provjera

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav

Posto sam primijeto da mi racunar cudno radi pogotovo internet skenirao sam racunar sa Malwarebytes' Anti-Malware i on je detektovao nesto ja sam to kao izbrisao. Ali kad ponovo pustim da skenira nadje ponovo isu infekciju evo loga..

Malwarebytes' Anti-Malware 1.30
Verzija baze podataka: 1371
Windows 5.1.2600 Service Pack 3

11/7/2008 17:45:16
mbam-log-2008-11-07 (17-45-16).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 49716
Proteklo vreme: 3 minute(s), 30 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani kljuèevi u registru: 0
Inficirane vrednosti u registru: 1
Inficirani podaci u registru: 0
Inficirane fascikle: 0
Inficirane datoteke: 1

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani kljuèevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\spool (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
C:\WINDOWS\system\spoolsv.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

A evo i HijackThis logo...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:16:50, on 11/7/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\drivers\mstinit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\OVISLINK\Common\AirliveUI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Aco29\Desktop\New Folder\TR3.exe..exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://linktarget.ashampoo.com/linktarget/?target=trial&edition=eid=3181
F3 - REG:win.ini: load=C:\DOCUME~1\Aco29\APPLIC~1\dllhst3g.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [C:\Program Files\NetMeter\NetMeter.exe] "C:\Program Files\NetMeter\NetMeter.exe"
O4 - HKLM\..\Policies\Explorer\Run: [MstInit] C:\WINDOWS\System32\drivers\mstinit.exe /waitservice
O4 - HKCU\..\Policies\Explorer\Run: [ComRepl] C:\DOCUME~1\Aco29\LOCALS~1\APPLIC~1\comrepl.exe /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe /waitservice (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [Esent Utl] C:\DOCUME~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe /waitservice (User 'Default user')
O4 - Global Startup: AirLive 802.11G Wireless Utility.lnk = C:\Program Files\OVISLINK\Common\AirliveUI.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V.....4798028299
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71AFAAF4-AC17-4921-AA70-60802C3DE1A9}: NameServer = 87.250.98.250 208.67.222.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

--
End of file - 7231 bytes

Pa dali imam razloga za brigu..Hvala

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



* Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana).
* Izaberi AMON iz Threat Protection grupe opcija.
* Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled.
* Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo dr Bora..uz malu napomenu da je seon restartovao u toku skeniranja e sad neznam jeli to tako treba evo logo..

ComboFix 08-11-07.01 - Aco29 2008-11-07 19:53:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.957 [GMT 1:00]
Running from: c:\documents and settings\Aco29\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aco29\Application Data\dllhst3g.exe
c:\documents and settings\Aco29\Application Data\inst.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-07 to 2008-11-07 )))))))))))))))))))))))))))))))
.

