----a-w c:\windows\system32\nmwcdcocls.dll
2009-05-10 11:44 . 2009-02-09 05:32 1112288 ----a-w c:\windows\system32\wdfcoinstaller01007.dll
2009-05-09 18:10 . 2009-05-16 12:29 -------- d-----w c:\program files\Liberty BASIC v4.03
2009-05-09 18:05 . 2009-05-09 18:11 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\LBWorkshop
2009-05-09 18:04 . 2009-05-09 18:05 -------- d-----w c:\program files\LB Workshop
2009-05-09 08:03 . 2009-05-16 12:38 -------- d-----w c:\program files\Bonjour
2009-05-08 22:53 . 2009-05-08 22:53 -------- d-----w c:\documents and settings\Alex and Johny\Application Data\X-Setup Pro
2009-05-08 22:53 . 2009-05-08 22:53 -------- d-----w c:\documents and settings\All Users\Application Data\X-Setup Pro
2009-05-07 13:40 . 2009-05-07 13:40 -------- d-sh--w C:\found.000
2009-05-05 11:03 . 2009-05-05 11:03 -------- d-----w c:\documents and settings\Dzony\Local Settings\Application Data\Help
2009-05-05 10:52 . 2009-05-15 00:55 -------- d-----w c:\documents and settings\Dzony\Application Data\Skype
2009-05-03 15:06 . 2009-05-03 15:06 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\Yahoo
2009-05-02 17:53 . 2009-05-13 11:13 -------- d-----w c:\program files\API-Guide
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\pssuspend.exe
2009-05-02 16:41 . 2006-12-04 14:53 207664 ----a-w c:\windows\system32\psshutdown.exe
2009-05-02 16:41 . 2008-01-09 13:36 107560 ----a-w c:\windows\system32\psservice.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\pspasswd.exe
2009-05-02 16:41 . 2006-12-04 14:53 113456 ----a-w c:\windows\system32\psloglist.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\psloggedon.exe
2009-05-02 16:41 . 2006-12-04 14:53 125744 ----a-w c:\windows\system32\pslist.exe
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\pskill.exe
2009-05-02 16:41 . 2007-07-09 08:23 243072 ----a-w c:\windows\system32\Psinfo.exe
2009-05-02 16:41 . 2006-12-04 14:53 187184 ----a-w c:\windows\system32\psgetsid.exe
2009-05-02 16:41 . 2006-12-04 14:53 105264 ----a-w c:\windows\system32\psfile.exe
2009-05-02 16:41 . 2008-01-03 08:40 234536 ----a-w c:\windows\system32\psexec.exe
2009-05-02 16:27 . 2009-05-02 16:27 -------- d-----w c:\program files\ps
2009-05-02 14:40 . 2009-05-02 14:41 -------- d-----w c:\documents and settings\Alex\Application Data\Orbit
2009-05-02 14:40 . 2009-05-02 14:40 -------- d-----w c:\documents and settings\Alex\Application Data\Comodo
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w c:\documents and settings\Alex and Johny\Local Settings\Application Data\Opera
2009-05-02 14:30 . 2009-05-02 14:30 -------- d-----w c:\program files\Opera
2009-05-02 14:24 . 2009-05-09 08:04 -------- d-----w c:\program files\Safari
2009-05-02 08:59 . 2009-05-02 08:59 -------- d-----w c:\program files\POKER
2009-05-02 08:48 . 2009-05-02 08:48 -------- d-----w C:\command
2009-05-02 08:37 . 2009-05-02 08:37 -------- d-----w C:\Casino
2009-05-01 21:09 . 2009-05-01 21:12 -------- d-----w c:\program files\KLS Soft
2009-05-01 20:53 . 2009-05-01 20:53 -------- d-----w c:\documents and settings\Alex and Johny\Application Data\GetRightToGo
2009-05-01 20:21 . 2009-05-01 20:21 -------- d-----w c:\program files\Microsys Com
2009-05-01 07:34 . 1999-10-04 23:18 57344 ----a-w c:\windows\system32\GKSUI16.EXE
2009-05-01 07:34 . 2009-05-01 07:34 -------- d-----w c:\program files\FREEGAME
2009-05-01 07:30 . 2009-05-01 07:30 -------- d-----w c:\program files\Common Files\Java
2009-04-30 20:09 . 2009-04-30 20:09 -------- d-----w c:\program files\NJ Soft
2009-04-30 19:10 . 2009-04-30 22:13 -------- d-----w C:\Microgaming
2009-04-30 18:29 . 2009-05-02 13:06 -------- d-----w c:\program files\hilopoker
2009-04-30 18:29 . 2009-05-09 18:04 249856 ------w c:\windows\Setup1.exe
2009-04-30 18:29 . 2009-05-09 18:04 73216 ----a-w c:\windows\ST6UNST.EXE
