MyCity » Ambulanta -> Arhiva Ambulante » KAKO SE RESITI lsass.exe?

KAKO SE RESITI lsass.exe?

Napisano na dan: 18.11.2008
1

KAKO SE RESITI lsass.exe?
Sledeća strana Pagination

Idi na vrh

Poslao: 18 Nov 2008 20:24
Idi na vrh
offline
  • Pridružio: 18 Nov 2008
  • Poruke: 45
  • Gde živiš: NEWCASTLE UPON TYNE

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:24:14, on 18/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe
C:\Program Files\Moo0\SystemMonitor 1.18\SystemMonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\MASIC\TR3.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = sky.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sky.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided By Sky Broadband
R3 - URLSearchHook: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O2 - BHO: (no name) - {26730C68-CF36-4353-A48B-EAA90D1C93E9} - (no file)
O2 - BHO: (no name) - {2F1D63DE-A929-4F86-9CD7-D0CBE2B81027} - C:\WINDOWS\system32\xxyawxUO.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4CAB59B4-55A3-4737-9FD5-B93C6430BF76} - C:\WINDOWS\system32\bjvaaqjm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7632ABCA-B104-4fbc-9C70-419C4147061B} - (no file)
O2 - BHO: (no name) - {96E74E0B-9143-4D55-B522-35112296956A} - C:\WINDOWS\system32\iiffDWOg.dll
O2 - BHO: {973ab8f9-5aaf-7569-6594-dc733ac9f81a} - {a18f9ca3-37cd-4956-9657-faa59f8ba379} - C:\WINDOWS\system32\byzlde.dll
O3 - Toolbar: (no name) - {7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [903c1117] rundll32.exe "C:\WINDOWS\system32\rgorcoaj.dll",b
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen] "C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" /nosplash
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Moo0 SystemMonitor 1.18.lnk = C:\Program Files\Moo0\SystemMonitor 1.18\SystemMonitor.exe
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - sky.com (file missing)
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Open Last Closed Tab - {e15e75e9-a653-42a3-8d05-f2f7e309bdca} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - download.playfirst.com/play/game/dairydash/DairyDashWeb.1.0.0.12.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Text Express 2\Images\stg_drm.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V5Con.....2632946406
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - gamehouse.com/games/GoBitGamesPlayer.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - gamehouse.com/games/zylom/zylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Text Express 2\Images\armhelper.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll byzlde.dll
O20 - Winlogon Notify: iiffDWOg - C:\WINDOWS\SYSTEM32\iiffDWOg.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 8498 bytes

koristim windows xp home service pack 2, i kaspersky internet security 8.0.0.357 , brzina internet oko 7.5mbs, kaspersky mi nadje lsass.exe u system32 folderu ali ne mogu da ga obrisem jer mi nudi samo skip opciju.internet mi je mnogo spor jer imam oko 50 stvari nakacenih tako da radi 2 sekunde pa onda blokira minut. ako probam direktno da obrisem lsass.exe probam sa unlocker programom koji mu takodje ne moze nista ili mi izbaci poruku da ce system da se restartuje za 60 sekundi. kaspersky kad ga nadje zove ga : heur.trojan generic

pomoc

aleksa

Poslao: 18 Nov 2008 20:30
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...



* Klikni desnim tasterom na Kaspersky ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Pause Protection.
* U prozoru koji se otvori, izaberi By User Request.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 19 Nov 2008 21:39
Idi na vrh
offline
  • Pridružio: 18 Nov 2008
  • Poruke: 45
  • Gde živiš: NEWCASTLE UPON TYNE

mycity.rs/must-login.png

EVO IZVESTAJA

HVALA NA JAVLJANJU I POMOCI

ALEKSA



ComboFix 08-10-25.01 - Owner 2008-11-19 19:42:57.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.661 [GMT 0:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
- REDUCED FUNCTIONALITY MODE -
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Fonts\'
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\c.ico
C:\WINDOWS\system32\m.ico
C:\WINDOWS\system32\p.ico
C:\WINDOWS\system32\s.ico