2008-11-07 19:54 . 2008-11-06 22:07 81,920 --a------ c:\windows\sessmgr.exe
2008-11-07 19:54 . 2008-11-06 22:07 81,920 --a------ c:\windows\mstinit.exe
2008-11-07 18:45 . 2008-11-07 18:45 <DIR> d-------- c:\program files\Uniblue
2008-11-07 16:08 . 2008-11-06 22:07 81,920 --a------ c:\windows\system\logman.exe
2008-11-07 11:13 . 2008-11-07 11:13 244 --ah----- C:\sqmnoopt02.sqm
2008-11-07 11:13 . 2008-11-07 11:13 232 --ah----- C:\sqmdata02.sqm
2008-11-06 22:07 . 2008-11-06 22:07 81,920 --a------ c:\windows\system32\drivers\mstinit.exe
2008-11-05 15:25 . 2008-11-05 15:25 54,156 --ah----- c:\windows\QTFont.qfn
2008-11-05 15:25 . 2008-11-05 15:25 1,409 --a------ c:\windows\QTFont.for
2008-11-05 15:18 . 2008-11-05 15:18 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-04 17:02 . 2008-11-04 17:02 <DIR> d-------- c:\windows\Performance
2008-11-04 17:02 . 2008-11-04 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-11-02 20:50 . 2008-11-02 20:50 <DIR> d--h----- c:\windows\PIF
2008-11-01 17:42 . 2008-11-01 17:42 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 12:48 . 2008-11-01 12:51 <DIR> d-------- c:\program files\MP3Gain
2008-11-01 11:59 . 2008-11-07 19:06 <DIR> d-------- c:\program files\Lavalys
2008-11-01 11:39 . 2008-11-01 11:39 <DIR> d-------- c:\program files\PC Wizard 2008
2008-11-01 11:39 . 2007-09-15 16:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-11-01 00:46 . 2008-11-04 17:15 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-31 19:23 . 2008-10-31 19:23 <DIR> d-------- c:\program files\Common Files\VCAMEye
2008-10-31 19:23 . 2005-06-20 21:27 390,912 --a------ c:\windows\system32\drivers\snpstd.sys
2008-10-31 19:23 . 2004-06-10 13:48 286,720 --a------ c:\windows\vsnpstd.exe
2008-10-31 19:23 . 2005-04-15 06:20 98,304 --a------ c:\windows\system32\rsnpstd.dll
2008-10-31 19:23 . 2004-02-16 13:59 61,440 --a------ c:\windows\system32\csnpstd.dll
2008-10-31 19:23 . 2004-05-06 11:22 53,248 --a------ c:\windows\system32\dsnpstd.dll
2008-10-31 19:23 . 2004-09-24 10:58 36,864 --a------ c:\windows\system32\vsnpstd.dll
2008-10-31 19:23 . 2005-05-30 23:09 36,864 --a------ c:\windows\system32\dsnpstd.ax
2008-10-31 19:23 . 2003-01-17 17:34 15,541 --a------ c:\windows\snpstd.ini
2008-10-31 19:23 . 2003-01-17 17:35 13,023 --a------ c:\windows\snpstd.src
2008-10-31 18:09 . 2008-10-31 18:10 <DIR> d-------- c:\program files\QuickTime
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\program files\Apple Software Update
2008-10-31 18:09 . 2008-10-31 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-31 18:03 . 2008-10-31 18:03 0 --a------ c:\windows\mngui.INI
2008-10-31 17:54 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Teleca
2008-10-31 17:54 . 2007-04-23 15:54 108,680 -ra------ c:\windows\system32\drivers\s115mdm.sys
2008-10-31 17:54 . 2007-04-23 15:54 100,488 -ra------ c:\windows\system32\drivers\s115mgmt.sys
2008-10-31 17:54 . 2007-04-23 15:54 98,568 -ra------ c:\windows\system32\drivers\s115obex.sys
2008-10-31 17:54 . 2007-04-23 15:54 83,208 -ra------ c:\windows\system32\drivers\s115bus.sys
2008-10-31 17:54 . 2007-04-23 15:54 15,112 -ra------ c:\windows\system32\drivers\s115mdfl.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115whnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115wh.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cmnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cm.sys
2008-10-31 17:52 . 2008-10-31 22:53 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-10-31 17:52 . 2008-10-31 17:52 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Sony Ericsson
2008-10-31 17:51 . 2008-10-31 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca
2008-10-31 17:51 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-30 19:22 . 2008-10-30 19:22 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-30 18:15 . 2008-10-30 18:15 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Lavasoft
2008-10-30 18:08 . 2008-11-06 00:30 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 17:51 . 2008-10-31 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 17:50 . 2008-10-31 22:44 <DIR> d-------- c:\program files\Lavasoft
2008-10-30 17:49 . 2008-10-30 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prevx
2008-10-30 17:26 . 2008-10-30 17:26 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 17:26 . 2004-03-09 00:00 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-10-29 19:10 . 2008-10-29 19:12 90 --a------ c:\windows\ae_mini.INI
2008-10-29 19:07 . 2008-10-29 19:07 399 --a------ c:\windows\asr.INI
2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-29 19:00 . 2008-10-29 19:05 <DIR> d-------- c:\documents and settings\Aco29\dwhelper
2008-10-29 18:49 . 2008-10-29 18:49 <DIR> d-------- c:\windows\Sun
2008-10-28 00:40 . 2008-10-28 00:40 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-10-28 00:40 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-10-27 23:38 . 2008-10-27 23:55 2,211,894 --a------ c:\windows\ACD Wallpaper.bmp
2008-10-27 21:20 . 2008-10-27 21:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\dvdcss
2008-10-27 20:07 . 2008-11-06 22:10 <DIR> d-------- c:\program files\eMule
2008-10-27 19:24 . 2008-10-28 16:05 <DIR> d-------- c:\documents and settings\Aco29\Application Data\skypePM
2008-10-27 19:24 . 2008-10-27 19:24 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 17:18 . 2008-10-27 17:18 <DIR> d-------- c:\documents and settings\Aco29\Application Data\CyberLink
2008-10-27 14:54 . 2008-10-27 14:54 <DIR> d-------- c:\program files\VSO
2008-10-27 14:54 . 2008-10-27 21:12 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Vso
2008-10-27 14:54 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-10-27 14:54 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-10-27 14:54 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-10-27 14:54 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-10-27 14:54 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-10-27 14:54 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-10-27 14:54 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-10-27 14:54 . 2008-10-27 14:54 47,360 --a------ c:\documents and settings\Aco29\Application Data\pcouffin.sys
2008-10-26 10:01 . 2008-10-26 10:20 <DIR> d-------- c:\program files\Readon Technology
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-25 11:51 . 2008-10-25 12:46 <DIR> d-------- c:\program files\Webteh
2008-10-24 18:57 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-24 18:57 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-24 18:57 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-24 18:29 . 2008-10-24 18:29 <DIR> d-------- c:\documents and settings\Aco29\Application Data\vlc
2008-10-24 16:23 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-24 10:54 . 2008-10-24 11:01 <DIR> d-------- c:\program files\Windows Live
2008-10-24 10:54 . 2008-10-24 10:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-24 10:53 . 2008-10-24 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 10:50 . 2008-10-24 10:50 <DIR> d-------- c:\documents and settings\Aco29\Contacts
2008-10-24 10:47 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-24 10:20 . 2008-10-24 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Uniblue
2008-10-24 10:18 . 2008-10-24 10:16 737,280 --a------ c:\windows\iun6002.exe