2009-04-30 18:27 . 2009-05-02 14:49 -------- d-----w c:\program files\TruePoker
2009-04-26 16:21 . 2009-04-26 16:21 -------- d-----w c:\documents and settings\Alex\Application Data\HPAppData
2009-04-26 15:30 . 2009-04-26 15:30 64568 ----a-w c:\windows\system32\GDIPFONTCACHEV1.DAT
2009-04-26 15:18 . 2009-04-26 15:18 64568 ----a-w c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 15:14 . 2009-05-02 14:41 -------- d-----w c:\documents and settings\Alex\Local Settings\Application Data\Microsoft
2009-04-26 15:14 . 2009-05-02 14:40 -------- d-----w c:\documents and settings\Alex
2009-04-26 15:13 . 2009-04-26 15:13 -------- d-----w c:\windows\ServiceProfiles
2009-04-26 15:03 . 2009-04-26 15:03 -------- d-sh--w c:\windows\ftpcache
2009-04-25 10:04 . 2009-05-11 16:05 -------- d-----w c:\program files\Liberty BASIC v4.04 beta 3
2009-04-24 14:57 . 2007-12-26 15:30 1970176 ----a-w c:\windows\system32\d3dx9.dll
2009-04-24 14:57 . 2007-12-26 15:30 679936 ----a-w c:\windows\system32\D3DX81ab.dll
2009-04-24 14:57 . 2009-05-17 15:19 -------- d-----w c:\program files\Cheat Engine
2009-04-22 22:16 . 2009-04-22 22:16 -------- d-----w c:\program files\TotalImageConverter
2009-04-22 20:34 . 2009-04-22 21:28 -------- d-----w c:\program files\MySecretFolder XP
2009-04-22 18:42 . 2009-04-22 18:42 -------- d-----w c:\program files\2BrightSparks
2009-04-22 18:42 . 2009-04-22 18:42 -------- d-----w c:\documents and settings\All Users\Application Data\2BrightSparks
2009-04-22 11:33 . 2009-04-22 11:33 -------- d-s---w c:\documents and settings\Alex and Johny\UserData
2009-04-19 19:53 . 2007-07-31 12:27 13312 ----a-w c:\windows\system32\drivers\BTCamAudioDrv.sys
2009-04-19 18:53 . 2009-04-19 18:53 -------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-04-19 16:41 . 2009-04-19 16:41 -------- d-----w c:\documents and settings\All Users\Application Data\XSign
2009-04-19 16:41 . 2009-04-19 16:49 -------- d-----w c:\program files\XSign
2009-04-19 07:56 . 2008-03-21 11:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-04-19 07:53 . 2009-05-10 11:45 -------- d-----w c:\program files\Common Files\Nokia
2009-04-19 07:52 . 2008-08-26 08:26 18816 ----a-w c:\windows\system32\drivers\pccsmcfd.sys
2009-04-19 07:52 . 2009-05-16 12:25 -------- d-----w c:\program files\Nokia
2009-04-18 20:19 . 2006-08-29 14:56 32377 ----a-w c:\windows\system32\drivers\prodigy.sys
2009-04-18 20:19 . 2009-04-18 20:19 -------- d-----w c:\program files\NSS
2009-04-18 19:06 . 2008-03-14 08:47 442368 ----a-w c:\windows\system32\nvunrm.exe
2009-04-18 18:46 . 2009-04-18 18:46 -------- d-----w C:\hibrid
2009-04-18 10:45 . 2008-04-13 22:16 15232 -c--a-w c:\windows\system32\dllcache\mpe.sys
2009-04-18 10:45 . 2008-04-13 22:16 15232 ----a-w c:\windows\system32\drivers\MPE.sys
2009-04-18 10:45 . 2007-06-22 17:44 9760 ----a-r c:\windows\system32\34CoInstaller.dll
2009-04-18 10:45 . 2007-06-22 17:45 104992 ----a-r c:\windows\system32\NXPMV32.dll
2009-04-18 10:45 . 2008-04-14 03:42 363520 -c--a-w c:\windows\system32\dllcache\psisdecd.dll
2009-04-18 10:45 . 2008-04-14 03:42 363520 ----a-w c:\windows\system32\PsisDecd.dll
2009-04-18 10:45 . 2008-04-13 22:16 11776 -c--a-w c:\windows\system32\dllcache\bdasup.sys
2009-04-18 10:45 . 2008-04-13 22:16 11776 ----a-w c:\windows\system32\drivers\BdaSup.sys
2009-04-18 10:43 . 2008-06-10 11:04 31048 ----a-w c:\windows\system32\drivers\point32.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-17 21:35 . 2009-03-22 09:28 -------- d-----w c:\program files\Common Files\Akamai
2009-05-17 19:35 . 2009-03-15 12:36 -------- d-----w c:\program files\DNA
2009-05-16 10:52 . 2009-03-14 19:55 196608 ----a-w c:\windows\system32\drivers\nStandard.bin
2009-05-14 14:35 . 2009-03-16 21:22 -------- d-----w c:\program files\Counter-Strike 1.6
2009-05-03 15:05 . 2009-03-14 21:12 -------- d-----w c:\program files\Yahoo!