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 18:48 . 2008-11-18 18:48 125,952 --a------ C:\WINDOWS\system32\xplkax.dll
2008-11-18 18:48 . 2008-11-18 18:48 125,952 --a------ C:\WINDOWS\system32\vinhuhul.dll
2008-11-18 18:44 . 2008-11-18 18:45 1,453,990 ---hs---- C:\WINDOWS\system32\wslddxwx.ini
2008-11-18 18:43 . 2008-11-18 18:44 76,800 --a------ C:\WINDOWS\system32\xwxddlsw.dll
2008-11-18 18:41 . 2008-11-18 18:41 41,472 --a------ C:\WINDOWS\system32\cuycqaef.dll
2008-11-18 12:07 . 2008-11-18 12:07 1,459,790 ---hs---- C:\WINDOWS\system32\jaocrogr.ini
2008-11-18 12:06 . 2008-11-18 12:07 76,800 --------- C:\WINDOWS\system32\rgorcoaj.dll
2008-11-18 12:03 . 2008-11-18 12:03 125,952 --a------ C:\WINDOWS\system32\ucuxryya.dll
2008-11-18 12:03 . 2008-11-18 12:03 125,952 --a------ C:\WINDOWS\system32\byzlde.dll
2008-11-18 12:00 . 2008-11-18 12:00 41,472 --a------ C:\WINDOWS\system32\ttibivdw.dll
2008-11-18 11:59 . 2008-11-18 12:24 742,219 --ahs---- C:\WINDOWS\system32\gjkUBcdd.ini2
2008-11-18 11:59 . 2008-11-18 12:27 742,218 --ahs---- C:\WINDOWS\system32\gjkUBcdd.ini
2008-11-18 11:58 . 2008-11-18 11:58 322,560 --a------ C:\WINDOWS\system32\ddcBUkjg.dll
2008-11-17 18:30 . 2008-11-17 18:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-11-17 12:29 . 2008-11-17 12:29 1,538,487 ---hs---- C:\WINDOWS\system32\fluasdci.ini
2008-11-17 12:28 . 2008-11-17 12:29 76,288 --a------ C:\WINDOWS\system32\icdsaulf.dll
2008-11-16 20:22 . 2008-11-17 18:23 0 --a------ C:\log.tmp
2008-11-16 20:17 . 2008-11-16 20:17 <DIR> d-------- C:\Program Files\Ashampoo
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2008-11-16 12:18 . 2008-11-16 12:18 <DIR> d-------- C:\Documents and Settings\MIMI\Application Data\Ahead
2008-11-16 11:10 . 2008-11-16 11:10 <DIR> d-------- C:\Program Files\AVG
2008-11-16 10:46 . 2008-11-16 10:46 1,538,441 ---hs---- C:\WINDOWS\system32\hgcdwgqs.ini
2008-11-16 10:42 . 2008-11-16 10:43 125,952 --a------ C:\WINDOWS\system32\nuafeigt.dll
2008-11-16 10:40 . 2008-11-16 10:40 41,472 --a------ C:\WINDOWS\system32\kciwqptl.dll
2008-11-16 10:39 . 2008-11-16 10:39 322,560 --------- C:\WINDOWS\system32\xxyawxUO.dll
2008-11-16 10:39 . 2008-11-19 19:47 877 --ahs---- C:\WINDOWS\system32\OUxwayxx.ini2
2008-11-16 10:39 . 2008-11-19 19:47 877 --ahs---- C:\WINDOWS\system32\OUxwayxx.ini
2008-11-16 08:42 . 2008-11-16 08:42 <DIR> d-------- C:\Documents and Settings\MIMI\Application Data\PC Tools
2008-11-15 22:58 . 2008-11-15 22:58 <DIR> d-------- C:\Program Files\Common Files\PC Tools
2008-11-15 22:51 . 2008-11-16 11:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-11-14 20:50 . 2008-11-15 12:40 1,562,260 ---hs---- C:\WINDOWS\system32\kcixpyqu.ini
2008-11-14 20:47 . 2008-11-14 20:46 125,952 --a------ C:\WINDOWS\system32\yvrvxi.dll
2008-11-14 20:46 . 2008-11-14 20:46 125,952 --a------ C:\WINDOWS\system32\vkluuknv.dll
2008-11-14 20:43 . 2008-11-14 20:43 41,472 --a------ C:\WINDOWS\system32\wvrlagoj.dll
2008-11-12 23:21 . 2008-11-13 00:02 1,556,330 ---hs---- C:\WINDOWS\system32\wcdpfmqv.ini
2008-11-12 23:21 . 2008-11-12 23:21 125,952 --a------ C:\WINDOWS\system32\kqfhas.dll
2008-11-12 23:20 . 2008-11-12 23:21 125,952 --a------ C:\WINDOWS\system32\jnenudaq.dll
2008-11-12 23:19 . 2008-11-12 23:20 85,504 --a------ C:\WINDOWS\system32\bjvaaqjm.dll
2008-11-12 22:34 . 2008-11-18 15:19 <DIR> d-------- C:\WINDOWS\system32\CatRoot2
2008-11-12 20:40 . 2008-11-12 20:39 125,952 --a------ C:\WINDOWS\system32\ojlfgm.dll
2008-11-12 20:39 . 2008-11-12 20:39 125,952 --a------ C:\WINDOWS\system32\hcwhrkkn.dll
2008-11-12 20:37 . 2008-11-12 20:37 85,504 --a------ C:\WINDOWS\system32\jefgoswj.dll
2008-11-12 19:31 . 2008-11-12 19:31 125,952 --a------ C:\WINDOWS\system32\xxmjsqxo.dll
2008-11-12 19:31 . 2008-11-12 19:31 125,952 --a------ C:\WINDOWS\system32\uzwdtm.dll
2008-11-12 19:28 . 2008-11-12 19:28 2,048 --a------ C:\WINDOWS\system32\mrbvdjhf.exe
2008-11-12 19:24 . 2008-11-12 19:25 1,557,387 ---hs---- C:\WINDOWS\system32\viexqpig.ini
2008-11-12 19:24 . 2008-11-12 19:24 76,800 --------- C:\WINDOWS\system32\gipqxeiv.dll
2008-11-11 09:06 . 2008-11-11 09:06 1,552,244 --ahs---- C:\WINDOWS\system32\idlebopr.ini
2008-11-11 09:00 . 2008-11-11 09:00 85,504 --a------ C:\WINDOWS\system32\avkrokwp.dll
2008-11-11 09:00 . 2008-11-15 21:54 345 --ahs---- C:\WINDOWS\system32\xayaGfhk.ini2
2008-11-11 09:00 . 2008-11-15 21:54 345 --ahs---- C:\WINDOWS\system32\xayaGfhk.ini
2008-11-10 20:59 . 2008-11-10 20:59 85,504 --a------ C:\WINDOWS\system32\rlweuijo.dll
2008-11-10 18:52 . 2008-11-10 18:52 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\ScanSoft
2008-11-10 18:18 . 2008-11-10 18:18 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Sony
2008-11-08 21:03 . 2008-11-08 21:03 1,905,517 --ahs---- C:\WINDOWS\system32\wxdeuwli.ini
2008-11-08 20:54 . 2008-11-10 22:30 345 --ahs---- C:\WINDOWS\system32\kUuCefii.ini
2008-11-08 15:51 . 2008-11-08 15:52 1,905,517 --ahs---- C:\WINDOWS\system32\teucsacr.ini
2008-11-07 22:18 . 2008-11-07 22:18 <DIR> d-------- C:\Program Files\Common Files\Gibinsoft Shared
2008-11-07 21:39 . 2008-11-07 22:18 <DIR> d-------- C:\Program Files\GiPo@Utilities
2008-11-07 21:38 . 2008-11-07 21:38 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2008-11-07 21:38 . 2008-11-08 16:13 757,823 --ahs---- C:\WINDOWS\system32\EdNqqXyb.ini2
2008-11-07 10:19 . 2008-11-07 21:29 396 --ahs---- C:\WINDOWS\system32\jklmoUvw.ini2
2008-11-07 10:19 . 2008-11-07 21:28 396 --ahs---- C:\WINDOWS\system32\jklmoUvw.ini
2008-11-06 21:41 . 2008-11-06 20:29 61,440 --a------ C:\WINDOWS\system32\flcss.exe
2008-11-06 11:11 . 2008-11-06 11:11 1,882,530 --ahs---- C:\WINDOWS\system32\wnnvrnul.ini
2008-11-06 11:07 . 2008-11-06 11:07 132,096 --a------ C:\WINDOWS\system32\xtkkvt.dll
2008-11-06 11:07 . 2008-11-06 11:07 132,096 --a------ C:\WINDOWS\system32\pekusxha.dll
2008-11-06 11:05 . 2008-11-06 11:05 85,504 --a------ C:\WINDOWS\system32\tidcxytu.dll
2008-11-06 11:04 . 2008-11-06 22:04 345 --ahs---- C:\WINDOWS\system32\BIihkUtv.ini2
2008-11-06 11:04 . 2008-11-06 22:04 345 --ahs---- C:\WINDOWS\system32\BIihkUtv.ini
2008-11-05 17:41 . 2008-11-05 17:41 133,120 --a------ C:\WINDOWS\system32\ginjsakm.dll
2008-11-05 17:41 . 2008-11-05 17:41 133,120 --a------ C:\WINDOWS\system32\bqltjx.dll
2008-11-05 17:39 . 2008-11-05 17:39 1,890,737 --ahs---- C:\WINDOWS\system32\hfgoqufv.ini
2008-11-05 12:00 . 2008-11-11 08:48 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2008-11-05 11:59 . 2008-11-10 22:43 <DIR> d-------- C:\Program Files\Norton Security Scan
2008-11-05 11:17 . 2008-11-05 11:17 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\EAST Technologies
2008-11-05 10:58 . 2008-11-05 10:58 133,120 --a------ C:\WINDOWS\system32\gzxcrc.dll
2008-11-05 10:57 . 2008-11-05 10:58 133,120 --a------ C:\WINDOWS\system32\plrtnfbj.dll
2008-11-05 10:56 . 2008-11-05 10:56 1,880,564 --ahs---- C:\WINDOWS\system32\mimruxxe.ini
2008-11-05 02:17 . 2008-11-05 02:17 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\EAST Technologies
2008-11-05 02:03 . 2008-11-05 02:03 132,608 --a------ C:\WINDOWS\system32\nhlceiuu.dll
2008-11-05 02:03 . 2008-11-05 02:03 132,608 --a------ C:\WINDOWS\system32\gcggwv.dll
2008-11-05 02:01 . 2008-11-05 02:01 1,880,308 --ahs---- C:\WINDOWS\system32\jfllttwq.ini
2008-11-05 02:01 . 2008-11-05 02:01 75,392 --a------ C:\WINDOWS\system32\qwttllfj.dll
2008-11-05 01:37 . 2008-11-05 01:38 1,880,308 --ahs---- C:\WINDOWS\system32\inscqhoo.ini
2008-11-05 01:37 . 2008-11-05 01:37 132,608 --a------ C:\WINDOWS\system32\mrepynew.dll
2008-11-05 01:37 . 2008-11-05 01:37 132,608 --a------ C:\WINDOWS\system32\mogqad.dll
2008-11-04 19:43 . 2008-11-04 19:43 1,880,308 --ahs---- C:\WINDOWS\system32\hsdvujma.ini
2008-11-04 19:41 . 2008-11-04 19:41 132,608 --a------ C:\WINDOWS\system32\uzfpwc.dll
2008-11-04 19:40 . 2008-11-04 19:41 132,608 --a------ C:\WINDOWS\system32\ejxwsbkv.dll
2008-11-04 12:57 . 2008-11-04 12:57 1,871,805 --ahs---- C:\WINDOWS\system32\aclofpns.ini
2008-11-04 12:57 . 2008-11-04 12:57 132,608 --a------ C:\WINDOWS\system32\wbrdyfvm.dll
2008-11-04 12:57 . 2008-11-04 12:57 132,608 --a------ C:\WINDOWS\system32\srritk.dll
2008-11-04 12:26 . 2008-11-04 12:26 1,871,805 --ahs---- C:\WINDOWS\system32\kgauseek.ini
2008-11-04 12:26 . 2008-11-04 12:26 132,608 --a------ C:\WINDOWS\system32\dudsvith.dll
2008-11-04 12:26 . 2008-11-04 12:26 132,608 --a------ C:\WINDOWS\system32\dpgcuw.dll
2008-11-04 11:50 . 2008-11-05 18:39 345 --ahs---- C:\WINDOWS\system32\Gilllnmp.ini2
2008-11-04 11:50 . 2008-11-05 18:39 345 --ahs---- C:\WINDOWS\system32\Gilllnmp.ini
2008-11-04 11:45 . 2008-11-04 11:45 40,960 --a------ C:\WINDOWS\system32\iiffDWOg.dll
2008-11-04 11:36 . 2007-04-27 17:54 40,960 --a------ C:\WINDOWS\exitwx.exe
2008-11-03 21:08 . 2008-11-03 21:08 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Publish Providers
2008-11-03 20:50 . 2008-11-03 20:50 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Sony
2008-11-03 20:46 . 2008-11-03 20:46 <DIR> d-------- C:\Program Files\Vstplugins
2008-11-03 20:44 . 2008-11-03 20:44 <DIR> d-------- C:\Program Files\Sony Setup
2008-11-02 21:22 . 2008-11-02 21:22 <DIR> d-------- C:\Program Files\Jfuse
2008-11-02 12:59 . 2008-11-02 12:59 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\Corel
2008-11-02 12:37 . 2008-11-02 12:37 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\iolo
2008-11-02 12:18 . 1996-09-06 08:02 960,000 --a------ C:\WINDOWS\system32\evysh7.dll
