Poslao: 06 Maj 2009 19:42
|
offline
- Pridružio: 04 Mar 2008
- Poruke: 147
- Gde živiš: Leposavić
|
stvari stoje ovako proslog cetvrtka sam uveo adsl, od trenutka do danas nije proslo ni nedelju dana, racunar radi kao nikad do sad prosto ne mogu da ga prepoznam.Dok otvori my documents treba mu 10 sekundi,o ostalim stvarima da i ne govorim, skenirao sam ga sa avgom i nasao je 18 trojanaca.Takodje sam ga skenirao i sa cclenerom ali nista se nije promenilo.
Molio bih za pomoc......
Pozz from Kosova and Metohije
|
|
|
|
|
Poslao: 06 Maj 2009 19:55
|
offline
- Pridružio: 04 Mar 2008
- Poruke: 147
- Gde živiš: Leposavić
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:51:28, on 6.5.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\SysMetrix\SysMetrix.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Nikola\Desktop\Нова фасцикла\TR3.exe.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Accessories\Notepad.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = comtradegroup.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Internet Security Class - {A75E294E-C047-4D29-B07E-37B792881BEF} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HService] c:\WINDOWS\msservice.exe
O4 - HKLM\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" /OM
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [OM2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" -NoStart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\nbj.exe"
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Diskeeper 9 Professional Edition Registration.lnk = C:\Program Files\Executive Software\Diskeeper\ESIRegister.exe
O4 - Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Need for Speed™ Undercover Registration.lnk = C:\Program Files\EA GAMES\Need for Speed Undercover\Support\EAregister.exe
O4 - Startup: Y'z Toolbar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\YzToolbar\YzToolBar.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm427YYRS
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.comtradegroup.com
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O24 - Desktop Component 0: (no name) - crveneberetke.com/images/crveneberetke.com_desktop002.JPG
--
End of file - 12791 bytes
|
|
|
|
Poslao: 06 Maj 2009 20:03
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.
Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.
------------------------
Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.
|
|
|
|
Poslao: 06 Maj 2009 22:38
|
offline
- Pridružio: 04 Mar 2008
- Poruke: 147
- Gde živiš: Leposavić
|
ComboFix 09-05-05.05 - Nikola 06.05.2009 22:27.5 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1251.381.1033.18.511.149 [GMT 2:00]
Running from: c:\downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Internet Explorer.lnk
.
---- Previous Run -------
.
c:\documents and settings\Nikola\Favorites\Download programs.url
c:\documents and settings\Nikola\Favorites\Games.url
c:\documents and settings\Nikola\Favorites\Translator.url
c:\documents and settings\Nikola\Favorites\Videos.url
C:\Internet Explorer.lnk
c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\0038397E.urr
c:\program files\FunWebProducts\ScreenSaver\Images\004828B7.urr
c:\program files\FunWebProducts\ScreenSaver\Images\wrkparam.lst
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\bar\Settings\setting2.htm
c:\program files\MyWebSearch\bar\Settings\settings.dat
.
((((((((((((((((((((((((( Files Created from 2009-04-06 to 2009-05-06 )))))))))))))))))))))))))))))))
.