2009-05-01 07:33 . 2009-03-14 21:12 -------- d-----w c:\program files\Java
2009-04-19 09:48 . 2009-04-19 09:48 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-04-18 10:47 . 2009-03-14 19:20 64568 ----a-w c:\documents and settings\Alex and Johny\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 20:46 . 2009-04-17 20:46 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2009-04-17 20:45 . 2009-04-17 20:45 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-04-17 20:28 . 2009-04-17 20:28 -------- d-----w c:\program files\Eltima Software
2009-04-17 13:58 . 2009-04-15 05:32 -------- d-----w c:\program files\Galaxy Online
2009-04-07 22:43 . 2009-03-15 11:31 10 ----a-w c:\windows\popcinfo.dat
2009-04-03 14:21 . 2009-04-03 14:21 -------- d-----w c:\program files\YouTube Downloader
2009-03-25 15:18 . 2009-03-25 15:18 -------- d-----w c:\program files\TeamViewer
2009-03-22 11:26 . 2009-03-22 11:25 -------- d-----w c:\program files\QuickTime
2009-03-22 11:25 . 2009-03-22 11:25 -------- d-----w c:\program files\Apple Software Update
2009-03-22 10:32 . 2009-03-22 10:15 5632 ----a-w c:\windows\system32\drivers\StarOpen.sys
2009-03-22 10:16 . 2009-03-22 10:16 -------- d-----w c:\program files\DIFX
2009-03-22 10:15 . 2009-03-14 19:30 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-22 10:05 . 2009-03-22 10:05 -------- d-----w c:\program files\LizardTech
2009-03-22 10:03 . 2009-03-22 10:03 -------- d-----w c:\program files\Samsung
2009-03-14 22:35 . 2009-03-14 22:26 141048 ----a-w c:\windows\hpoins14.dat
2009-03-14 22:35 . 2009-03-14 22:35 87312 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-03-14 22:35 . 2009-03-14 22:35 23824 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-03-14 22:35 . 2009-03-14 22:35 139008 ----a-w c:\windows\system32\guard32.dll
2009-03-14 21:12 . 2009-03-14 21:12 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-14 21:11 . 2009-03-14 21:11 10368 ----a-w c:\windows\system32\drivers\pfc.sys
2009-03-14 19:52 . 2009-03-14 19:52 1856 ----a-w c:\windows\system32\whp.bin
2009-03-14 19:49 . 2009-03-14 19:49 0 ----a-w c:\windows\nsreg.dat
2009-03-14 19:36 . 2009-03-14 19:36 315392 ----a-w c:\windows\HideWin.exe
2009-03-14 19:12 . 2009-03-14 19:12 21640 ----a-w c:\windows\system32\emptyregdb.dat
2009-03-06 14:22 . 2008-04-14 03:42 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 10:38 . 2009-03-03 10:38 128840 ----a-w c:\windows\system32\Metacafe.scr
2009-02-20 08:10 . 2008-04-14 03:42 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2008-04-14 03:41 81920 ----a-w c:\windows\system32\ieencode.dll
.