2008-10-24 10:17 . 2008-10-24 10:18 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-10-24 10:12 . 2008-10-24 10:12 <DIR> d-------- c:\program files\VS Revo Group
2008-10-24 09:10 . 2008-10-24 09:10 <DIR> d-------- c:\program files\FLV Player
2008-10-24 08:38 . 2008-10-24 08:38 <DIR> d-------- c:\program files\Unlocker
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Real
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\Real
2008-10-24 08:35 . 2008-10-24 08:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-24 08:10 . 2008-10-25 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\ACD Systems
2008-10-24 00:01 . 2008-10-24 00:23 <DIR> d-------- c:\windows\NV38202988.TMP
2008-10-24 00:01 . 2008-09-17 22:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-10-23 22:40 . 2008-10-23 22:40 <DIR> d--hs---- c:\documents and settings\Aco29\UserData
2008-10-23 22:21 . 2008-10-28 23:35 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 17:51 196,608 ----a-w c:\windows\system32\drivers\nAsmedia.bin
2008-11-06 16:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 16:51 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-10-31 18:06 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-31 17:21 --------- d-----w c:\program files\IObit
2008-10-29 19:17 --------- d-----w c:\program files\ESET
2008-10-29 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-29 19:16 --------- d-----w c:\program files\Ashampoo
2008-10-27 13:54 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-24 09:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 09:18 --------- d-----w c:\program files\Mv2Player
2008-10-24 07:35 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-23 22:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-23 21:23 --------- d-----w c:\program files\Picasa2
2008-10-23 21:23 --------- d-----w c:\program files\Google
2008-10-23 21:21 --------- d-----w c:\program files\Skype
2008-10-23 21:21 --------- d-----w c:\program files\NetMeter
2008-10-23 21:21 --------- d-----w c:\program files\Common Files\Skype
2008-10-23 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-23 21:19 --------- d-----w c:\program files\Java
2008-10-23 21:19 --------- d-----w c:\program files\EASEUS
2008-10-23 21:19 --------- d-----w c:\program files\Common Files\Java
2008-10-23 21:17 --------- d-----w c:\program files\VideoLAN
2008-10-23 21:10 --------- d-----w c:\program files\TechSmith
2008-10-23 21:07 --------- d-----w c:\program files\Reference Assemblies
2008-10-23 21:07 --------- d-----w c:\program files\MSBuild
2008-10-23 20:59 --------- d-----w c:\program files\Video Convert Master
2008-10-23 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-23 20:59 --------- d-----w c:\documents and settings\Aco29\Application Data\TuneUp Software
2008-10-23 20:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 20:58 --------- d-----w c:\program files\ASUSTeK
2008-10-23 20:57 --------- d-----w c:\program files\AC3Filter
2008-10-23 20:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\program files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-10-23 20:53 --------- d-----w c:\documents and settings\Aco29\Application Data\Winamp
2008-10-23 20:51 --------- d-----w c:\program files\Winamp
2008-10-23 20:48 --------- d-----w c:\program files\CDex_140b9
2008-10-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-23 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-23 20:44 --------- d-----w c:\documents and settings\Aco29\Application Data\Malwarebytes
2008-10-23 20:43 --------- d-----w c:\documents and settings\Aco29\Application Data\Ashampoo
2008-10-23 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-10-23 20:41 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-23 20:41 --------- d-----w c:\program files\OVISLINK
2008-10-23 20:41 --------- d-----w c:\documents and settings\Aco29\Application Data\InstallShield
2008-10-23 20:38 --------- d-----w c:\program files\ASUS
2008-10-23 20:35 12,288 ----a-w c:\windows\system32\drivers\EIO64_xp.sys
2008-10-23 20:33 --------- d-----w c:\program files\My Company Name
2008-10-23 20:28 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 20:28 --------- d-----w c:\program files\Realtek
2008-10-23 20:26 --------- d-----w c:\program files\VIA
2008-10-23 20:20 --------- d-----w c:\program files\microsoft frontpage
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-09-20 07:16 170,496 ----a-w c:\windows\system32\BootMan.exe
2008-09-19 18:42 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2008-09-19 18:42 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2008-09-19 18:42 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2008-09-19 18:42 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2008-09-19 16:10 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2008-09-19 16:10 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2008-09-19 16:10 472,576 ----a-w c:\windows\system32\NTFSFormat.dll
2008-09-19 16:10 22,016 ----a-w c:\windows\system32\FatFormat.dll
2008-09-19 16:09 92,672 ----a-w c:\windows\system32\Partition.dll
2008-09-19 16:09 31,744 ----a-w c:\windows\system32\FatLib.dll
2008-09-19 16:09 179,200 ----a-w c:\windows\system32\DeviceManager.dll
2008-09-19 16:09 124,416 ----a-w c:\windows\system32\NTFSCopy.dll
2008-09-19 16:08 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2008-09-19 16:08 68,096 ----a-w c:\windows\system32\Device.dll
2008-09-19 16:08 6,144 ----a-w c:\windows\system32\CallbackOperator.dll
2008-09-19 16:08 44,032 ----a-w c:\windows\system32\FileSystemCheck.dll
2008-09-19 16:08 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2008-09-19 16:08 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2008-09-19 16:08 21,504 ----a-w c:\windows\system32\Fixup.dll
2008-09-19 16:08 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2008-09-19 16:08 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185872]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"="c:\windows\System32\drivers\mstinit.exe" [2008-11-06 81920]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"="c:\docume~1\Aco29\LOCALS~1\APPLIC~1\comrepl.exe" [2008-11-06 81920]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"="c:\docume~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe" [2008-11-06 81920]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-10-23 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=c:\docume~1\Aco29\APPLIC~1\MICROS~1\clipsrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2007-10-23 12416]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2007-10-23 10752]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-09-19 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-09-19 3072]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-28 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-07 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Aco29\Application Data\Mozilla\Firefox\Profiles\j3rktc11.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - www.google.com
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-07 19:56:27
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\ATKKBService.exe
c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-11-07 19:57:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-07 18:57:15

