MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć, mislim da su mi upali VIRUSI!

[bobby] Pomoć, mislim da su mi upali VIRUSI!

Napisano na dan: 18.10.2008

Strana:
1
2

[bobby] Pomoć, mislim da su mi upali VIRUSI!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

deepy Poslao: 18 Okt 2008 09:07 Idi na vrh
offline deepy Građanin Pridružio: 28 Jun 2008 Poruke: 61	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da su mi sinoć pri downloadiranju neke muzike upali virusi i druge štetočine... Ovdje sam ostavio logfile.. Molio bih da pomognete.. Logfile of HijackThis v1.99.1 Scan saved at 9:03:42, on 18.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Applications\wcs.exe C:\Program Files\Applications\iebtm.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Applications\wcm.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Applications\iebtmm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\system32\algg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\DOCUME~1\Hum\LOCALS~1\Temp\RtkBtMnt.exe C:\Program Files\Alwil Software\Avast4\setup\avast.setup C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Hum\My Documents\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = windiwsfsearch.com/ie6.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = windiwsfsearch.com O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\Ares.exe" -h O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - howtoiexplorer.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - howtoiexplorer.com/redirect.php (file missing) O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7007377812 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing) O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing) O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Profil

bobby Poslao: 18 Okt 2008 10:38 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