((((((((((((((((((((((((((((( SnapShot@2009-05-17_16.05.55 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-17 19:35 . 2009-05-17 19:35 16384 c:\windows\Temp\Perflib_Perfdata_9cc.dat
+ 2009-05-17 19:35 . 2009-05-17 19:35 16384 c:\windows\Temp\Perflib_Perfdata_844.dat
- 2009-05-17 16:05 . 2009-05-17 16:05 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2009-05-17 19:35 . 2009-05-17 19:35 16384 c:\windows\Temp\Perflib_Perfdata_64c.dat
+ 2001-08-23 12:00 . 2009-05-17 16:08 59644 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2009-05-08 23:19 59644 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2009-05-17 16:08 395530 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2009-05-08 23:19 395530 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-06 24095528]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-03-15 321344]
"SpeedConnectStartUp"="c:\program files\CBS Software\SpeedConnect Internet Accelerator\SpeedConnectStartUp.exe" [2008-08-18 565760]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-16 8491008]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-16 81920]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"ASUSGamerOSD"="c:\program files\ASUS\GamerOSD\GamerOSD.exe" [2007-09-13 380928]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-14 148888]
"FixCamera"="c:\windows\FixCamera.exe" [2005-12-06 20480]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-11-04 90112]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2009-03-14 1572608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"MSF_Monitor"="c:\progra~1\MYSECR~1\MSFMON.exe" [2007-01-24 99920]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-09-27 16844800]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2007-08-03 1826816]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-09-16 1626112]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\Alex and Johny\Start Menu\Programs\Startup\
logger engine.lnk - d:\program files\log\logger engine.exe [2009-5-9 1254912]
Shortcut to cnn.lnk - d:\program files\bobby\cnn\cnn.exe [2009-5-10 1254912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"AllowMultipleTSSessions"= 1 (0x1)
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1292428093-606747145-682003330-1005]
"EnableNotificationsRef"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\VP-EYE\\avi\\avi.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"d:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Alex and Johny\\temp\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\WebEye\\WebEye.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\ASUS\\GamerOSD\\SBS.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1962:TCP"= 1962:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3118:TCP"= 3118:TCP:Akamai NetSession Interface
"3175:TCP"= 3175:TCP:Akamai NetSession Interface
"3360:TCP"= 3360:TCP:Akamai NetSession Interface
"3752:TCP"= 3752:TCP:Akamai NetSession Interface
"3908:TCP"= 3908:TCP:Akamai NetSession Interface
"4180:TCP"= 4180:TCP:Akamai NetSession Interface
"4258:TCP"= 4258:TCP:Akamai NetSession Interface
"1118:TCP"= 1118:TCP:Akamai NetSession Interface
"3434:TCP"= 3434:TCP:Akamai NetSession Interface
"1340:TCP"= 1340:TCP:Akamai NetSession Interface
"2712:TCP"= 2712:TCP:Akamai NetSession Interface
"1753:TCP"= 1753:TCP:Akamai NetSession Interface
"1830:TCP"= 1830:TCP:Akamai NetSession Interface
"1385:TCP"= 1385:TCP:Akamai NetSession Interface
"3854:TCP"= 3854:TCP:Akamai NetSession Interface
"1084:TCP"= 1084:TCP:Akamai NetSession Interface
"1472:TCP"= 1472:TCP:Akamai NetSession Interface
"1117:TCP"= 1117:TCP:Akamai NetSession Interface
"1104:TCP"= 1104:TCP:Akamai NetSession Interface
"1044:TCP"= 1044:TCP:Akamai NetSession Interface
"4812:TCP"= 4812:TCP:Akamai NetSession Interface
"2349:TCP"= 2349:TCP:Akamai NetSession Interface
"2386:TCP"= 2386:TCP:Akamai NetSession Interface
"3775:TCP"= 3775:TCP:Akamai NetSession Interface
"3874:TCP"= 3874:TCP:Akamai NetSession Interface
"1091:TCP"= 1091:TCP:Akamai NetSession Interface
"3037:TCP"= 3037:TCP:Akamai NetSession Interface
"1106:TCP"= 1106:TCP:Akamai NetSession Interface
"1109:TCP"= 1109:TCP:Akamai NetSession Interface
"1078:TCP"= 1078:TCP:Akamai NetSession Interface
"1082:TCP"= 1082:TCP:Akamai NetSession Interface
"1033:TCP"= 1033:TCP:Akamai NetSession Interface