Pre-Run: 45,539,385,344 bytes free
Post-Run: 45,485,375,488 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

330 --- E O F --- 2008-11-05 14:18:43

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:uz malu napomenu da je seon restartovao u toku skeniranja e sad neznam jeli to tako treba evo logo..

Nije čudno da se Windows restartuje u toku procesa...

-------------------------------------------------------------------------------------


Uploaduj sledeći file: c:\windows\sessmgr.exe

preko ovog linka: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\sessmgr.exe
c:\windows\mstinit.exe
c:\windows\system\logman.exe
c:\windows\system32\drivers\mstinit.exe
c:\docume~1\Aco29\LOCALS~1\APPLIC~1\comrepl.exe
c:\docume~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe
c:\docume~1\Aco29\APPLIC~1\MICROS~1\clipsrv.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"MstInit"=-
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"ComRepl"=-
[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Esent Utl"=-
[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\windows]
"load"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Trazeni file sam okacio..a evo loga

ComboFix 08-11-07.01 - Aco29 2008-11-08 1:49:28.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1054 [GMT 1:00]
Running from: c:\documents and settings\Aco29\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aco29\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\docume~1\Aco29\APPLIC~1\MICROS~1\clipsrv.exe
c:\docume~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe
c:\docume~1\Aco29\LOCALS~1\APPLIC~1\comrepl.exe
c:\windows\mstinit.exe
c:\windows\sessmgr.exe
c:\windows\system\logman.exe
c:\windows\system32\drivers\mstinit.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Aco29\APPLIC~1\MICROS~1\clipsrv.exe
c:\docume~1\Aco29\APPLIC~1\MICROS~1\esentutl.exe
c:\docume~1\Aco29\LOCALS~1\APPLIC~1\comrepl.exe
c:\windows\mstinit.exe
c:\windows\sessmgr.exe
c:\windows\system\logman.exe
c:\windows\system32\drivers\mstinit.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-07 19:57 . 2008-11-06 22:07 81,920 --a------ c:\documents and settings\Aco29\Application Data\comrepl.exe
2008-11-07 18:45 . 2008-11-07 18:45 <DIR> d-------- c:\program files\Uniblue
2008-11-07 11:13 . 2008-11-07 11:13 244 --ah----- C:\sqmnoopt02.sqm
2008-11-07 11:13 . 2008-11-07 11:13 232 --ah----- C:\sqmdata02.sqm
2008-11-05 15:18 . 2008-11-05 15:18 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-04 17:02 . 2008-11-04 17:02 <DIR> d-------- c:\windows\Performance
2008-11-04 17:02 . 2008-11-04 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-11-02 20:50 . 2008-11-02 20:50 <DIR> d--h----- c:\windows\PIF
2008-11-01 17:42 . 2008-11-01 17:42 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 12:48 . 2008-11-01 12:51 <DIR> d-------- c:\program files\MP3Gain
2008-11-01 11:59 . 2008-11-07 19:06 <DIR> d-------- c:\program files\Lavalys
2008-11-01 11:39 . 2008-11-01 11:39 <DIR> d-------- c:\program files\PC Wizard 2008
2008-11-01 11:39 . 2007-09-15 16:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-11-01 00:46 . 2008-11-04 17:15 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-31 19:23 . 2008-10-31 19:23 <DIR> d-------- c:\program files\Common Files\VCAMEye
2008-10-31 19:23 . 2005-06-20 21:27 390,912 --a------ c:\windows\system32\drivers\snpstd.sys
2008-10-31 19:23 . 2004-06-10 13:48 286,720 --a------ c:\windows\vsnpstd.exe
2008-10-31 19:23 . 2005-04-15 06:20 98,304 --a------ c:\windows\system32\rsnpstd.dll
2008-10-31 19:23 . 2004-02-16 13:59 61,440 --a------ c:\windows\system32\csnpstd.dll
2008-10-31 19:23 . 2004-05-06 11:22 53,248 --a------ c:\windows\system32\dsnpstd.dll
2008-10-31 19:23 . 2004-09-24 10:58 36,864 --a------ c:\windows\system32\vsnpstd.dll
2008-10-31 19:23 . 2005-05-30 23:09 36,864 --a------ c:\windows\system32\dsnpstd.ax
2008-10-31 19:23 . 2003-01-17 17:34 15,541 --a------ c:\windows\snpstd.ini
2008-10-31 19:23 . 2003-01-17 17:35 13,023 --a------ c:\windows\snpstd.src
2008-10-31 18:09 . 2008-10-31 18:10 <DIR> d-------- c:\program files\QuickTime
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\program files\Apple Software Update
2008-10-31 18:09 . 2008-10-31 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-31 18:03 . 2008-10-31 18:03 0 --a------ c:\windows\mngui.INI
2008-10-31 17:54 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Teleca
2008-10-31 17:54 . 2007-04-23 15:54 108,680 -ra------ c:\windows\system32\drivers\s115mdm.sys
2008-10-31 17:54 . 2007-04-23 15:54 100,488 -ra------ c:\windows\system32\drivers\s115mgmt.sys
2008-10-31 17:54 . 2007-04-23 15:54 98,568 -ra------ c:\windows\system32\drivers\s115obex.sys
2008-10-31 17:54 . 2007-04-23 15:54 83,208 -ra------ c:\windows\system32\drivers\s115bus.sys
2008-10-31 17:54 . 2007-04-23 15:54 15,112 -ra------ c:\windows\system32\drivers\s115mdfl.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115whnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115wh.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cmnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cm.sys
2008-10-31 17:52 . 2008-10-31 22:53 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-10-31 17:52 . 2008-10-31 17:52 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Sony Ericsson
2008-10-31 17:51 . 2008-10-31 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca
2008-10-31 17:51 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-30 19:22 . 2008-10-30 19:22 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-30 18:15 . 2008-10-30 18:15 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Lavasoft
2008-10-30 18:08 . 2008-11-06 00:30 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 17:51 . 2008-10-31 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 17:50 . 2008-10-31 22:44 <DIR> d-------- c:\program files\Lavasoft
2008-10-30 17:49 . 2008-10-30 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prevx
2008-10-30 17:26 . 2008-10-30 17:26 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 17:26 . 2004-03-09 00:00 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-10-29 19:10 . 2008-10-29 19:12 90 --a------ c:\windows\ae_mini.INI
2008-10-29 19:07 . 2008-10-29 19:07 399 --a------ c:\windows\asr.INI
2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-29 19:00 . 2008-10-29 19:05 <DIR> d-------- c:\documents and settings\Aco29\dwhelper
2008-10-29 18:49 . 2008-10-29 18:49 <DIR> d-------- c:\windows\Sun
2008-10-28 00:40 . 2008-10-28 00:40 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-10-28 00:40 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-10-27 23:38 . 2008-10-27 23:55 2,211,894 --a------ c:\windows\ACD Wallpaper.bmp
2008-10-27 21:20 . 2008-10-27 21:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\dvdcss
2008-10-27 20:07 . 2008-11-06 22:10 <DIR> d-------- c:\program files\eMule
2008-10-27 19:24 . 2008-10-28 16:05 <DIR> d-------- c:\documents and settings\Aco29\Application Data\skypePM
2008-10-27 19:24 . 2008-10-27 19:24 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 17:18 . 2008-10-27 17:18 <DIR> d-------- c:\documents and settings\Aco29\Application Data\CyberLink
2008-10-27 14:54 . 2008-10-27 14:54 <DIR> d-------- c:\program files\VSO
2008-10-27 14:54 . 2008-10-27 21:12 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Vso
2008-10-27 14:54 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-10-27 14:54 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-10-27 14:54 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-10-27 14:54 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-10-27 14:54 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-10-27 14:54 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-10-27 14:54 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-10-27 14:54 . 2008-10-27 14:54 47,360 --a------ c:\documents and settings\Aco29\Application Data\pcouffin.sys