deepy Poslao: 18 Okt 2008 10:42 Idi na vrh
offline deepy Građanin Pridružio: 28 Jun 2008 Poruke: 61	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-10-17.01 - Hum 2008-10-18 10:14:52.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2419 [GMT 2:00] Running from: C:\Documents and Settings\Hum\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Hum\My Documents\My Documents.url C:\Documents and Settings\Hum\My Documents\My Music\My Music.url C:\Documents and Settings\Hum\My Documents\My Pictures\My Pictures.url C:\Documents and Settings\Hum\My Documents\My Videos\My Video.url C:\Program Files\Applications\iebr.dll C:\Program Files\Applications\iebt.dll C:\Program Files\Applications\iebu.exe C:\Program Files\Applications\myd.ico C:\Program Files\Applications\mym.ico C:\Program Files\Applications\myp.ico C:\Program Files\Applications\myv.ico C:\Program Files\Applications\ot.ico C:\Program Files\Applications\ts.ico C:\Program Files\Applications\wcm.exe C:\Program Files\Applications\wcs.exe C:\Program Files\VirRL2009 C:\Program Files\VirRL2009\VirRL2009.exe C:\WINDOWS\system32\675873 C:\WINDOWS\system32\675873\675873.dll . ((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))))) . 2008-10-18 10:16 . 2008-10-18 10:19 <DIR> d-------- C:\WINDOWS\system32\675873 2008-10-18 02:34 . 2008-10-18 02:49 <DIR> d-------- C:\Program Files\WAV 2008-10-18 02:28 . 2008-10-18 09:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-18 02:24 . 2008-10-18 02:24 20,992 --a------ C:\WINDOWS\system32\algg.exe 2008-10-18 02:23 . 2008-10-18 10:19 <DIR> d-------- C:\Program Files\Applications 2008-10-15 16:30 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 16:30 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 16:30 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 16:30 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-09-25 09:16 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\Hum\Application Data\BitDefender 2008-09-25 09:15 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-09-25 09:12 . 2008-09-25 09:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-09-24 20:58 . 2008-09-24 20:58 <DIR> d-------- C:\Program Files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 08:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-10-18 06:58 --------- d-----w C:\Documents and Settings\Hum\Application Data\Skype 2008-10-18 06:57 --------- d-----w C:\Documents and Settings\Hum\Application Data\skypePM 2008-10-18 00:12 15,360 --s-a-w C:\WINDOWS\system32\bmztmss.dll 2008-10-09 11:08 --------- d-----w C:\Documents and Settings\Hum\Application Data\BSplayer PRO 2008-09-25 07:15 --------- d-----w C:\Program Files\BitDefender 2008-09-19 15:34 --------- d-----w C:\Program Files\Google 2008-09-17 22:29 --------- d-----w C:\Documents and Settings\Hum\Application Data\Ahead 2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-31 23:03 --------- d-----w C:\Program Files\Ares 2008-08-31 23:00 --------- d-----w C:\Program Files\Ares Vista 2008-08-29 08:58 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-08-23 10:31 --------- d-----w C:\Program Files\EA SPORTS 2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-07-25 08:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-19 12:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . ((((((((((((((((((((((((((((( snapshot@2008-08-31_22.36.47.15 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-20 04:58:54 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll + 2008-08-20 04:58:47 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\shdocvw.dll + 2008-08-20 04:58:50 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\urlmon.dll + 2008-08-20 04:58:48 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll + 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spmsg.dll + 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spuninst.exe + 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\spcustom.dll + 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\update.exe + 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\updspapi.dll + 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe + 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll + 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe + 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe + 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe + 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe + 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe - 2008-08-17 09:51:12 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe + 2008-10-16 09:07:27 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe - 2008-08-17 09:51:12 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe + 2008-10-16 09:07:27 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe - 2008-08-17 09:51:12 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe + 2008-10-16 09:07:27 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe - 2008-08-17 09:51:11 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe + 2008-10-16 09:07:27 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe - 2008-08-17 09:51:12 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe + 2008-10-16 09:07:27 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe - 2008-08-17 09:51:12 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe + 2008-10-16 09:07:27 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe - 2008-08-17 09:51:12 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe + 2008-10-16 09:07:27 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe - 2008-08-17 09:51:12 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe + 2008-10-16 09:07:27 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe - 2008-08-17 09:51:12 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe + 2008-10-16 09:07:27 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe - 2008-08-17 09:51:11 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe + 2008-10-16 09:07:27 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe - 2008-08-17 09:51:12 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe + 2008-10-16 09:07:27 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe - 2008-08-17 09:51:11 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe + 2008-10-16 09:07:26 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe - 2008-08-17 09:51:11 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-10-16 09:07:26 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe + 2008-09-25 07:16:37 61,440 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\helpicon.exe + 2008-09-25 07:16:37 32,768 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\maintenance_icon.exe + 2008-09-25 07:16:37 22,486 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\register_icon.exe + 2008-09-25 07:16:37 57,344 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\texticon.exe + 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe + 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr - 2008-06-20 11:40:08 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys + 2008-08-14 10:04:36 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys - 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll + 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll - 2008-06-23 15:09:27 3,067,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll + 2008-08-20 05:30:53 3,067,904 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll - 2008-06-26 08:15:29 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll + 2008-08-20 05:30:51 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll - 2008-04-13 22:45:12 334,848 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys + 2008-09-08 10:41:42 333,824 