2009-05-06 17:07 . 2009-05-06 17:07 -------- d-----w c:\program files\CCleaner
2009-05-06 08:37 . 2009-05-06 16:28 -------- d--h--w C:\$AVG8.VAULT$
2009-05-06 08:26 . 2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
2009-05-06 08:26 . 2009-05-06 08:26 108552 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-05-06 08:25 . 2009-05-06 08:25 325896 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-05-06 08:25 . 2009-05-06 15:44 -------- d-----w c:\windows\system32\drivers\Avg
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\program files\AVG
2009-05-06 08:25 . 2009-05-06 08:25 -------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-05-05 20:02 . 2009-05-05 20:18 -------- d-----w c:\program files\Online TV Player 4
2009-05-05 20:02 . 2009-05-05 20:02 -------- d-----w c:\program files\Dexpot
2009-05-05 16:09 . 2009-05-05 16:09 -------- d-----w c:\windows\system32\config\systemprofile\Local Settings\Application Data\Google
2009-05-04 14:17 . 2009-05-04 14:17 -------- d-----w c:\program files\Common Files\xing shared
2009-05-04 14:15 . 2009-05-04 14:15 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-05-03 18:22 . 2003-02-28 16:26 139536 ----a-w c:\windows\system32\javaee.dll
2009-05-03 18:22 . 2003-02-28 16:26 171792 ----a-w c:\windows\system32\wjview.exe
2009-05-03 18:22 . 2003-02-28 16:26 172304 ----a-w c:\windows\system32\jview.exe
2009-05-03 18:22 . 2003-02-28 16:26 49424 ----a-w c:\windows\system32\clspack.exe
2009-05-02 19:41 . 2009-05-02 19:41 -------- d-----w c:\program files\YouTube Downloader
2009-05-02 05:45 . 2006-02-28 12:00 221184 ----a-w c:\windows\system32\wmpns.dll
2009-05-01 18:47 . 2009-05-06 18:13 -------- d-----w c:\documents and settings\Nikola\Application Data\Hamachi
2009-05-01 18:46 . 2009-05-01 18:46 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
2009-05-01 18:46 . 2009-05-01 18:47 -------- d-----w c:\program files\Hamachi
2009-05-01 18:33 . 2009-02-06 10:29 2142720 -c----w c:\windows\system32\dllcache\ntkrnlmp.exe
2009-05-01 18:33 . 2009-02-06 10:32 2186112 -c----w c:\windows\system32\dllcache\ntoskrnl.exe
2009-05-01 18:33 . 2009-02-06 09:49 2020864 -c----w c:\windows\system32\dllcache\ntkrpamp.exe
2009-05-01 18:33 . 2009-02-06 09:49 2062976 -c----w c:\windows\system32\dllcache\ntkrnlpa.exe
2009-05-01 18:00 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Favorites
2009-05-01 17:56 . 2009-05-01 20:00 -------- d-----w c:\documents and settings\Nikola\Contacts
2009-05-01 17:52 . 2008-10-16 12:06 208744 ----a-w c:\windows\system32\muweb.dll
2009-05-01 17:52 . 2008-10-16 12:06 268648 ----a-w c:\windows\system32\mucltui.dll
2009-05-01 17:51 . 2009-05-01 17:51 -------- d-----w c:\documents and settings\All Users\Application Data\Windows Live Toolbar
2009-05-01 17:49 . 2009-05-01 18:00 -------- d-----w c:\program files\Windows Live Toolbar
2009-05-01 17:47 . 2009-05-01 17:47 -------- d-----w c:\program files\MSN Messenger
2009-04-30 22:14 . 2009-04-30 22:14 -------- d-----w c:\documents and settings\Nikola\Application Data\Deckadance
2009-04-30 22:08 . 2009-05-01 20:58 -------- d-----w c:\program files\Image-Line
2009-04-30 22:07 . 2009-04-30 22:07 -------- d-----w c:\program files\VstPlugins
2009-04-30 21:48 . 2009-05-01 18:49 -------- d-----w c:\documents and settings\Nikola\Application Data\MyRadioPlayer
2009-04-30 21:44 . 2009-05-01 18:49 -------- d-----w c:\program files\MyRadioPlayer
2009-04-30 21:44 . 2009-04-30 21:44 -------- d-----w c:\program files\AskSBar
2009-04-30 21:37 . 2009-04-30 21:37 -------- d-----w c:\documents and settings\Nikola\Local Settings\Application Data\Mozilla
2009-04-30 19:18 . 2009-04-30 19:18 -------- d-----w c:\windows\Sun
2009-04-30 18:27 . 2009-04-30 18:27 -------- d-----w c:\program files\GameTop.com
2009-04-30 17:10 . 2009-04-30 17:10 197120 ----a-w c:\windows\system32\New Golf GTI screensaver.scr
2009-04-30 17:10 . 2009-04-30 17:10 -------- d-----w c:\windows\system32\New Golf GTI screensaver dir