2008-10-26 10:01 . 2008-10-26 10:20 <DIR> d-------- c:\program files\Readon Technology
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-25 11:51 . 2008-10-25 12:46 <DIR> d-------- c:\program files\Webteh
2008-10-24 18:57 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-24 18:57 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-24 18:57 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-24 18:29 . 2008-10-24 18:29 <DIR> d-------- c:\documents and settings\Aco29\Application Data\vlc
2008-10-24 16:23 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-24 10:54 . 2008-10-24 11:01 <DIR> d-------- c:\program files\Windows Live
2008-10-24 10:54 . 2008-10-24 10:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-24 10:53 . 2008-10-24 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 10:50 . 2008-10-24 10:50 <DIR> d-------- c:\documents and settings\Aco29\Contacts
2008-10-24 10:47 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-24 10:20 . 2008-10-24 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Uniblue
2008-10-24 10:18 . 2008-10-24 10:16 737,280 --a------ c:\windows\iun6002.exe
2008-10-24 10:17 . 2008-10-24 10:18 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-10-24 10:12 . 2008-10-24 10:12 <DIR> d-------- c:\program files\VS Revo Group
2008-10-24 09:10 . 2008-10-24 09:10 <DIR> d-------- c:\program files\FLV Player
2008-10-24 08:38 . 2008-10-24 08:38 <DIR> d-------- c:\program files\Unlocker
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Real
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\Real
2008-10-24 08:35 . 2008-10-24 08:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-24 08:10 . 2008-10-25 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\ACD Systems
2008-10-24 00:01 . 2008-10-24 00:23 <DIR> d-------- c:\windows\NV38202988.TMP
2008-10-24 00:01 . 2008-09-17 22:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-10-23 22:40 . 2008-10-23 22:40 <DIR> d--hs---- c:\documents and settings\Aco29\UserData
2008-10-23 22:21 . 2008-10-28 23:35 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-07 22:56 196,608 ----a-w c:\windows\system32\drivers\nAsmedia.bin
2008-11-06 16:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 16:51 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-10-31 18:06 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-31 17:21 --------- d-----w c:\program files\IObit
2008-10-29 19:17 --------- d-----w c:\program files\ESET
2008-10-29 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-29 19:16 --------- d-----w c:\program files\Ashampoo
2008-10-27 13:54 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-24 09:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 09:18 --------- d-----w c:\program files\Mv2Player
2008-10-24 07:35 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-23 22:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-23 21:23 --------- d-----w c:\program files\Picasa2
2008-10-23 21:23 --------- d-----w c:\program files\Google
2008-10-23 21:21 --------- d-----w c:\program files\Skype
2008-10-23 21:21 --------- d-----w c:\program files\NetMeter
2008-10-23 21:21 --------- d-----w c:\program files\Common Files\Skype
2008-10-23 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-23 21:19 --------- d-----w c:\program files\Java
2008-10-23 21:19 --------- d-----w c:\program files\EASEUS
2008-10-23 21:19 --------- d-----w c:\program files\Common Files\Java
2008-10-23 21:17 --------- d-----w c:\program files\VideoLAN
2008-10-23 21:10 --------- d-----w c:\program files\TechSmith
2008-10-23 21:07 --------- d-----w c:\program files\Reference Assemblies
2008-10-23 21:07 --------- d-----w c:\program files\MSBuild
2008-10-23 20:59 --------- d-----w c:\program files\Video Convert Master
2008-10-23 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-23 20:59 --------- d-----w c:\documents and settings\Aco29\Application Data\TuneUp Software
2008-10-23 20:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 20:58 --------- d-----w c:\program files\ASUSTeK
2008-10-23 20:57 --------- d-----w c:\program files\AC3Filter
2008-10-23 20:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\program files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-10-23 20:53 --------- d-----w c:\documents and settings\Aco29\Application Data\Winamp
2008-10-23 20:51 --------- d-----w c:\program files\Winamp
2008-10-23 20:48 --------- d-----w c:\program files\CDex_140b9
2008-10-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-23 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-23 20:44 --------- d-----w c:\documents and settings\Aco29\Application Data\Malwarebytes
2008-10-23 20:43 --------- d-----w c:\documents and settings\Aco29\Application Data\Ashampoo
2008-10-23 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-10-23 20:41 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-23 20:41 --------- d-----w c:\program files\OVISLINK
2008-10-23 20:41 --------- d-----w c:\documents and settings\Aco29\Application Data\InstallShield
2008-10-23 20:38 --------- d-----w c:\program files\ASUS
2008-10-23 20:35 12,288 ----a-w c:\windows\system32\drivers\EIO64_xp.sys
2008-10-23 20:33 --------- d-----w c:\program files\My Company Name
2008-10-23 20:28 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 20:28 --------- d-----w c:\program files\Realtek
2008-10-23 20:26 --------- d-----w c:\program files\VIA
2008-10-23 20:20 --------- d-----w c:\program files\microsoft frontpage
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-09-20 07:16 170,496 ----a-w c:\windows\system32\BootMan.exe
2008-09-19 18:42 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2008-09-19 18:42 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2008-09-19 18:42 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2008-09-19 18:42 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2008-09-19 16:10 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2008-09-19 16:10 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2008-09-19 16:10 472,576 ----a-w c:\windows\system32\NTFSFormat.dll
2008-09-19 16:10 22,016 ----a-w c:\windows\system32\FatFormat.dll
2008-09-19 16:09 92,672 ----a-w c:\windows\system32\Partition.dll
2008-09-19 16:09 31,744 ----a-w c:\windows\system32\FatLib.dll
2008-09-19 16:09 179,200 ----a-w c:\windows\system32\DeviceManager.dll
2008-09-19 16:09 124,416 ----a-w c:\windows\system32\NTFSCopy.dll
2008-09-19 16:08 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2008-09-19 16:08 68,096 ----a-w c:\windows\system32\Device.dll
2008-09-19 16:08 6,144 ----a-w c:\windows\system32\CallbackOperator.dll
2008-09-19 16:08 44,032 ----a-w c:\windows\system32\FileSystemCheck.dll
2008-09-19 16:08 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2008-09-19 16:08 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2008-09-19 16:08 21,504 ----a-w c:\windows\system32\Fixup.dll
2008-09-19 16:08 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2008-09-19 16:08 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185872]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-10-23 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2007-10-23 12416]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2007-10-23 10752]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-09-19 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-09-19 3072]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-28 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 01:51:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-08 1:51:32
ComboFix-quarantined-files.txt 2008-11-08 00:51:28
ComboFix2.txt 2008-11-07 18:57:20