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys - 2008-06-26 08:15:30 619,520 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll + 2008-08-20 05:30:52 619,520 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll - 2008-04-13 23:00:12 1,845,632 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys + 2008-09-15 12:12:56 1,846,400 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys - 2008-06-23 15:09:27 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll + 2008-08-20 05:30:51 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll - 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll + 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll - 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe + 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe - 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll + 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll - 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll + 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll - 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll + 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll - 2007-07-30 17:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll + 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys - 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys + 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys + 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys + 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys + 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys + 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys + 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys - 2008-07-19 08:13:32 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys + 2008-06-02 14:16:08 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys - 2008-01-07 15:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys + 2008-01-07 16:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys - 2008-08-10 10:32:57 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT + 2008-10-16 10:47:28 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT - 2004-03-31 10:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll + 2004-03-31 11:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll - 2002-01-05 00:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll + 2002-01-05 01:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll - 2002-01-05 00:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll + 2002-01-05 01:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll - 2003-03-18 18:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll + 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll - 2003-03-18 18:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll + 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll - 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll + 2008-08-20 05:30:53 3,067,904 ----a-w C:\WINDOWS\system32\mshtml.dll - 2002-01-05 00:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll + 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll - 2002-01-05 00:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll + 2002-01-05 01:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll - 2003-03-18 17:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll + 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll - 2002-01-04 23:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll + 2002-01-05 00:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll - 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll + 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll - 2008-08-31 20:24:45 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-18 07:01:33 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-08-31 20:24:45 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-18 07:01:33 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-08-20 05:30:51 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll + 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll + 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll - 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll + 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll - 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll + 2008-08-20 05:30:52 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll - 2007-11-27 14:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll + 2007-11-27 15:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll - 2007-01-31 11:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll + 2007-01-31 12:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll + 2008-10-18 08:19:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_354.dat - 2006-12-01 19:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll + 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll - 2006-12-01 19:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll + 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll - 2006-12-01 19:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll + 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll - 2006-12-01 21:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll + 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll - 2006-12-01 21:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll + 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll - 2006-12-01 21:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll + 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll - 2006-12-01 21:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll + 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll - 2006-12-01 21:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll + 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll - 2006-12-01 21:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll + 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll - 2006-12-01 21:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll + 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll - 2006-12-01 21:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll + 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll - 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll - 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll - 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll + 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll - 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll + 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll - 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll + 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-07-26 2321600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Hum\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{fef6ace8-bb45-4009-8342-63415164d691}"= "C:\WINDOWS\system32\bmztmss.dll" [2008-10-18 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\BIHPL.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\Ares Vista\\Ares.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 iastor78;iastor78;C:\WINDOWS\system32\drivers\iastor78.sys [2008-06-08 308248] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . - - - - ORPHANS REMOVED - - - - BHO-{030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Hum\Application Data\Mozilla\Firefox\Profiles\6yd6ihjy.default\ FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-18 10:19:49 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\wbem\wmiadap.exe . ************************************************************************ . Completion time: 2008-10-18 10:24:00 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-18 08:23:55 Pre-Run: 16.729.903.104 bytes free Post-Run: 16,821,223,424 bytes free 336 --- E O F --- 2008-10-18 07:02:44