2009-04-22 22:09 . 2009-04-22 22:09 -------- d-----w c:\program files\INT=CHAR
2009-04-20 11:54 . 2009-05-01 20:38 -------- d-----w c:\program files\Valve
2009-04-18 20:43 . 2009-04-18 20:43 -------- d-----w c:\program files\Novel Games
2009-04-13 19:21 . 2009-04-13 19:21 -------- d-----w c:\documents and settings\Nikola\Application Data\Pioneer
2009-04-13 19:16 . 2009-04-13 19:16 -------- d-----w c:\windows\system32\ipp20
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-06 20:09 . 2008-08-11 22:11 -------- d-----w c:\program files\FlashGet
2009-05-06 18:14 . 2008-07-23 10:11 -------- d-----w c:\program files\SysMetrix
2009-05-06 07:52 . 2007-10-07 10:26 -------- d-----w c:\program files\Google
2009-05-06 07:43 . 2007-09-28 21:12 -------- d-----w c:\program files\Kaspersky Lab
2009-05-04 14:17 . 2007-10-07 10:51 -------- d-----w c:\program files\Common Files\Real
2009-05-04 14:17 . 2003-03-18 19:14 499712 ----a-w c:\windows\system32\msvcp71.dll
2009-05-04 14:17 . 2003-02-21 03:42 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-05-03 18:22 . 2009-05-03 18:22 2232 ----a-w c:\windows\java\Packages\Data\Z5BBJ797.DAT
2009-05-03 18:22 . 2009-05-03 18:22 155995 ----a-w c:\windows\java\Packages\X7LBNNDF.ZIP
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\6IRJTBXN.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\U857R17J.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\MPNBXNTF.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\8QT3BTBJ.DAT
2009-05-03 18:22 . 2009-05-03 18:22 2678 ----a-w c:\windows\java\Packages\Data\B5RVNJPR.DAT
2009-05-02 19:42 . 2007-10-07 10:26 -------- d-----w c:\program files\DivX
2009-05-02 05:56 . 2007-03-15 20:57 -------- d-----w c:\program files\Microsoft SQL Server
2009-05-01 20:57 . 2009-01-12 19:29 -------- d-----w c:\program files\Counter Strike - SRPSKA CAST
2009-05-01 11:57 . 2007-08-08 11:09 134832 ----a-w c:\documents and settings\Nikola\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-01 08:16 . 2007-03-15 21:22 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-30 21:47 . 2009-01-28 13:17 -------- d-----w c:\program files\Java
2009-03-28 22:14 . 2008-07-17 21:45 -------- d-----w c:\program files\SpeedFan
2009-03-21 17:40 . 2008-05-06 19:56 -------- d-----w c:\program files\Common Files\Teleca Shared
2009-03-13 16:18 . 2008-07-21 18:56 -------- d-----w c:\program files\ImTOO
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-03-12 13:17 . 2009-03-12 13:17 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\PCSuite
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\Common Files\Nokia
2009-03-12 13:14 . 2009-03-12 13:13 -------- d-----w c:\program files\Nokia
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\DIFX
2009-03-12 13:14 . 2009-03-12 13:14 -------- d-----w c:\program files\PC Connectivity Solution
2009-03-06 14:00 . 2007-03-15 19:08 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:14 . 2007-03-15 19:08 1227776 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:14 . 2007-03-15 19:08 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2007-03-15 19:08 1847424 ----a-w c:\windows\system32\win32k.sys
2009-02-09 10:01 . 2007-03-15 19:08 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:01 . 2007-03-15 19:08 728576 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:01 . 2007-03-15 19:08 617984 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:01 . 2007-03-15 19:08 715264 ----a-w c:\windows\system32\ntdll.dll
2009-02-08 18:09 . 2009-02-08 18:08 107424 ----a-w c:\windows\hpqins11.dat
2009-02-08 18:08 . 2008-12-31 17:05 141021 ----a-w c:\windows\hpoins14.dat
2009-02-06 10:32 . 2007-03-15 19:08 2186112 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:22 . 2007-03-15 19:08 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 09:54 . 2007-03-15 19:08 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 09:49 . 2004-08-03 22:59 2062976 ----a-w c:\windows\system32\ntkrnlpa.exe
2008-12-20 13:11 . 2008-12-20 13:11 139 --sh--w c:\program files\desktop.ini
.