Pre-Run: 45,419,560,960 bytes free
Post-Run: 45,441,515,520 bytes free

307 --- E O F --- 2008-11-05 14:18:43

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\Aco29\Application Data\comrepl.exe

DirLook::
c:\program files\My Company Name


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo logo dr Bora..

ComboFix 08-11-07.01 - Aco29 2008-11-08 13:42:49.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1010 [GMT 1:00]
Running from: c:\documents and settings\Aco29\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Aco29\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


FILE ::
c:\documents and settings\Aco29\Application Data\comrepl.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Aco29\Application Data\comrepl.exe

.
((((((((((((((((((((((((( Files Created from 2008-10-08 to 2008-11-08 )))))))))))))))))))))))))))))))
.

2008-11-08 13:35 . 2008-11-08 13:35 <DIR> d-------- c:\windows\LastGood
2008-11-08 13:31 . 2008-11-08 13:32 <DIR> d-------- c:\program files\direkt
2008-11-07 18:45 . 2008-11-07 18:45 <DIR> d-------- c:\program files\Uniblue
2008-11-07 11:13 . 2008-11-07 11:13 244 --ah----- C:\sqmnoopt02.sqm
2008-11-07 11:13 . 2008-11-07 11:13 232 --ah----- C:\sqmdata02.sqm
2008-11-05 15:18 . 2008-11-05 15:18 <DIR> d-------- c:\program files\MSXML 4.0
2008-11-04 17:02 . 2008-11-04 17:02 <DIR> d-------- c:\windows\Performance
2008-11-04 17:02 . 2008-11-04 17:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Corporation
2008-11-02 20:50 . 2008-11-02 20:50 <DIR> d--h----- c:\windows\PIF
2008-11-01 17:42 . 2008-11-01 17:42 <DIR> d--hs---- c:\windows\ftpcache
2008-11-01 12:48 . 2008-11-01 12:51 <DIR> d-------- c:\program files\MP3Gain
2008-11-01 11:59 . 2008-11-07 19:06 <DIR> d-------- c:\program files\Lavalys
2008-11-01 11:39 . 2008-11-01 11:39 <DIR> d-------- c:\program files\PC Wizard 2008
2008-11-01 11:39 . 2007-09-15 16:11 27,136 --a------ c:\windows\system32\PCWizard.cpl
2008-11-01 00:46 . 2008-11-04 17:15 <DIR> d-------- c:\windows\BDOSCAN8
2008-10-31 19:23 . 2008-10-31 19:23 <DIR> d-------- c:\program files\Common Files\VCAMEye
2008-10-31 19:23 . 2005-06-20 21:27 390,912 --a------ c:\windows\system32\drivers\snpstd.sys
2008-10-31 19:23 . 2004-06-10 13:48 286,720 --a------ c:\windows\vsnpstd.exe
2008-10-31 19:23 . 2005-04-15 06:20 98,304 --a------ c:\windows\system32\rsnpstd.dll
2008-10-31 19:23 . 2004-02-16 13:59 61,440 --a------ c:\windows\system32\csnpstd.dll
2008-10-31 19:23 . 2004-05-06 11:22 53,248 --a------ c:\windows\system32\dsnpstd.dll
2008-10-31 19:23 . 2004-09-24 10:58 36,864 --a------ c:\windows\system32\vsnpstd.dll
2008-10-31 19:23 . 2005-05-30 23:09 36,864 --a------ c:\windows\system32\dsnpstd.ax
2008-10-31 19:23 . 2003-01-17 17:34 15,541 --a------ c:\windows\snpstd.ini
2008-10-31 19:23 . 2003-01-17 17:35 13,023 --a------ c:\windows\snpstd.src
2008-10-31 18:09 . 2008-10-31 18:10 <DIR> d-------- c:\program files\QuickTime
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\program files\Apple Software Update
2008-10-31 18:09 . 2008-10-31 22:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple Computer
2008-10-31 18:09 . 2008-10-31 18:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple
2008-10-31 18:03 . 2008-10-31 18:03 0 --a------ c:\windows\mngui.INI
2008-10-31 17:54 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Teleca
2008-10-31 17:54 . 2007-04-23 15:54 108,680 -ra------ c:\windows\system32\drivers\s115mdm.sys
2008-10-31 17:54 . 2007-04-23 15:54 100,488 -ra------ c:\windows\system32\drivers\s115mgmt.sys
2008-10-31 17:54 . 2007-04-23 15:54 98,568 -ra------ c:\windows\system32\drivers\s115obex.sys
2008-10-31 17:54 . 2007-04-23 15:54 83,208 -ra------ c:\windows\system32\drivers\s115bus.sys
2008-10-31 17:54 . 2007-04-23 15:54 15,112 -ra------ c:\windows\system32\drivers\s115mdfl.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115whnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115wh.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cmnt.sys
2008-10-31 17:54 . 2007-04-23 15:54 12,424 -ra------ c:\windows\system32\drivers\s115cm.sys
2008-10-31 17:52 . 2008-10-31 22:53 <DIR> d-------- c:\program files\Common Files\Teleca Shared
2008-10-31 17:52 . 2008-10-31 17:52 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Sony Ericsson
2008-10-31 17:51 . 2008-10-31 22:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\Teleca
2008-10-31 17:51 . 2008-10-31 22:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-30 19:22 . 2008-10-30 19:22 <DIR> d-------- c:\program files\Microsoft Silverlight
2008-10-30 18:15 . 2008-10-30 18:15 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Lavasoft
2008-10-30 18:08 . 2008-11-06 00:30 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-10-30 17:51 . 2008-10-31 22:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-10-30 17:50 . 2008-10-31 22:44 <DIR> d-------- c:\program files\Lavasoft
2008-10-30 17:49 . 2008-10-30 17:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\Prevx
2008-10-30 17:26 . 2008-10-30 17:26 <DIR> d-------- c:\windows\system32\GroupPolicy
2008-10-30 17:26 . 2004-03-09 00:00 1,081,616 --a------ c:\windows\system32\MSCOMCTL.OCX
2008-10-29 19:10 . 2008-10-29 19:12 90 --a------ c:\windows\ae_mini.INI
2008-10-29 19:07 . 2008-10-29 19:07 399 --a------ c:\windows\asr.INI
2008-10-29 19:04 . 2008-10-29 19:04 <DIR> d-------- c:\program files\Common Files\Adobe
2008-10-29 19:00 . 2008-10-29 19:05 <DIR> d-------- c:\documents and settings\Aco29\dwhelper
2008-10-29 18:49 . 2008-10-29 18:49 <DIR> d-------- c:\windows\Sun
2008-10-28 00:40 . 2008-10-28 00:40 355,584 --a------ c:\windows\system32\TuneUpDefragService.exe
2008-10-28 00:40 . 2008-05-29 09:28 28,416 --a------ c:\windows\system32\uxtuneup.dll
2008-10-27 23:38 . 2008-10-27 23:55 2,211,894 --a------ c:\windows\ACD Wallpaper.bmp
2008-10-27 21:20 . 2008-10-27 21:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\dvdcss
2008-10-27 20:07 . 2008-11-06 22:10 <DIR> d-------- c:\program files\eMule
2008-10-27 19:24 . 2008-10-28 16:05 <DIR> d-------- c:\documents and settings\Aco29\Application Data\skypePM
2008-10-27 19:24 . 2008-10-27 19:24 56 --ah----- c:\windows\system32\ezsidmv.dat
2008-10-27 17:18 . 2008-10-27 17:18 <DIR> d-------- c:\documents and settings\Aco29\Application Data\CyberLink
2008-10-27 14:54 . 2008-10-27 14:54 <DIR> d-------- c:\program files\VSO
2008-10-27 14:54 . 2008-10-27 21:12 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Vso
2008-10-27 14:54 . 2004-05-04 12:53 1,645,320 --a------ c:\windows\gdiplus.dll
2008-10-27 14:54 . 2006-05-20 17:16 1,184,984 --a------ c:\windows\system32\wvc1dmod.dll
2008-10-27 14:54 . 2006-05-11 20:21 626,688 --a------ c:\windows\system32\vp7vfw.dll
2008-10-27 14:54 . 2006-09-29 13:24 217,127 --a------ c:\windows\system32\drv43260.dll
2008-10-27 14:54 . 2006-09-29 13:25 208,935 --a------ c:\windows\system32\drv33260.dll
2008-10-27 14:54 . 2006-09-29 13:26 176,165 --a------ c:\windows\system32\drv23260.dll
2008-10-27 14:54 . 2007-03-18 21:37 65,602 --a------ c:\windows\system32\cook3260.dll
2008-10-27 14:54 . 2008-10-27 14:54 47,360 --a------ c:\documents and settings\Aco29\Application Data\pcouffin.sys
2008-10-26 10:01 . 2008-10-26 10:20 <DIR> d-------- c:\program files\Readon Technology
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2008-10-25 13:12 . 2008-04-13 23:15 10,368 --a--c--- c:\windows\system32\dllcache\hidusb.sys
2008-10-25 11:51 . 2008-10-25 12:46 <DIR> d-------- c:\program files\Webteh
2008-10-24 18:57 . 2007-07-30 18:19 271,224 --a------ c:\windows\system32\mucltui.dll
2008-10-24 18:57 . 2007-07-30 18:19 207,736 --a------ c:\windows\system32\muweb.dll
2008-10-24 18:57 . 2007-07-30 18:19 30,072 --a------ c:\windows\system32\mucltui.dll.mui
2008-10-24 18:29 . 2008-10-24 18:29 <DIR> d-------- c:\documents and settings\Aco29\Application Data\vlc
2008-10-24 16:23 . 2008-04-13 23:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2008-10-24 10:54 . 2008-10-24 11:01 <DIR> d-------- c:\program files\Windows Live
2008-10-24 10:54 . 2008-10-24 10:56 <DIR> d--hsc--- c:\program files\Common Files\WindowsLiveInstaller
2008-10-24 10:53 . 2008-10-24 10:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\WLInstaller
2008-10-24 10:50 . 2008-10-24 10:50 <DIR> d-------- c:\documents and settings\Aco29\Contacts
2008-10-24 10:47 . 2008-10-22 15:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-24 10:20 . 2008-10-24 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Uniblue
2008-10-24 10:18 . 2008-10-24 10:16 737,280 --a------ c:\windows\iun6002.exe
2008-10-24 10:17 . 2008-10-24 10:18 <DIR> d-------- c:\program files\Codec Pack - All In 1
2008-10-24 10:12 . 2008-10-24 10:12 <DIR> d-------- c:\program files\VS Revo Group
2008-10-24 09:10 . 2008-10-24 09:10 <DIR> d-------- c:\program files\FLV Player
2008-10-24 08:38 . 2008-10-24 08:38 <DIR> d-------- c:\program files\Unlocker
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Real
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\xing shared
2008-10-24 08:35 . 2008-10-24 08:35 <DIR> d-------- c:\program files\Common Files\Real
2008-10-24 08:35 . 2008-10-24 08:35 499,712 --a------ c:\windows\system32\msvcp71.dll
2008-10-24 08:10 . 2008-10-25 10:20 <DIR> d-------- c:\documents and settings\Aco29\Application Data\ACD Systems
2008-10-24 00:01 . 2008-10-24 00:23 <DIR> d-------- c:\windows\NV38202988.TMP
2008-10-24 00:01 . 2008-09-17 22:55 201,050 --a------ c:\windows\system32\nvapps.nvb
2008-10-23 22:40 . 2008-10-23 22:40 <DIR> d--hs---- c:\documents and settings\Aco29\UserData
2008-10-23 22:21 . 2008-10-28 23:35 <DIR> d-------- c:\documents and settings\Aco29\Application Data\Skype