2008-11-02 12:17 . 1996-12-10 12:21 39,095 --------- C:\WINDOWS\iccsigs.dat
2008-11-02 12:16 . 1998-04-15 09:07 218,112 --a------ C:\WINDOWS\system32\scint80.dll
2008-11-02 12:16 . 1996-09-06 08:02 90,112 --a------ C:\WINDOWS\system32\evysh7us.dll
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- C:\WINDOWS\Profiles
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- C:\WINDOWS\Favorites
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- C:\Corel
2008-11-02 12:10 . 2008-11-02 12:10 <DIR> d-------- C:\Documents and Settings\Mama\Application Data\TuneUp Software
2008-10-31 17:37 . 2008-10-31 19:17 <DIR> d-------- C:\_$Temp
2008-10-30 21:33 . 2008-10-30 21:34 124,790,784 -r-h----- C:\WINDOWS\dcdisk0_0
2008-10-30 21:33 . 2008-10-30 21:33 4,204,544 -r-h----- C:\WINDOWS\dclog.bin
2008-10-30 21:33 . 2008-10-30 21:33 0 --a------ C:\WINDOWS\dclock.dc
2008-10-30 21:32 . 2008-11-04 11:37 <DIR> d-------- C:\Program Files\FarStone
2008-10-30 20:40 . 2008-10-30 20:41 <DIR> d-------- C:\Program Files\R-Drive Image
2008-10-30 20:29 . 2008-10-30 20:29 <DIR> d-------- C:\Program Files\Runtime Software
2008-10-29 20:48 . 2008-10-29 20:48 <DIR> d-------- C:\Program Files\Avanquest update
2008-10-29 20:48 . 2008-10-29 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-10-29 20:43 . 2008-06-04 06:34 122,024 --a------ C:\WINDOWS\system32\drivers\s1018mdm.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 19:44 7,322,144 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-11-19 19:44 58,284 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-11-19 19:44 4,972 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-11-19 19:44 1,138,720 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-11-19 19:41 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-11-18 15:19 --------- d-----w C:\Program Files\Pirate Poppers
2008-11-18 15:19 --------- d-----w C:\Documents and Settings\Owner\Application Data\PlayFirst
2008-11-17 21:37 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-11-12 22:45 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-11-12 21:44 --------- d-----w C:\Program Files\DNA
2008-11-07 20:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-05 20:34 --------- d-----w C:\Documents and Settings\MIMI\Application Data\ICQ
2008-11-05 20:33 --------- d-----w C:\Documents and Settings\Mama\Application Data\ICQ
2008-11-05 11:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\EAST Technologies
2008-11-05 10:10 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-11-05 02:56 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-11-05 02:56 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-11-04 12:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-11-04 11:10 --------- d-----w C:\Program Files\NCH Software
2008-11-04 10:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\SlySoft
2008-11-04 10:35 --------- d-----w C:\Program Files\SlySoft
2008-11-02 12:55 --------- d-----w C:\Documents and Settings\Mama\Application Data\Skype
2008-11-02 12:43 --------- d-----w C:\Documents and Settings\Mama\Application Data\skypePM
2008-11-01 10:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\LimeWire
2008-11-01 10:32 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-11-01 10:27 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-10-31 20:42 --------- d-----w C:\Program Files\ICQToolbar
2008-10-27 20:00 --------- d-----w C:\Documents and Settings\Owner\Application Data\XnView
2008-10-19 14:00 --------- d-----w C:\Program Files\Desktop Clock
2008-10-19 13:16 --------- d-----w C:\Program Files\SystemRequirementsLab
2008-10-19 13:15 --------- d-----w C:\Documents and Settings\Owner\Application Data\SystemRequirementsLab
2008-10-17 21:21 --------- d-----w C:\Program Files\MagicISO
2008-10-17 14:27 --------- d-----w C:\Program Files\MAGIX
2008-10-17 13:42 352,050 ----a-w C:\Documents and Settings\Owner\griffith_backup.zip
2008-10-17 13:42 --------- d-----w C:\Documents and Settings\Owner\Application Data\gtk-2.0
2008-10-17 13:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\griffith
2008-10-11 18:18 --------- d-----w C:\Documents and Settings\MIMI\Application Data\ICQ Toolbar
2008-10-07 22:06 --------- d-----w C:\Program Files\Realtek AC97
2008-10-07 21:35 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-10-07 21:35 --------- d-----w C:\Program Files\Common Files\NVIDIA Shared
2008-10-07 20:57 --------- d-----w C:\Program Files\Driver-Soft
2008-10-07 20:37 --------- d-----w C:\Program Files\Network Stumbler
2008-10-07 09:23 --------- d-----w C:\Program Files\iTunes
2008-10-07 09:23 --------- d-----w C:\Program Files\iPod
2008-10-07 09:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 18:33 --------- d-----w C:\Program Files\Common Files\xing shared
2008-10-06 18:32 --------- d-----w C:\Program Files\Common Files\Real
2008-10-05 09:42 --------- d-----w C:\Program Files\Skype
2008-10-04 14:48 --------- d-----w C:\Documents and Settings\MIMI\Application Data\iolo
2008-10-01 07:55 --------- d-----w C:\Documents and Settings\LocalService\Application Data\iolo
2008-09-30 18:08 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Acronis
2008-09-30 14:04 --------- d-----w C:\Documents and Settings\Owner\Application Data\iolo
2008-09-30 14:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\iolo
2008-09-30 13:35 44,384 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2008-09-30 13:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Acronis
2008-09-30 13:34 441,760 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2008-09-30 13:34 368,480 ----a-w C:\WINDOWS\system32\drivers\tdrpman.sys
2008-09-30 13:34 132,224 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2008-09-30 13:34 --------- d-----w C:\Program Files\Common Files\Acronis
2008-09-30 13:14 --------- d-----w C:\Program Files\CityMedia Player
2008-09-30 12:46 --------- d-----w C:\Documents and Settings\Owner\Application Data\Ahead
2008-09-29 16:11 --------- d-----w C:\Documents and Settings\MIMI\Application Data\PlayFirst
2008-09-26 17:49 --------- d-----w C:\Program Files\Text Express 2
2008-09-26 17:39 --------- d-----w C:\Documents and Settings\Owner\Application Data\SpinTop
2008-09-26 00:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Ahead
2008-09-26 00:21 --------- d-----w C:\Program Files\Common Files\Ahead
2008-09-26 00:19 --------- d-----w C:\Program Files\Nero
2008-09-25 23:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Nero
2008-09-25 22:49 --------- d-----w C:\Program Files\Unlocker
2008-09-25 22:48 --------- d-----w C:\Documents and Settings\Owner\Application Data\Desktopicon
2008-09-25 19:45 --------- d-----w C:\Program Files\Zylom Games
2008-09-24 17:16 --------- d-----w C:\Documents and Settings\Owner\Application Data\Zylom
2008-09-23 20:54 --------- d-----w C:\Documents and Settings\Owner\Application Data\dvdcss
2008-09-23 20:06 --------- d-----w C:\Program Files\Software Informer
2008-09-23 12:59 --------- d-----w C:\Program Files\QuickTime
2008-09-23 12:58 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-23 12:42 --------- d-----w C:\Program Files\Apple Software Update
2008-09-22 20:48 --------- d-----w C:\Program Files\Paragon Software
2008-09-22 20:44 74,703 ----a-w C:\WINDOWS\system32\mfc45.dll
2008-09-22 20:26 --------- d-----w C:\Program Files\TuneUp Utilities 2007
2008-09-22 15:34 --------- d-----w C:\Program Files\Tumblebugs 2
2008-09-21 22:37 --------- d-----w C:\Program Files\LimeWire
2008-09-21 16:40 --------- d-----w C:\Documents and Settings\Owner\Application Data\Eyeblaster
2008-08-21 02:19 425,984 ----a-w C:\WINDOWS\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w C:\WINDOWS\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w C:\WINDOWS\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w C:\WINDOWS\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w C:\WINDOWS\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w C:\WINDOWS\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w C:\WINDOWS\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w C:\WINDOWS\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w C:\WINDOWS\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w C:\WINDOWS\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w C:\WINDOWS\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w C:\WINDOWS\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w C:\WINDOWS\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w C:\WINDOWS\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w C:\WINDOWS\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w C:\WINDOWS\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w C:\WINDOWS\system32\atitvo32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4CAB59B4-55A3-4737-9FD5-B93C6430BF76}]
2008-11-12 23:20 85504 --a------ C:\WINDOWS\system32\bjvaaqjm.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{75b7b954-ec69-4c08-853c-ec9152a541a3}]
2008-11-18 18:48 125952 --a------ C:\WINDOWS\system32\xplkax.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{96E74E0B-9143-4D55-B522-35112296956A}]
2008-11-04 11:45 40960 --a------ C:\WINDOWS\system32\iiffDWOg.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E7DB46DF-D5F2-4818-88DA-24EBD8A4DDA4}]
2008-11-16 10:39 322560 --------- C:\WINDOWS\system32\xxyawxUO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen"="C:\Program Files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 C:\WINDOWS\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