"1050:TCP"= 1050:TCP:Akamai NetSession Interface
"1034:TCP"= 1034:TCP:Akamai NetSession Interface
"2357:TCP"= 2357:TCP:Akamai NetSession Interface
"2421:TCP"= 2421:TCP:Akamai NetSession Interface
"2477:TCP"= 2477:TCP:Akamai NetSession Interface
"1045:TCP"= 1045:TCP:Akamai NetSession Interface
"2071:TCP"= 2071:TCP:Akamai NetSession Interface
"2318:TCP"= 2318:TCP:Akamai NetSession Interface
"2504:TCP"= 2504:TCP:Akamai NetSession Interface
"4703:TCP"= 4703:TCP:Akamai NetSession Interface
"3858:TCP"= 3858:TCP:Akamai NetSession Interface
"1042:TCP"= 1042:TCP:Akamai NetSession Interface
"1047:TCP"= 1047:TCP:Akamai NetSession Interface
"1041:TCP"= 1041:TCP:Akamai NetSession Interface
"1187:TCP"= 1187:TCP:Akamai NetSession Interface
"1229:TCP"= 1229:TCP:Akamai NetSession Interface
"1293:TCP"= 1293:TCP:Akamai NetSession Interface
"1065:TCP"= 1065:TCP:Akamai NetSession Interface
"1575:TCP"= 1575:TCP:Akamai NetSession Interface
"1052:TCP"= 1052:TCP:Akamai NetSession Interface
"3090:TCP"= 3090:TCP:Akamai NetSession Interface
"1080:TCP"= 1080:TCP:Akamai NetSession Interface
"2295:TCP"= 2295:TCP:Akamai NetSession Interface
"2867:TCP"= 2867:TCP:Akamai NetSession Interface
"2620:TCP"= 2620:TCP:Akamai NetSession Interface
"1611:TCP"= 1611:TCP:Akamai NetSession Interface
"1072:TCP"= 1072:TCP:Akamai NetSession Interface
"1085:TCP"= 1085:TCP:Akamai NetSession Interface
"1064:TCP"= 1064:TCP:Akamai NetSession Interface
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"4617:TCP"= 4617:TCP:Akamai NetSession Interface
"1046:TCP"= 1046:TCP:Akamai NetSession Interface
"1049:TCP"= 1049:TCP:Akamai NetSession Interface
"1048:TCP"= 1048:TCP:Akamai NetSession Interface
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [14.3.2009 22:20 114768]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [15.3.2009 0:35 87312]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [15.3.2009 0:35 23824]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [14.4.2008 5:42 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [14.3.2009 22:20 20560]
R2 MSF32;MSF32;c:\program files\MySecretFolder XP\MSF32.SYS [22.4.2009 23:28 39424]
R2 PMonSvc;Profile Monitor;c:\windows\system32\pmonsvc.exe [23.3.2008 15:43 38152]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [14.1.2009 18:53 226656]
R3 3xHybrid;SAA713x TV Card Service;c:\windows\system32\drivers\3xHybrid.sys [6.7.2007 12:00 906368]
S3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [19.4.2009 21:53 13312]
S3 PsSdk30;PsSdk30;\??\c:\windows\system32\Drivers\PsSdk30.drv --> c:\windows\system32\Drivers\PsSdk30.drv [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [15.3.2009 12:04 337800]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
2009-05-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-05-17 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 07:20]
2009-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2007-08-02 07:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101761&gct=&gc=1&q=%s
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Alex and Johny\Application Data\Mozilla\Firefox\Profiles\e6inuhs0.default\
FF - prefs.js: browser.startup.homepage - google.rs
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\documents and settings\Alex and Johny\Application Data\Mozilla\Firefox\Profiles\e6inuhs0.default\extensions\npfax@microgaming.co.uk\platform\WINNT_x86-msvc\plugins\npfax.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPOFFICE.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
---- FIREFOX POLICIES ----
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-18 00:20
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\c:\windows\system32\Drivers\PsSdk30.drv"
.
Completion time: 2009-05-17 0:21
ComboFix-quarantined-files.txt 2009-05-17 22:21
ComboFix2.txt 2009-05-17 16:09
Pre-Run: 33.095.659.520 bytes free
Post-Run: 33.079.869.440 bytes free
401 --- E O F --- 2009-05-15 00:59
|
|
|
|
|
Poslao: 18 Maj 2009 18:55
|
offline
- AleX
- Građanin
- Pridružio: 20 Jul 2008
- Poruke: 197
|
Hvala.
Moze li objasnjenje, to jest, koji problem je postojao u mom racunaru?
|
|
|
|
Poslao: 18 Maj 2009 19:04
|
offline
- dr_Bora
- Anti Malware Fighter
Rank 2
- Pridružio: 24 Jul 2007
- Poruke: 12280
- Gde živiš: Höganäs, SE
|
Ništa preterano strašno: Adware.MyWebSearch.
|
|
|
|