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-08 11:22 196,608 ----a-w c:\windows\system32\drivers\nAsmedia.bin
2008-11-06 16:08 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-01 16:51 196,608 ----a-w c:\windows\system32\drivers\nStandard.bin
2008-10-31 18:06 --------- d-----w c:\program files\TuneUp Utilities 2008
2008-10-31 17:21 --------- d-----w c:\program files\IObit
2008-10-29 19:17 --------- d-----w c:\program files\ESET
2008-10-29 19:17 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-10-29 19:16 --------- d-----w c:\program files\Ashampoo
2008-10-27 13:54 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2008-10-27 09:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 09:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 09:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 09:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-24 09:48 --------- d-----w c:\program files\Malwarebytes' Anti-Malware
2008-10-24 09:18 --------- d-----w c:\program files\Mv2Player
2008-10-24 07:35 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-10-23 22:28 --------- d-----w c:\program files\Windows Media Connect 2
2008-10-23 21:23 --------- d-----w c:\program files\Picasa2
2008-10-23 21:23 --------- d-----w c:\program files\Google
2008-10-23 21:21 --------- d-----w c:\program files\Skype
2008-10-23 21:21 --------- d-----w c:\program files\NetMeter
2008-10-23 21:21 --------- d-----w c:\program files\Common Files\Skype
2008-10-23 21:20 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-10-23 21:19 --------- d-----w c:\program files\Java
2008-10-23 21:19 --------- d-----w c:\program files\EASEUS
2008-10-23 21:19 --------- d-----w c:\program files\Common Files\Java
2008-10-23 21:17 --------- d-----w c:\program files\VideoLAN
2008-10-23 21:10 --------- d-----w c:\program files\TechSmith
2008-10-23 21:07 --------- d-----w c:\program files\Reference Assemblies
2008-10-23 21:07 --------- d-----w c:\program files\MSBuild
2008-10-23 20:59 --------- d-----w c:\program files\Video Convert Master
2008-10-23 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-10-23 20:59 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software
2008-10-23 20:59 --------- d-----w c:\documents and settings\Aco29\Application Data\TuneUp Software
2008-10-23 20:58 --------- d-----w c:\program files\Common Files\InstallShield
2008-10-23 20:58 --------- d-----w c:\program files\ASUSTeK
2008-10-23 20:57 --------- d-----w c:\program files\AC3Filter
2008-10-23 20:54 --------- d-----w c:\program files\Common Files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\program files\ACD Systems
2008-10-23 20:54 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2008-10-23 20:53 --------- d-----w c:\documents and settings\Aco29\Application Data\Winamp
2008-10-23 20:51 --------- d-----w c:\program files\Winamp
2008-10-23 20:48 --------- d-----w c:\program files\CDex_140b9
2008-10-23 20:48 --------- d-----w c:\documents and settings\All Users\Application Data\WinZip
2008-10-23 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2008-10-23 20:44 --------- d-----w c:\documents and settings\Aco29\Application Data\Malwarebytes
2008-10-23 20:43 --------- d-----w c:\documents and settings\Aco29\Application Data\Ashampoo
2008-10-23 20:42 --------- d-----w c:\documents and settings\All Users\Application Data\ashampoo
2008-10-23 20:41 21,419 ----a-w c:\windows\system32\drivers\AegisP.sys
2008-10-23 20:41 --------- d-----w c:\program files\OVISLINK
2008-10-23 20:41 --------- d-----w c:\documents and settings\Aco29\Application Data\InstallShield
2008-10-23 20:38 --------- d-----w c:\program files\ASUS
2008-10-23 20:35 12,288 ----a-w c:\windows\system32\drivers\EIO64_xp.sys
2008-10-23 20:33 --------- d-----w c:\program files\My Company Name
2008-10-23 20:28 315,392 ----a-w c:\windows\HideWin.exe
2008-10-23 20:28 --------- d-----w c:\program files\Realtek
2008-10-23 20:26 --------- d-----w c:\program files\VIA
2008-10-23 20:20 --------- d-----w c:\program files\microsoft frontpage
2008-10-22 14:10 15,504 ----a-w c:\windows\system32\drivers\mbam.sys
2008-10-10 03:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 03:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 03:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-09-20 07:16 170,496 ----a-w c:\windows\system32\BootMan.exe
2008-09-19 18:42 86,408 ----a-w c:\windows\system32\setupempdrv03.exe
2008-09-19 18:42 8,704 ----a-w c:\windows\system32\epmntdrv.sys
2008-09-19 18:42 3,072 ----a-w c:\windows\system32\EuGdiDrv.sys
2008-09-19 18:42 14,848 ----a-w c:\windows\system32\EuEpmGdi.dll
2008-09-19 16:10 86,016 ----a-w c:\windows\system32\ResizeNTFS.dll
2008-09-19 16:10 61,952 ----a-w c:\windows\system32\FatResizeMove.dll
2008-09-19 16:10 472,576 ----a-w c:\windows\system32\NTFSFormat.dll
2008-09-19 16:10 22,016 ----a-w c:\windows\system32\FatFormat.dll
2008-09-19 16:09 92,672 ----a-w c:\windows\system32\Partition.dll
2008-09-19 16:09 31,744 ----a-w c:\windows\system32\FatLib.dll
2008-09-19 16:09 179,200 ----a-w c:\windows\system32\DeviceManager.dll
2008-09-19 16:09 124,416 ----a-w c:\windows\system32\NTFSCopy.dll
2008-09-19 16:08 86,528 ----a-w c:\windows\system32\NTFSLib.dll
2008-09-19 16:08 68,096 ----a-w c:\windows\system32\Device.dll
2008-09-19 16:08 6,144 ----a-w c:\windows\system32\CallbackOperator.dll
2008-09-19 16:08 44,032 ----a-w c:\windows\system32\FileSystemCheck.dll
2008-09-19 16:08 25,088 ----a-w c:\windows\system32\FATFileSystemAnalyser.dll
2008-09-19 16:08 24,576 ----a-w c:\windows\system32\NTFSFileSystemAnalyser.dll
2008-09-19 16:08 21,504 ----a-w c:\windows\system32\Fixup.dll
2008-09-19 16:08 14,848 ----a-w c:\windows\system32\FileSystemAnalyser.dll
2008-09-19 16:08 10,752 ----a-w c:\windows\system32\DeviceAdapter.dll
2008-09-15 12:12 1,846,400 ----a-w c:\windows\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2008-08-26 07:24 826,368 ----a-w c:\windows\system32\wininet.dll
2008-08-14 10:11 2,189,184 ----a-w c:\windows\system32\ntoskrnl.exe
2008-08-14 09:33 2,066,048 ----a-w c:\windows\system32\ntkrnlpa.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of c:\program files\My Company Name ----