C:\Documents and Settings\Owner\Start Menu\Programs\Startup\
Moo0 SystemMonitor 1.18.lnk - C:\Program Files\Moo0\SystemMonitor 1.18\SystemMonitor.exe [2008-10-19 1323008]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{96E74E0B-9143-4D55-B522-35112296956A}"= "C:\WINDOWS\system32\iiffDWOg.dll" [2008-11-04 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iiffDWOg]
2008-11-04 11:45 40960 C:\WINDOWS\system32\iiffDWOg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\adialhk.dll,c:\progra~1\kasper~1\kasper~1\kloehk.dll,avgrsstx.dll xplkax.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap C:\WINDOWS\system32\xxyawxUO

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]
backup=C:\WINDOWS\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^UDPixel.lnk]
backup=C:\WINDOWS\pss\UDPixel.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\East-Tec Backup 2007
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\903c1117]
--------- 2008-11-12 19:24 76800 C:\WINDOWS\system32\gipqxeiv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2008-04-09 19:14 136472 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 21:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-11-04 10:36 2259904 C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a------ 2007-10-04 17:38 307200 C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 10:12 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 20:51 342336 C:\Program Files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2007-03-12 13:51 663552 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 14:58 65536 C:\Program Files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a--c--- 2007-07-11 15:09 20480 C:\WINDOWS\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a--c--- 2007-01-29 20:10 46632 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-12-20 16:12 131072 C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 20:12 30248 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 C:\Program Files\QuickTime\QTTask.exe


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2005-11-16 15:14 344064 C:\WINDOWS\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2006-09-19 08:07 827392 C:\WINDOWS\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-07-02 16:16 393216 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 C:\Program Files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-06-10 03:27 144784 C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-06 18:30 185872 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
--a------ 2008-02-07 11:00 90112 C:\Program Files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a--c--- 2005-11-14 17:47 110592 C:\WINDOWS\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 2007-04-21 08:37 270336 C:\WINDOWS\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 18:38 64512 C:\WINDOWS\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2008-07-09 40368]
R0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
R0 si3112r;si3112r;C:\WINDOWS\system32\drivers\si3112r.sys [2004-05-12 97408]
R0 SiWinAcc;SiWinAcc;C:\WINDOWS\system32\drivers\SiWinAcc.sys [2007-06-28 19240]
R0 tdrpman;Acronis Try&Decide and Restore Points filter;C:\WINDOWS\system32\DRIVERS\tdrpman.sys [2008-09-30 368480]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;C:\WINDOWS\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;C:\WINDOWS\system32\Drivers\ousbehci.sys [2006-03-01 46080]
S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 14336]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;C:\WINDOWS\system32\DRIVERS\ousb2hub.sys [2006-03-01 56960]
S3 R-ImageDisk;R-ImageDisk;C:\Program Files\R-Drive Image\R-ImageDisk.sys [2008-08-07 126551]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);C:\WINDOWS\system32\DRIVERS\s1018bus.sys [2008-06-04 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s1018mdfl.sys [2008-06-04 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s1018mdm.sys [2008-06-04 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s1018mgmt.sys [2008-06-04 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);C:\WINDOWS\system32\DRIVERS\s1018nd5.sys [2008-06-04 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s1018obex.sys [2008-06-04 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);C:\WINDOWS\system32\DRIVERS\s1018unic.sys [2008-06-04 117544]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2005-11-18 10192896]
S4 TryAndDecideService;Acronis Try And Decide Service;C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe [2008-04-10 521568]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]

2008-11-11 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
BHO-{26730C68-CF36-4353-A48B-EAA90D1C93E9} - (no file)
Toolbar-{7c5c0f58-e061-457d-9033-77307f5ed00c} - (no file)
WebBrowser-{7C5C0F58-E061-457D-9033-77307F5ED00C} - (no file)
MSConfigStartUp-AVG8_TRAY - C:\PROGRA~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-Eraser RiskMonitor - C:\Program Files\East-Tec Eraser 2008\Launch.exe
MSConfigStartUp-TrueImageMonitor - (no file)


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\e1ppiozp.default\
FF -: plugin - C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - C:\Program Files\DNA\plugins\npbtdna.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-19 19:47:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iiffDWOg.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\xxyawxUO.dll

PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\xxyawxUO.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-19 19:53:54 - machine was rebooted [Owner]
ComboFix-quarantined-files.txt 2008-11-19 19:53:45

Pre-Run: 191,976,685,568 bytes free
Post-Run: 193,383,092,224 bytes free

453

Poslao: 19 Nov 2008 22:36
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Obriši tu verziju ComboFix-a koju imaš i skini najnoviju sa jednog od datih linkova.

Znači, isprati uputstvo i postavi ovde traženi logfile.