Profil

bobby Poslao: 18 Okt 2008 10:59 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! 1. Imas dva antivirusa instalirana (BitDefender i Avast)? 2. Sledece fajlove ces da mi spakujes u jedan zip i da mi ih posaljes da ih pogledam: C:\WINDOWS\system32\wbem\wmiadap.exe C:\WINDOWS\system32\algg.exe C:\WINDOWS\system32\bdod.bin Upload ces uraditi preko sledece forme: http://www.mycity.rs/ambulanta-upload.php 3. Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\bmztmss.dll DirLook:: C:\WINDOWS\system32\675873 Registry:: [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{fef6ace8-bb45-4009-8342-63415164d691}"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

deepy Poslao: 18 Okt 2008 11:37 Idi na vrh
offline deepy Građanin Pridružio: 28 Jun 2008 Poruke: 61	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! BitDefender-u je istekao rok, zato sam instalirao Avast... Dopuna: 18 Okt 2008 11:20 Fajlove sam uploadirao! Dopuna: 18 Okt 2008 11:37 Evo i logfile-a od Combo Fix-a: ComboFix 08-10-17.01 - Hum 2008-10-18 11:19:56.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2328 [GMT 2:00] Running from: C:\Documents and Settings\Hum\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Hum\Desktop\CFScript.txt * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\system32\bmztmss.dll . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\bmztmss.dll . ((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 ))))))))))))))))))))))))))))))) . 2008-10-18 10:16 . 2008-10-18 10:19 <DIR> d-------- C:\WINDOWS\system32\675873 2008-10-18 02:34 . 2008-10-18 02:49 <DIR> d-------- C:\Program Files\WAV 2008-10-18 02:28 . 2008-10-18 09:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-18 02:24 . 2008-10-18 02:24 20,992 --a------ C:\WINDOWS\system32\algg.exe 2008-10-18 02:23 . 2008-10-18 10:19 <DIR> d-------- C:\Program Files\Applications 2008-10-15 16:30 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe 2008-10-15 16:30 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe 2008-10-15 16:30 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe 2008-10-15 16:30 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe 2008-09-25 09:16 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\Hum\Application Data\BitDefender 2008-09-25 09:15 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender 2008-09-25 09:12 . 2008-09-25 09:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel 2008-09-24 20:58 . 2008-09-24 20:58 <DIR> d-------- C:\Program Files\Alwil Software . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-18 09:21 81,984 ----a-w C:\WINDOWS\system32\bdod.bin 2008-10-18 06:58 --------- d-----w C:\Documents and Settings\Hum\Application Data\Skype 2008-10-18 06:57 --------- d-----w C:\Documents and Settings\Hum\Application Data\skypePM 2008-10-09 11:08 --------- d-----w C:\Documents and Settings\Hum\Application Data\BSplayer PRO 2008-09-25 07:15 --------- d-----w C:\Program Files\BitDefender 2008-09-19 15:34 --------- d-----w C:\Program Files\Google 2008-09-17 22:29 --------- d-----w C:\Documents and Settings\Hum\Application Data\Ahead 2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys 2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys 2008-08-31 23:03 --------- d-----w C:\Program Files\Ares 2008-08-31 23:00 --------- d-----w C:\Program Files\Ares Vista 2008-08-29 08:58 --------- d-----w C:\Program Files\Virtual Earth 3D 2008-08-23 10:31 --------- d-----w C:\Program Files\EA SPORTS 2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll 2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe 2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe 2008-07-25 08:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2008-07-19 12:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll 2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of C:\WINDOWS\system32\675873 ---- ((((((((((((((((((((((((((((( snapshot_2008-10-18_10.23.33.98 ))))))))))))))))))))))))))))))))))))))))) . - 2008-10-18 07:01:33 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-10-18 08:24:05 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-10-18 07:01:33 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-18 08:24:05 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-10-18 09:22:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-07-26 2321600] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360] C:\Documents and Settings\Hum\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872] Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.l3fhg"= mp3fhg.acm "msacm.divxa32"= divxa32.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll "vidc.i263"= i263_32.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 nwprovau [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\BIHPL.exe"= "C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"= "C:\\Program Files\\Ares Vista\\Ares.exe"= "C:\\Program Files\\Ares\\Ares.exe"= "C:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 iastor78;iastor78;C:\WINDOWS\system32\drivers\iastor78.sys [2008-06-08 308248] R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416] R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-18 11:22:30 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe . ************************************************************************ . Completion time: 2008-10-18 11:26:21 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-18 09:26:16 ComboFix2.txt 2008-10-18 08:24:01 Pre-Run: 16.814.813.184 bytes free Post-Run: 16,802,967,552 bytes free 144 --- E O F --- 2008-10-18 07:02:44

Profil

bobby Poslao: 18 Okt 2008 12:02 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deepy, izvini, ali naisli mi gosti. Ono sto je bilo kriticno smo otklonili. Javljam ti se kasnije poslepodne da ti kazem sta sam saznao u vezi fajlova koje si mi poslao. Oni u svakom slucaju nisu aktivni na kompu, tako da ne predstavljaju direktnu pretnju.

Profil

deepy Poslao: 18 Okt 2008 12:12 Idi na vrh
offline deepy Građanin Pridružio: 28 Jun 2008 Poruke: 61	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Puno hvala Bobby!

Profil

bobby Poslao: 18 Okt 2008 22:35 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Deepy, poslao si mi jedna pogresan fajl. Fajl koji mi treba ima dva slova G u imenu: C:\WINDOWS\system32\algg.exe

Profil

deepy Poslao: 18 Okt 2008 23:04 Idi na vrh
offline deepy Građanin Pridružio: 28 Jun 2008 Poruke: 61	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, poslat ću ti ponovo! Dopuna: 18 Okt 2008 23:04 Ovo mi piše kad ga pokušam spakovati: ! C:\Documents and Settings\Hum\Desktop\Za Ambulantu.rar: Cannot open C:\WINDOWS\system32\algg.exe Access is denied.

Profil

bobby Poslao: 18 Okt 2008 23:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Udri onda po njemu ovako: Otvoriti Notepad i iskopirati sledeci tekst: `File:: C:\WINDOWS\system32\algg.exe` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » [bobby] Pomoć, mislim da su mi upali VIRUSI!

Ko je trenutno na forumu

Ukupno su 854 korisnika na forumu :: 15 registrovanih, 1 sakriven i 838 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., aleksmajstor, anta, babaroga, Dorcolac, Koca Popovic, operniki, RED4G-304, S2M, Vlada1389, vladulns, W123, yufighter, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by