------- Sigcheck -------
[7] 2004-09-29 18:27 656896 2C07195588D69A067C2AFDAA31759295 c:\windows\$hf_mig$\KB834707\SP2QFE\wininet.dll
[7] 2005-01-27 17:08 657920 A8EAC5330876548E9966A7D13025D196 c:\windows\$hf_mig$\KB867282\SP2QFE\wininet.dll
[7] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[7] 2005-03-10 07:43 657920 C8663B488996E89A84C3D17C1D12B79E c:\windows\$hf_mig$\KB890923\SP2QFE\wininet.dll
[7] 2005-09-02 23:53 660480 97A6FD7CAFD688CF2C78939EBAF0CD0C c:\windows\$hf_mig$\KB896688\SP2QFE\wininet.dll
[7] 2005-07-03 02:09 659456 6E533D155B259EB2363D3E04B5BE309F c:\windows\$hf_mig$\KB896727\SP2QFE\wininet.dll
[7] 2005-10-21 03:38 661504 AF785C4947676A7FC1673FDC5C8D0B5B c:\windows\$hf_mig$\KB905915\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2006-02-28 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB834707$\wininet.dll
[7] 2004-09-29 18:47 656896 CBA65B573C66FE23F647FF96E3A10994 c:\windows\$NtUninstallKB867282$\wininet.dll
[7] 2005-01-27 17:13 656896 B5E043E440B210014E021B24CF0A72E3 c:\windows\$NtUninstallKB883939$\wininet.dll
[7] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB896688$\wininet.dll
[7] 2005-09-02 23:52 658432 AF61EBB1F550175EFF406D545D6AB086 c:\windows\$NtUninstallKB905915$\wininet.dll
[7] 2005-10-21 03:39 658432 E7B27B6B6E06CE34EA019FD8B858C613 c:\windows\$NtUninstallKB912812$\wininet.dll
[7] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$NtUninstallKB916281$\wininet.dll
[7] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$NtUninstallKB918899$\wininet.dll
[7] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$NtUninstallKB925454$\wininet.dll
[7] 2006-10-23 15:34 664576 231EF4179ACABE486376B5CA893F1076 c:\windows\$NtUninstallKB928090$\wininet.dll
[-] 2007-01-04 14:05 1224704 F846FBB81B253FAF23036EEAD0455144 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp2qfe\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3gdr\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\SoftwareDistribution\Download\38cc9246b0b2808f85d733169eec82d4\sp3qfe\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\wininet.dll
[-] 2009-02-20 08:14 1227776 A5B96F46650BEA35CCA41D14A1464160 c:\windows\system32\dllcache\wininet.dll
[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\explorer.exe
[7] 2006-02-28 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB898543$\explorer.exe
[-] 2005-04-05 18:06 1880576 7848D851A023380C9702CC9D0C791113 c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2007-09-04 95536]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]
"NBJ"="c:\program files\Ahead\Nero BackItUp\nbj.exe" [2005-06-02 1957888]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-12 68856]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [BU]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SysMetrix"="c:\program files\SysMetrix\SysMetrix.exe" [2006-02-25 2637824]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"HService"="c:\windows\msservice.exe" [BU]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2007-09-04 54576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-10-25 35328]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-05-04 198160]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-06 1947928]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-02-28 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-06 08:26 11952 ----a-w c:\windows\system32\avgrsstx.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[BU]
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave1"= serwvdrv.dll
"wave2"= serwvdrv.dll
"wave3"= serwvdrv.dll
"wave5"= serwvdrv.dll
"wave6"= serwvdrv.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\INT=CHAR\\Na Kosovo Ravno\\hl.exe"=