Poslao: 20 Nov 2008 00:01
Idi na vrh
offline
  • Pridružio: 18 Nov 2008
  • Poruke: 45
  • Gde živiš: NEWCASTLE UPON TYNE

mycity.rs/must-login.png

Ovo vec izgleda bolje




ComboFix 08-11-18.A2 - Owner 2008-11-19 22:20:22.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.471 [GMT 0:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Owner\Favorites\Cheap Pharmacy Online.url
c:\documents and settings\Owner\Favorites\Search Online.url
c:\documents and settings\Owner\Favorites\SMS TRAP.url
c:\documents and settings\Owner\Favorites\VIP Casino.url
c:\windows\system32\aclofpns.ini
c:\windows\system32\BIihkUtv.ini
c:\windows\system32\BIihkUtv.ini2
c:\windows\system32\bqltjx.dll
c:\windows\system32\byzlde.dll
c:\windows\system32\ddcBUkjg.dll
c:\windows\system32\dpgcuw.dll
c:\windows\system32\dudsvith.dll
c:\windows\system32\EdNqqXyb.ini2
c:\windows\system32\ejxwsbkv.dll
c:\windows\system32\fluasdci.ini
c:\windows\system32\gcggwv.dll
c:\windows\system32\Gilllnmp.ini
c:\windows\system32\Gilllnmp.ini2
c:\windows\system32\ginjsakm.dll
c:\windows\system32\gipqxeiv.dll
c:\windows\system32\gjkUBcdd.ini
c:\windows\system32\gjkUBcdd.ini2
c:\windows\system32\gzxcrc.dll
c:\windows\system32\hcwhrkkn.dll
c:\windows\system32\hfgoqufv.ini
c:\windows\system32\hgcdwgqs.ini
c:\windows\system32\hsdvujma.ini
c:\windows\system32\icdsaulf.dll
c:\windows\system32\idlebopr.ini
c:\windows\system32\iiffDWOg.dll
c:\windows\system32\inscqhoo.ini
c:\windows\system32\jaocrogr.ini
c:\windows\system32\jfllttwq.ini
c:\windows\system32\jklmoUvw.ini
c:\windows\system32\jklmoUvw.ini2
c:\windows\system32\jnenudaq.dll
c:\windows\system32\kcixpyqu.ini
c:\windows\system32\kgauseek.ini
c:\windows\system32\kqfhas.dll
c:\windows\system32\mimruxxe.ini
c:\windows\system32\mogqad.dll
c:\windows\system32\mrbvdjhf.exe
c:\windows\system32\mrepynew.dll
c:\windows\system32\nhlceiuu.dll
c:\windows\system32\nuafeigt.dll
c:\windows\system32\ojlfgm.dll
c:\windows\system32\OUxwayxx.ini
c:\windows\system32\OUxwayxx.ini2
c:\windows\system32\pekusxha.dll
c:\windows\system32\plrtnfbj.dll
c:\windows\system32\qwttllfj.dll
c:\windows\system32\rgorcoaj.dll
c:\windows\system32\srritk.dll
c:\windows\system32\teucsacr.ini
c:\windows\system32\ucuxryya.dll
c:\windows\system32\uzfpwc.dll
c:\windows\system32\uzwdtm.dll
c:\windows\system32\viexqpig.ini
c:\windows\system32\vinhuhul.dll
c:\windows\system32\vkluuknv.dll
c:\windows\system32\wbrdyfvm.dll
c:\windows\system32\wcdpfmqv.ini
c:\windows\system32\wnnvrnul.ini
c:\windows\system32\wslddxwx.ini
c:\windows\system32\wxdeuwli.ini
c:\windows\system32\xayaGfhk.ini
c:\windows\system32\xayaGfhk.ini2
c:\windows\system32\xplkax.dll
c:\windows\system32\xtkkvt.dll
c:\windows\system32\xwxddlsw.dll
c:\windows\system32\xxmjsqxo.dll
c:\windows\system32\xxyawxUO.dll
c:\windows\system32\yvrvxi.dll

.
((((((((((((((((((((((((( Files Created from 2008-10-19 to 2008-11-19 )))))))))))))))))))))))))))))))
.