((((((((((((((((((((((((((((( snapshot@2008-11-07_19.56.52.50 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-01 09:06:24 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2008-11-08 12:32:39 53,248 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2008-11-01 09:06:24 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2008-11-08 12:32:39 12,800 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
- 2008-11-01 09:06:24 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2008-11-08 12:32:39 473,600 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2008-11-01 09:06:22 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:37 2,676,224 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:22 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:37 2,846,720 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:37 563,712 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:37 567,296 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:38 576,000 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:38 577,024 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:38 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:38 577,536 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:23 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:38 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:24 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2008-11-08 12:32:39 578,560 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2008-11-01 09:06:24 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2008-11-08 12:32:39 145,920 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2008-11-01 09:06:25 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2008-11-08 12:32:39 159,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2008-11-01 09:06:25 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2008-11-08 12:32:39 364,544 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2008-11-01 09:06:25 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2008-11-08 12:32:39 178,176 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2008-11-01 09:06:24 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-11-08 12:32:39 223,232 ----a-w c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2008-05-30 13:17:40 97,288 ----a-w c:\windows\LastGood\system32\directx\websetup\dsetup.dll
+ 2008-05-30 13:17:38 1,694,728 ----a-w c:\windows\LastGood\system32\directx\websetup\dsetup32.dll
+ 2007-03-12 15:42:30 1,123,696 ----a-w c:\windows\system32\D3DCompiler_33.dll
+ 2007-05-16 15:45:16 1,124,720 ----a-w c:\windows\system32\D3DCompiler_34.dll
+ 2007-07-19 17:14:42 1,358,192 ----a-w c:\windows\system32\D3DCompiler_35.dll
+ 2007-10-12 14:14:00 1,374,232 ----a-w c:\windows\system32\D3DCompiler_36.dll
+ 2008-03-05 14:56:58 1,420,824 ----a-w c:\windows\system32\D3DCompiler_37.dll
+ 2008-05-30 13:11:46 1,491,992 ----a-w c:\windows\system32\D3DCompiler_38.dll
+ 2008-07-10 10:00:58 1,493,528 ----a-w c:\windows\system32\D3DCompiler_39.dll
+ 2007-03-15 15:57:58 443,752 ----a-w c:\windows\system32\d3dx10_33.dll
+ 2007-05-16 15:45:16 443,752 ----a-w c:\windows\system32\d3dx10_34.dll
+ 2007-07-19 17:14:42 444,776 ----a-w c:\windows\system32\d3dx10_35.dll
+ 2007-10-02 08:56:34 444,776 ----a-w c:\windows\system32\d3dx10_36.dll
+ 2008-02-05 22:07:36 462,864 ----a-w c:\windows\system32\d3dx10_37.dll
+ 2008-05-30 13:11:46 467,984 ----a-w c:\windows\system32\d3dx10_38.dll
+ 2008-07-10 10:01:00 467,984 ----a-w c:\windows\system32\d3dx10_39.dll
+ 2006-09-28 15:05:20 2,414,360 ----a-w c:\windows\system32\d3dx9_31.dll
+ 2006-11-29 12:06:18 3,426,072 ----a-w c:\windows\system32\d3dx9_32.dll
+ 2007-03-12 15:42:30 3,495,784 ----a-w c:\windows\system32\d3dx9_33.dll
+ 2007-05-16 15:45:16 3,497,832 ----a-w c:\windows\system32\d3dx9_34.dll
+ 2007-07-19 17:14:42 3,727,720 ----a-w c:\windows\system32\d3dx9_35.dll
+ 2007-10-12 14:14:00 3,734,536 ----a-w c:\windows\system32\d3dx9_36.dll
+ 2008-03-05 14:56:58 3,786,760 ----a-w c:\windows\system32\D3DX9_37.dll
+ 2008-05-30 13:11:46 3,850,760 ----a-w c:\windows\system32\D3DX9_38.dll
+ 2008-07-10 10:00:58 3,851,784 ----a-w c:\windows\system32\D3DX9_39.dll
+ 2007-03-05 11:42:18 15,128 ----a-w c:\windows\system32\x3daudio1_1.dll
+ 2007-10-22 02:37:16 17,928 ----a-w c:\windows\system32\X3DAudio1_2.dll
+ 2008-03-05 15:00:06 25,608 ----a-w c:\windows\system32\X3DAudio1_3.dll
+ 2008-05-30 13:17:00 25,608 ----a-w c:\windows\system32\X3DAudio1_4.dll
+ 2007-10-22 02:39:54 267,272 ----a-w c:\windows\system32\xactengine2_10.dll
- 2006-07-28 07:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-07-28 08:30:32 236,824 ----a-w c:\windows\system32\xactengine2_3.dll
+ 2006-09-28 15:05:56 237,848 ----a-w c:\windows\system32\xactengine2_4.dll
+ 2006-12-08 11:02:00 251,672 ----a-w c:\windows\system32\xactengine2_5.dll
+ 2007-01-24 14:27:30 255,848 ----a-w c:\windows\system32\xactengine2_6.dll
+ 2007-04-04 17:55:00 261,480 ----a-w c:\windows\system32\xactengine2_7.dll
+ 2007-06-20 19:46:04 266,088 ----a-w c:\windows\system32\xactengine2_8.dll
+ 2007-07-19 23:57:12 267,112 ----a-w c:\windows\system32\xactengine2_9.dll
+ 2008-03-05 15:03:20 238,088 ----a-w c:\windows\system32\xactengine3_0.dll
+ 2008-05-30 13:18:52 238,088 ----a-w c:\windows\system32\xactengine3_1.dll
+ 2008-07-30 05:20:54 238,088 ----a-w c:\windows\system32\xactengine3_2.dll
+ 2008-05-30 13:17:30 65,032 ----a-w c:\windows\system32\XAPOFX1_0.dll
+ 2008-07-30 05:20:56 68,616 ----a-w c:\windows\system32\XAPOFX1_1.dll
+ 2008-03-05 15:03:54 479,752 ----a-w c:\windows\system32\XAudio2_0.dll
+ 2008-05-30 13:19:18 507,400 ----a-w c:\windows\system32\XAudio2_1.dll
+ 2008-07-30 05:20:56 509,448 ----a-w c:\windows\system32\XAudio2_2.dll
- 2006-07-28 07:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2006-07-28 08:30:14 62,744 ----a-w c:\windows\system32\xinput1_2.dll
+ 2007-04-04 17:53:42 81,768 ----a-w c:\windows\system32\xinput1_3.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"c:\program files\NetMeter\NetMeter.exe"="c:\program files\NetMeter\NetMeter.exe" [2007-08-11 331264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-04 36352]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-17 86016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-10-24 185872]
"RTHDCPL"="RTHDCPL.EXE" [2007-02-26 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]
"nwiz"="nwiz.exe" [2008-09-17 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive 802.11G Wireless Utility.lnk - c:\program files\OVISLINK\Common\AirliveUI.exe [2008-10-23 1290240]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ASUS SmartDoctor"=c:\program files\ASUS\SmartDoctor\SmartDoctor.exe /start

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ASUSGamerOSD"=c:\program files\ASUS\GamerOSD\GamerOSD.exe
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe"
"RemoteControl"="c:\program files\ASUSTeK\ASUSDVD\PDVDServ.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"snpstd"=c:\windows\vsnpstd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 ViBus;ViBus;c:\windows\system32\DRIVERS\ViBus.sys [2007-03-26 16896]
R0 videX32;videX32;c:\windows\system32\DRIVERS\videX32.sys [2007-03-29 9216]
R0 ViPrt;VIA SATA IDE Device Driver;c:\windows\system32\DRIVERS\ViPrt.sys [2007-03-26 52224]
R1 EIO_XP;EIO_XP;c:\windows\system32\drivers\EIO_XP.sys [2006-06-14 12288]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336]
R3 asusgsb;ASUS Virtual Video Capture Device Driver;c:\windows\system32\drivers\asusgsb.sys [2007-10-23 12416]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\Drivers\Video3D32.sys [2007-10-23 10752]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2008-09-19 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2008-09-19 3072]
S3 FET5X86V;VIA Rhine-Family Fast-Ethernet Adapter Driver Service;c:\windows\system32\DRIVERS\fetnd5bv.sys [2007-02-27 42496]
S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\DRIVERS\s115bus.sys [2007-04-23 83208]
S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s115mdfl.sys [2007-04-23 15112]
S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s115mdm.sys [2007-04-23 108680]
S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s115mgmt.sys [2007-04-23 100488]
S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s115obex.sys [2007-04-23 98568]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-10-28 355584]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2008-11-08 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 09:09]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-08 13:45:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-11-08 13:45:33
ComboFix-quarantined-files.txt 2008-11-08 12:45:30
ComboFix2.txt 2008-11-08 00:51:33
ComboFix3.txt 2008-11-07 18:57:20

Pre-Run: 45,134,987,264 bytes free
Post-Run: 45,137,432,576 bytes free

397 --- E O F --- 2008-11-05 14:18:43

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Šta ti je u ovom folderu: c:\program files\direkt


Takođe, kakvo je sada stanje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

u tom folderu je directx skinuo sam u toku ciscenja pa raspakovao sam na c u program files.A stanje je sad super internet radi sasvim normalno...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradi sledeće:
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



To je sve.