"d:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15669:TCP"= 15669:TCP:NortonAV
"15032:TCP"= 15032:TCP:NortonAV
"16238:TCP"= 16238:TCP:NortonAV
"14098:TCP"= 14098:TCP:NortonAV
"13732:TCP"= 13732:TCP:NortonAV
"14577:TCP"= 14577:TCP:NortonAV
"13559:TCP"= 13559:TCP:NortonAV
"13116:TCP"= 13116:TCP:NortonAV
"15719:TCP"= 15719:TCP:NortonAV
"17241:TCP"= 17241:TCP:NortonAV
"16520:TCP"= 16520:TCP:NortonAV
"15962:TCP"= 15962:TCP:NortonAV
"18026:TCP"= 18026:TCP:NortonAV
"16598:TCP"= 16598:TCP:NortonAV
"14198:TCP"= 14198:TCP:NortonAV
"18622:TCP"= 18622:TCP:NortonAV
"16783:TCP"= 16783:TCP:NortonAV
"18094:TCP"= 18094:TCP:NortonAV
"15334:TCP"= 15334:TCP:NortonAV
"1509:UDP"= 1509:UDP:Windows Media Format SDK (InternetTV.exe)
"1508:UDP"= 1508:UDP:Windows Media Format SDK (InternetTV.exe)
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [6.5.2009 10:25 325896]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [6.5.2009 10:26 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6.5.2009 10:25 298776]
R2 MarxDev1;MarxDev1;c:\windows\system32\drivers\MARXDEV1.SYS [7.10.2007 11:35 8864]
R2 MarxDev2;MarxDev2;c:\windows\system32\drivers\MARXDEV2.SYS [7.10.2007 11:35 8864]
R2 MarxDev3;MarxDev3;c:\windows\system32\drivers\MARXDEV3.SYS [7.10.2007 11:35 8864]
R2 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [24.11.2008 22:31 29263712]
R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [19.1.2007 12:54 97136]
S1 sdpiosys;sdpiosys;c:\windows\system32\drivers\sdpiosys.sys --> c:\windows\system32\drivers\sdpiosys.sys [?]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys --> c:\windows\system32\DRIVERS\Amps2prt.sys [?]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
S3 GAGPDrv;GAGPDrv;c:\windows\system32\drivers\GAGPDrv.sys [31.5.2008 12:21 4764]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contents of the 'Scheduled Tasks' folder
2009-05-06 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 15:39]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyOverride = local.,
uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRxdm427YYRS
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: &Winamp Search - c:\documents and settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/229?0f1e5aafb10a45dcabb7c92063593335
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-ww\msntabres.dll.mui/230?0f1e5aafb10a45dcabb7c92063593335
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Searchme
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1592999&SearchSource=2&q=
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\Nikola\Application Data\Mozilla\Firefox\Profiles\a1lrct7c.default\extensions\{1755e943-b0af-431b-8ba7-3a74879720dd}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAskSBr.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-05-06 22:29
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-2503863038-3716547860-1000463515-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-05-06 22:33
ComboFix-quarantined-files.txt 2009-05-06 20:32
Pre-Run: 8.501.313.536 bytes free
Post-Run: 8.488.230.912 bytes free
325 --- E O F --- 2009-05-06 05:53
|
|
|
|
|
|
Poslao: 06 Maj 2009 23:27
|
offline
- helen1
- Anti Malware Fighter
Rank 2
- Pridružio: 27 Avg 2005
- Poruke: 8620
- Gde živiš: Novi Beograd
|
Ugasi Antivirus.
Otvoriti Notepad i iskopirati sledeci tekst:
Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15669:TCP"=-
"15032:TCP"=-
"16238:TCP"=-
"14098:TCP"=-
"13732:TCP"=-
"14577:TCP"=-
"13559:TCP"=-
"13116:TCP"=-
"15719:TCP"=-
"17241:TCP"=-
"16520:TCP"=-
"15962:TCP"=-
"18026:TCP"=-
"16598:TCP"=-
"14198:TCP"=-
"18622:TCP"=-
"16783:TCP"=-
"18094:TCP"=-
"15334:TCP"=-
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.
|
|
|
|
|
|