2008-11-18 18:41 . 2008-11-18 18:41 41,472 --a------ c:\windows\system32\cuycqaef.dll
2008-11-18 12:00 . 2008-11-18 12:00 41,472 --a------ c:\windows\system32\ttibivdw.dll
2008-11-17 18:30 . 2008-11-17 18:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2008-11-16 20:22 . 2008-11-17 18:23 0 --a------ C:\log.tmp
2008-11-16 20:17 . 2008-11-16 20:17 <DIR> d-------- c:\program files\Ashampoo
2008-11-16 19:40 . 2008-11-16 19:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2008-11-16 12:18 . 2008-11-16 12:18 <DIR> d-------- c:\documents and settings\MIMI\Application Data\Ahead
2008-11-16 11:10 . 2008-11-16 11:10 <DIR> d-------- c:\program files\AVG
2008-11-16 10:40 . 2008-11-16 10:40 41,472 --a------ c:\windows\system32\kciwqptl.dll
2008-11-16 08:42 . 2008-11-16 08:42 <DIR> d-------- c:\documents and settings\MIMI\Application Data\PC Tools
2008-11-15 22:58 . 2008-11-15 22:58 <DIR> d-------- c:\program files\Common Files\PC Tools
2008-11-15 22:51 . 2008-11-16 11:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2008-11-14 20:43 . 2008-11-14 20:43 41,472 --a------ c:\windows\system32\wvrlagoj.dll
2008-11-12 23:19 . 2008-11-12 23:20 85,504 --a------ c:\windows\system32\bjvaaqjm.dll
2008-11-12 22:34 . 2008-11-19 22:36 <DIR> d-------- c:\windows\system32\CatRoot2
2008-11-12 20:37 . 2008-11-12 20:37 85,504 --a------ c:\windows\system32\jefgoswj.dll
2008-11-11 09:00 . 2008-11-11 09:00 85,504 --a------ c:\windows\system32\avkrokwp.dll
2008-11-10 20:59 . 2008-11-10 20:59 85,504 --a------ c:\windows\system32\rlweuijo.dll
2008-11-10 18:52 . 2008-11-10 18:52 <DIR> d-------- c:\documents and settings\Mama\Application Data\ScanSoft
2008-11-10 18:18 . 2008-11-10 18:18 <DIR> d-------- c:\documents and settings\Mama\Application Data\Sony
2008-11-08 20:54 . 2008-11-10 22:30 345 --ahs---- c:\windows\system32\kUuCefii.ini
2008-11-07 22:18 . 2008-11-07 22:18 <DIR> d-------- c:\program files\Common Files\Gibinsoft Shared
2008-11-07 21:39 . 2008-11-07 22:18 <DIR> d-------- c:\program files\GiPo@Utilities
2008-11-07 21:38 . 2008-11-07 21:38 <DIR> d-------- c:\windows\Downloaded Installations
2008-11-06 21:41 . 2008-11-06 20:29 61,440 --a------ c:\windows\system32\flcss.exe
2008-11-06 11:05 . 2008-11-06 11:05 85,504 --a------ c:\windows\system32\tidcxytu.dll
2008-11-05 12:00 . 2008-11-11 08:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2008-11-05 11:59 . 2008-11-10 22:43 <DIR> d-------- c:\program files\Norton Security Scan
2008-11-05 11:17 . 2008-11-05 11:17 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\EAST Technologies
2008-11-05 02:17 . 2008-11-05 02:17 <DIR> d-------- c:\documents and settings\Administrator\Application Data\EAST Technologies
2008-11-04 11:36 . 2007-04-27 17:54 40,960 --a------ c:\windows\exitwx.exe
2008-11-03 21:08 . 2008-11-03 21:08 <DIR> d-------- c:\documents and settings\Owner\Application Data\Publish Providers
2008-11-03 20:50 . 2008-11-03 20:50 <DIR> d-------- c:\documents and settings\Owner\Application Data\Sony
2008-11-03 20:46 . 2008-11-03 20:46 <DIR> d-------- c:\program files\Vstplugins
2008-11-03 20:44 . 2008-11-03 20:44 <DIR> d-------- c:\program files\Sony Setup
2008-11-02 21:22 . 2008-11-02 21:22 <DIR> d-------- c:\program files\Jfuse
2008-11-02 12:59 . 2008-11-02 12:59 <DIR> d-------- c:\documents and settings\Mama\Application Data\Corel
2008-11-02 12:37 . 2008-11-02 12:37 <DIR> d-------- c:\documents and settings\Mama\Application Data\iolo
2008-11-02 12:18 . 1996-09-06 08:02 960,000 --a------ c:\windows\system32\evysh7.dll
2008-11-02 12:17 . 1996-12-10 12:21 39,095 --------- c:\windows\iccsigs.dat
2008-11-02 12:16 . 1998-04-15 09:07 218,112 --a------ c:\windows\system32\scint80.dll
2008-11-02 12:16 . 1996-09-06 08:02 90,112 --a------ c:\windows\system32\evysh7us.dll
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- c:\windows\Profiles
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- c:\windows\Favorites
2008-11-02 12:15 . 2008-11-02 12:15 <DIR> d-------- C:\Corel
2008-11-02 12:10 . 2008-11-02 12:10 <DIR> d-------- c:\documents and settings\Mama\Application Data\TuneUp Software
2008-10-31 17:37 . 2008-10-31 19:17 <DIR> d-------- C:\_$Temp
2008-10-30 21:33 . 2008-10-30 21:34 124,790,784 -r-h----- c:\windows\dcdisk0_0
2008-10-30 21:33 . 2008-10-30 21:33 4,204,544 -r-h----- c:\windows\dclog.bin
2008-10-30 21:33 . 2008-10-30 21:33 0 --a------ c:\windows\dclock.dc
2008-10-30 21:32 . 2008-11-04 11:37 <DIR> d-------- c:\program files\FarStone
2008-10-30 20:40 . 2008-10-30 20:41 <DIR> d-------- c:\program files\R-Drive Image
2008-10-30 20:29 . 2008-10-30 20:29 <DIR> d-------- c:\program files\Runtime Software
2008-10-29 20:48 . 2008-10-29 20:48 <DIR> d-------- c:\program files\Avanquest update
2008-10-29 20:48 . 2008-10-29 20:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2008-10-29 20:43 . 2008-06-04 06:34 122,024 --a------ c:\windows\system32\drivers\s1018mdm.sys
2008-10-29 20:43 . 2008-06-04 06:34 117,544 --a------ c:\windows\system32\drivers\s1018unic.sys
2008-10-29 20:43 . 2008-06-04 06:34 115,368 --a------ c:\windows\system32\drivers\s1018mgmt.sys
2008-10-29 20:43 . 2008-06-04 06:34 111,784 --a------ c:\windows\system32\drivers\s1018obex.sys
2008-10-29 20:43 . 2008-06-04 06:34 25,768 --a------ c:\windows\system32\drivers\s1018nd5.sys
2008-10-29 20:43 . 2008-06-04 06:34 15,016 --a------ c:\windows\system32\drivers\s1018mdfl.sys
2008-10-29 20:43 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cmnt.sys
2008-10-29 20:43 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018cm.sys
2008-10-29 20:43 . 2008-06-04 06:34 10,792 --a------ c:\windows\system32\drivers\s1018cr.sys
2008-10-29 20:42 . 2008-06-04 06:34 90,408 --a------ c:\windows\system32\drivers\s1018bus.sys
2008-10-29 20:42 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018whnt.sys
2008-10-29 20:42 . 2008-06-04 06:34 12,200 --a------ c:\windows\system32\drivers\s1018wh.sys
2008-10-29 20:38 . 2008-10-29 20:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony Ericsson
2008-10-29 20:28 . 2008-10-29 20:38 <DIR> d-------- c:\program files\Sony Ericsson
2008-10-29 20:28 . 2008-11-03 20:49 <DIR> d-------- c:\program files\Sony
2008-10-29 20:28 . 2008-10-29 20:28 <DIR> d-------- c:\program files\Common Files\Sony Shared
2008-10-27 20:01 . 2008-10-27 20:01 <DIR> d-------- c:\documents and settings\Owner\Application Data\Thinstall
2008-10-27 18:22 . 2008-10-27 18:22 <DIR> d-------- c:\documents and settings\Owner\Application Data\Corel
2008-10-27 18:18 . 2008-11-04 12:10 <DIR> d-------- C:\TEMP
2008-10-27 18:16 . 1997-07-30 14:43 211,456 --a------ c:\windows\system32\qd3d_ir2.q3x
2008-10-27 18:15 . 1997-08-21 11:44 229,376 --a------ c:\windows\system32\rpza32.qtc
2008-10-27 18:15 . 1997-08-21 11:44 165,888 --a------ c:\windows\system32\smc32.qtc
2008-10-27 18:15 . 1997-07-30 14:58 70,656 --a------ c:\windows\system32\3dviewer.dll
2008-10-27 18:15 . 1997-08-21 11:44 32,768 --a------ c:\windows\system32\cmgr32.dll
2008-10-27 18:14 . 1997-07-30 14:21 553,984 --a------ c:\windows\system32\rave.dll
2008-10-27 18:14 . 1997-06-03 03:31 108,032 --a------ c:\windows\system32\sh33w32.dll
2008-10-27 18:14 . 1997-08-21 11:44 83,456 --a------ c:\windows\system32\iv32qt32.qtc
2008-10-27 18:14 . 1997-08-21 11:44 35,840 --a------ c:\windows\system32\navg32.qtc
2008-10-27 18:14 . 1997-08-21 11:44 24,064 --a------ c:\windows\system32\dci32.qtc
2008-10-27 18:14 . 1997-08-21 11:44 20,480 --a------ c:\windows\system32\raw32.qtc
2008-10-27 18:13 . 1997-07-30 11:59 909,312 --a------ c:\windows\system32\qd3d.dll
2008-10-27 18:13 . 1997-08-21 11:44 345,600 --a------ c:\windows\system32\qtim32.dll
2008-10-27 18:13 . 1997-08-21 11:44 151,040 --a------ c:\windows\system32\cvid32.qtc
2008-10-27 18:13 . 1997-08-21 11:44 128,000 --a------ c:\windows\system32\mc32.qtc
2008-10-27 18:13 . 1997-08-21 11:44 34,816 --a------ c:\windows\system32\jpeg32.qtc
2008-10-27 18:12 . 1997-08-21 11:44 38,912 --a------ c:\windows\system32\dhio32.qtc
2008-10-27 18:11 . 1997-08-21 11:44 103,936 --a------ c:\windows\system32\rle32.qtc
2008-10-27 18:10 . 2008-11-02 12:22 <DIR> d-------- c:\windows\Corel
2008-10-25 19:39 . 2008-10-25 19:39 <DIR> d-------- c:\program files\iOrgSoft
2008-10-25 19:27 . 2008-10-25 19:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\{DE097E60-7F86-4350-B083-1F09B6906C92}
2008-10-23 22:39 . 2008-10-23 22:42 <DIR> d-------- c:\program files\Chess3D
2008-10-23 22:39 . 2008-10-23 22:39 286,720 --a------ c:\windows\iun506.exe
2008-10-23 15:07 . 2008-10-23 15:07 99,904 --a------ c:\windows\system32\drivers\AnyDVD.sys
2008-10-22 09:42 . 2008-11-05 20:34 <DIR> d-------- c:\documents and settings\Owner\Application Data\ICQ
2008-10-21 19:52 . 2008-10-21 19:52 <DIR> d-------- c:\program files\MuvEnum
2008-10-21 19:48 . 2008-10-21 19:48 <DIR> d-------- C:\scripts
2008-10-21 19:48 . 2008-10-27 20:03 <DIR> d-------- c:\program files\Finjan Secure Browsing
2008-10-19 13:33 . 2008-10-19 13:33 <DIR> d-------- c:\program files\Rainlendar2
2008-10-19 13:33 . 2008-11-07 22:32 <DIR> d-------- c:\documents and settings\Owner\.rainlendar2
2008-10-19 13:20 . 2008-10-19 13:20 <DIR> d-------- c:\program files\Moo0
2008-10-19 12:10 . 2008-10-19 13:14 <DIR> d-------- c:\documents and settings\Owner\Application Data\MailWasherPro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-19 22:37 7,322,144 --sha-w c:\windows\system32\drivers\fidbox.dat
2008-11-19 22:37 58,284 --sha-w c:\windows\system32\drivers\fidbox.idx
2008-11-19 22:37 4,972 --sha-w c:\windows\system32\drivers\fidbox2.idx
2008-11-19 22:37 1,138,720 --sha-w c:\windows\system32\drivers\fidbox2.dat
2008-11-19 22:11 --------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab
2008-11-18 15:19 --------- d-----w c:\program files\Pirate Poppers
2008-11-18 15:19 --------- d-----w c:\documents and settings\Owner\Application Data\PlayFirst
2008-11-17 21:37 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-12 22:45 --------- d-----w c:\documents and settings\Owner\Application Data\DNA
2008-11-12 21:44 --------- d-----w c:\program files\DNA
2008-11-07 20:44 --------- d-----w c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters
2008-11-05 20:34 --------- d-----w c:\documents and settings\MIMI\Application Data\ICQ
2008-11-05 20:33 --------- d-----w c:\documents and settings\Mama\Application Data\ICQ
2008-11-05 11:42 --------- d-----w c:\documents and settings\Owner\Application Data\EAST Technologies
2008-11-05 10:10 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-05 02:56 96,976 ----a-w c:\windows\system32\drivers\klin.dat
2008-11-05 02:56 87,855 ----a-w c:\windows\system32\drivers\klick.dat
2008-11-04 12:05 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-04 11:10 --------- d-----w c:\program files\NCH Software
2008-11-04 10:40 --------- d-----w c:\documents and settings\All Users\Application Data\SlySoft
2008-11-04 10:35 --------- d-----w c:\program files\SlySoft
2008-11-02 12:55 --------- d-----w c:\documents and settings\Mama\Application Data\Skype
2008-11-02 12:43 --------- d-----w c:\documents and settings\Mama\Application Data\skypePM
2008-11-01 10:50 --------- d-----w c:\documents and settings\Owner\Application Data\LimeWire
2008-11-01 10:32 --------- d-----w c:\documents and settings\Owner\Application Data\Skype
2008-11-01 10:27 --------- d-----w c:\documents and settings\Owner\Application Data\skypePM
2008-10-31 20:42 --------- d-----w c:\program files\ICQToolbar
2008-10-27 20:00 --------- d-----w c:\documents and settings\Owner\Application Data\XnView
2008-10-19 14:00 --------- d-----w c:\program files\Desktop Clock
2008-10-19 13:16 --------- d-----w c:\program files\SystemRequirementsLab
2008-10-19 13:15 --------- d-----w c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2008-10-17 21:21 --------- d-----w c:\program files\MagicISO
2008-10-17 14:27 --------- d-----w c:\program files\MAGIX
2008-10-17 13:42 352,050 ----a-w c:\documents and settings\Owner\griffith_backup.zip
2008-10-17 13:42 --------- d-----w c:\documents and settings\Owner\Application Data\gtk-2.0
2008-10-17 13:41 --------- d-----w c:\documents and settings\Owner\Application Data\griffith
2008-10-11 18:18 --------- d-----w c:\documents and settings\MIMI\Application Data\ICQ Toolbar
2008-10-07 22:06 --------- d-----w c:\program files\Realtek AC97
2008-10-07 21:35 --------- d-----w c:\program files\NVIDIA Corporation
2008-10-07 21:35 --------- d-----w c:\program files\Common Files\NVIDIA Shared
2008-10-07 20:57 --------- d-----w c:\program files\Driver-Soft
2008-10-07 20:37 --------- d-----w c:\program files\Network Stumbler
2008-10-07 09:23 --------- d-----w c:\program files\iTunes
2008-10-07 09:23 --------- d-----w c:\program files\iPod
2008-10-07 09:23 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-10-06 18:33 --------- d-----w c:\program files\Common Files\xing shared
2008-10-06 18:32 --------- d-----w c:\program files\Common Files\Real
2008-10-05 09:42 --------- d-----w c:\program files\Skype
2008-10-04 14:48 --------- d-----w c:\documents and settings\MIMI\Application Data\iolo
2008-10-01 07:55 --------- d-----w c:\documents and settings\LocalService\Application Data\iolo
2008-09-30 18:08 --------- d-----w c:\documents and settings\LocalService\Application Data\Acronis
2008-09-30 14:04 --------- d-----w c:\documents and settings\Owner\Application Data\iolo
2008-09-30 14:04 --------- d-----w c:\documents and settings\All Users\Application Data\iolo
2008-09-30 13:35 44,384 ----a-w c:\windows\system32\drivers\tifsfilt.sys
2008-09-30 13:35 --------- d-----w c:\documents and settings\All Users\Application Data\Acronis
2008-09-30 13:34 441,760 ----a-w c:\windows\system32\drivers\timntr.sys
2008-09-30 13:34 368,480 ----a-w c:\windows\system32\drivers\tdrpman.sys
2008-09-30 13:34 132,224 ----a-w c:\windows\system32\drivers\snapman.sys
2008-09-30 13:34 --------- d-----w c:\program files\Common Files\Acronis
2008-09-30 13:14 --------- d-----w c:\program files\CityMedia Player
2008-09-30 12:46 --------- d-----w c:\documents and settings\Owner\Application Data\Ahead
2008-09-29 16:11 --------- d-----w c:\documents and settings\MIMI\Application Data\PlayFirst
2008-09-26 17:49 --------- d-----w c:\program files\Text Express 2
2008-09-26 17:39 --------- d-----w c:\documents and settings\Owner\Application Data\SpinTop
2008-09-26 00:27 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-09-26 00:21 --------- d-----w c:\program files\Common Files\Ahead
2008-09-26 00:19 --------- d-----w c:\program files\Nero
2008-09-25 23:57 --------- d-----w c:\documents and settings\All Users\Application Data\Nero
2008-09-25 22:49 --------- d-----w c:\program files\Unlocker
2008-09-25 22:48 --------- d-----w c:\documents and settings\Owner\Application Data\Desktopicon
2008-09-25 19:45 --------- d-----w c:\program files\Zylom Games
2008-09-24 17:16 --------- d-----w c:\documents and settings\Owner\Application Data\Zylom
2008-09-23 20:54 --------- d-----w c:\documents and settings\Owner\Application Data\dvdcss
2008-09-23 20:06 --------- d-----w c:\program files\Software Informer
2008-09-23 12:59 --------- d-----w c:\program files\QuickTime
2008-09-23 12:58 --------- d-----w c:\program files\Common Files\Apple
2008-09-23 12:42 --------- d-----w c:\program files\Apple Software Update
2008-09-22 20:48 --------- d-----w c:\program files\Paragon Software
2008-09-22 20:44 74,703 ----a-w c:\windows\system32\mfc45.dll
2008-09-22 20:26 --------- d-----w c:\program files\TuneUp Utilities 2007
2008-09-22 15:34 --------- d-----w c:\program files\Tumblebugs 2
2008-09-21 22:37 --------- d-----w c:\program files\LimeWire
2008-09-21 16:40 --------- d-----w c:\documents and settings\Owner\Application Data\Eyeblaster
2008-08-21 02:19 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll
2008-08-21 02:18 314,880 ----a-w c:\windows\system32\ati2dvag.dll
2008-08-21 02:08 184,320 ----a-w c:\windows\system32\atipdlxx.dll
2008-08-21 02:08 143,360 ----a-w c:\windows\system32\Oemdspif.dll
2008-08-21 02:07 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2008-08-21 02:07 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2008-08-21 02:07 143,360 ----a-w c:\windows\system32\ati2evxx.dll
2008-08-21 02:05 573,440 ----a-w c:\windows\system32\ati2evxx.exe
2008-08-21 02:04 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2008-08-21 02:01 10,084,352 ----a-w c:\windows\system32\atioglxx.dll
2008-08-21 01:55 4,094,560 ----a-w c:\windows\system32\ati3duag.dll
2008-08-21 01:50 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2008-08-21 01:38 2,377,856 ----a-w c:\windows\system32\ativvaxx.dll
2008-08-21 01:23 48,640 ----a-w c:\windows\system32\amdpcom32.dll
2008-08-21 01:19 380,928 ----a-w c:\windows\system32\atikvmag.dll
2008-08-21 01:18 37,376 ----a-w c:\windows\system32\atiadlxx.dll
2008-08-21 01:18 17,408 ----a-w c:\windows\system32\atitvo32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Gadwin PrintScreen"="c:\program files\Gadwin Systems\PrintScreen\PrintScreen.exe" [2007-08-20 495616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2008-04-25 201992]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 c:\windows\soundman.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Owner\Start Menu\Programs\Startup\
Moo0 SystemMonitor 1.18.lnk - c:\program files\Moo0\SystemMonitor 1.18\SystemMonitor.exe [2008-10-19 1323008]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Corel MEDIA FOLDERS INDEXER 8.LNK]
backup=c:\windows\pss\Corel MEDIA FOLDERS INDEXER 8.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^UDPixel.lnk]
backup=c:\windows\pss\UDPixel.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\East-Tec Backup 2007
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Miro
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmcService

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
--a------ 2008-04-09 19:14 136472 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a--c--- 2008-01-11 21:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-11-04 10:36 2259904 c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
--a------ 2007-10-04 17:38 307200 c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-09-13 10:12 139264 c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-11-12 20:51 342336 c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
--------- 2007-03-12 13:51 663552 c:\program files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 14:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
--a--c--- 2007-07-11 15:09 20480 c:\windows\FixCamera.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a--c--- 2007-01-29 20:10 46632 c:\program files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-10-01 17:57 289576 c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVMixerTray]
--a------ 2004-12-20 16:12 131072 c:\program files\NVIDIA Corporation\NvMixer\NvMixerTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2007-01-29 20:12 30248 c:\program files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 14:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
--a------ 2005-11-16 15:14 344064 c:\windows\vsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snpstd3]
--a------ 2006-09-19 08:07 827392 c:\windows\vsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2008-07-02 16:16 393216 c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a--c--- 2006-10-25 08:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-06 18:30 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer]
--a------ 2008-02-07 11:00 90112 c:\program files\MAGIX\Movie_Edit_Pro_14_PLUS_Download_version\Trayserver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
--a--c--- 2005-11-14 17:47 110592 c:\windows\tsnp2std.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnpstd3]
--a------ 2007-04-21 08:37 270336 c:\windows\tsnpstd3.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 19:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 12:00 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P17Helper]
--a------ 2005-05-03 18:38 64512 c:\windows\system32\P17.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TryAndDecideService"=2 (0x2)
"AcrSch2Svc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2008-09-22 40368]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 32784]
R0 si3112r;si3112r;c:\windows\system32\drivers\si3112r.sys [2008-06-02 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [2008-06-02 19240]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-13 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S1 efbDisk;efbDisk; []
S2 ousbehci;OrangeWare USB Enhanced Host Controller Service;c:\windows\system32\Drivers\ousbehci.sys [2008-06-06 46080]
S2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe -k netsvcs [2004-08-04 14336]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2008-06-11 1527900]
S3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\DRIVERS\ousb2hub.sys [2008-06-06 56960]
S3 R-ImageDisk;R-ImageDisk;\??\c:\program files\R-Drive Image\R-ImageDisk.sys [2008-08-07 126551]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\DRIVERS\s1018bus.sys [2008-10-29 90408]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s1018mdfl.sys [2008-10-29 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s1018mdm.sys [2008-10-29 122024]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s1018mgmt.sys [2008-10-29 115368]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\DRIVERS\s1018nd5.sys [2008-10-29 25768]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s1018obex.sys [2008-10-29 111784]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\DRIVERS\s1018unic.sys [2008-10-29 117544]
S3 SNP2STD;USB2.0 PC Camera (SNP2STD);c:\windows\system32\DRIVERS\snp2sxp.sys [2008-06-14 10192896]
.
Contents of the 'Scheduled Tasks' folder

2008-11-14 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-08-02 18:35]

2008-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{5398EA23-B66E-4297-A604-1B8DC100108A} - c:\windows\system32\xxyawxUO.dll
BHO-{75b7b954-ec69-4c08-853c-ec9152a541a3} - c:\windows\system32\xplkax.dll
BHO-{96E74E0B-9143-4D55-B522-35112296956A} - c:\windows\system32\iiffDWOg.dll
ShellExecuteHooks-{96E74E0B-9143-4D55-B522-35112296956A} - c:\windows\system32\iiffDWOg.dll
MSConfigStartUp-903c1117 - c:\windows\system32\gipqxeiv.dll


.
------- Supplementary Scan -------
.
FireFox -: Profile - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\e1ppiozp.default\
FF -: plugin - c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF -: plugin - c:\program files\DNA\plugins\npbtdna.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-11-19 22:40:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: c:\windows\explorer.exe
-> c:\program files\Unlocker\UnlockerHook.dll
-> ?:\windows\system32\urlmon.dll
-> ?:\windows\system32\urlmon.dll
-> ?:\windows\system32\urlmon.dll
-> ?:\windows\system32\urlmon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-11-19 22:45:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-11-19 22:45:20
ComboFix2.txt 2008-11-19 19:53:56

Pre-Run: 205,846,880,256 bytes free
Post-Run: 205,710,540,800 bytes free

479

Poslao: 20 Nov 2008 17:44
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Uplaoduj sledeće file-ove:

c:\windows\exitwx.exe
c:\windows\system32\flcss.exe


Upload link: http://www.mycity.rs/ambulanta-upload.php


-------------------------------------------------------------------------------------



Arrow Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\cuycqaef.dll
c:\windows\system32\ttibivdw.dll
c:\windows\system32\kciwqptl.dll
c:\windows\system32\wvrlagoj.dll
c:\windows\system32\bjvaaqjm.dll
c:\windows\system32\jefgoswj.dll
c:\windows\system32\avkrokwp.dll
c:\windows\system32\rlweuijo.dll
c:\windows\system32\kUuCefii.ini
c:\windows\system32\tidcxytu.dll


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 20 Nov 2008 20:11
Idi na vrh
offline
  • Pridružio: 18 Nov 2008
  • Poruke: 45
  • Gde živiš: NEWCASTLE UPON TYNE

mycity.rs/must-login.png

mycity.rs/must-login.png

Poslao: 20 Nov 2008 20:17
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ne ovako da ih uploadujes, moze neko da klikne pa da se zarazi ukoliko su maliciozni. Dobio si gore link za posebnu upload formu.
Zamolio bih te da fajlove uploadujes preko te forme, pa da mi ovde javis da obrisem ova dva linka koja si postavio.

Poslao: 20 Nov 2008 20:33
Idi na vrh
offline
  • Pridružio: 18 Nov 2008
  • Poruke: 45
  • Gde živiš: NEWCASTLE UPON TYNE

izvini ali ne znam kako se uploaduje preko te forme

Poslao: 20 Nov 2008 20:39
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Samo isprati ostatak uputstva...

MyCity » Ambulanta -> Arhiva Ambulante » KAKO SE RESITI lsass.exe?

Ko je trenutno na forumu
 

Ukupno su 1152 korisnika na forumu :: 40 registrovanih, 10 sakrivenih i 1102 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: ajo baba, Ben Roj, Bobrock1, bokisha253, borya90, djboj, DPera, Frunze, GORDI, Griffon vulture, havoc995, HrcAk47, ivan979, ivica976, jukeboxer, kalens021, kikisp, Krusarac, Kubovac, lcc, Leonov, Lieutenant, mane123, MB120mm, Mercury, mikki jons, milenko crazy north, nebkv, nemkea71, nenad81, panzerwaffe, pein, raykan, Romibrat, royst33, stegonosa, theNedjeljko, vladulns, šumar bk2, Čivi