Msfeedssync.exe Application error

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 26 Apr 2010 18:01

Jesam i sada cu da proverim jeli ga konacno deinstalirao

Dopuna: 26 Apr 2010 18:21

ComboFix 10-04-21.01 - Milica 26.04.2010 18:12:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.516 [GMT 2:00]
Running from: c:\documents and settings\Milica\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100426-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Milica\Application Data\Desktopicon
c:\documents and settings\Milica\Application Data\Desktopicon\config.ini
c:\documents and settings\Milica\Application Data\Desktopicon\eBayShortcuts.exe
c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\2.bin\CHROME.MANIFEST
c:\program files\MyWebSearch\bar\2.bin\chrome\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\2.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\2.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\2.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HKSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3HTmlmu.dll
c:\program files\MyWebSearch\bar\2.bin\F3HTtpct.dll
c:\program files\MyWebSearch\bar\2.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\2.bin\F3REGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\2.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\2.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\2.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\2.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\2.bin\INSTALL.RDF
c:\program files\MyWebSearch\bar\2.bin\M3AUXSTB.DLL
c:\program files\MyWebSearch\bar\2.bin\M3DLGHK.DLL
c:\program files\MyWebSearch\bar\2.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\2.bin\M3HTml.dll
c:\program files\MyWebSearch\bar\2.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\2.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\2.bin\M3MSg.dll
c:\program files\MyWebSearch\bar\2.bin\M3OUtlcn.dll
c:\program files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\2.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\2.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSMLBTN.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
c:\program files\MyWebSearch\bar\2.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\2.bin\MWSUABTN.DLL
c:\program files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00104911
c:\program files\MyWebSearch\bar\Cache\01DC8448.bin
c:\program files\MyWebSearch\bar\Cache\01DC85FD.bin
c:\program files\MyWebSearch\bar\Cache\01DC8978.bin
c:\program files\MyWebSearch\bar\Cache\01DC8AA1.bin
c:\program files\MyWebSearch\bar\Cache\01DC8BE9.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\Search Settings
c:\program files\Search Settings\FF\chrome.manifest
c:\program files\Search Settings\FF\chrome\content\plugin.js
c:\program files\Search Settings\FF\chrome\content\plugin.xul
c:\program files\Search Settings\FF\chrome\content\protection.js
c:\program files\Search Settings\FF\chrome\content\utils.js
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.dtd
c:\program files\Search Settings\FF\chrome\locale\en-US\searchsettingsplugin.properties
c:\program files\Search Settings\FF\components\IFBHOSearch.xpt
c:\program files\Search Settings\FF\components\IFBHOSearchHelperEngine.xpt
c:\program files\Search Settings\FF\components\IFHelperPreferences.xpt
c:\program files\Search Settings\FF\components\SearchSettingsFF.dll
c:\program files\Search Settings\FF\install.rdf
c:\program files\Search Settings\SearchSettings.dll
c:\program files\Search Settings\SearchSettings.exe
c:\program files\Search Settings\SearchSettingsRes409.dll
c:\windows\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-25 08:44 . 2010-04-25 08:44 -------- d-----w- c:\documents and settings\Milica\Application Data\TP
2010-04-25 07:36 . 2010-01-25 14:39 124 ----a-w- C:\109451_896305325_Bootini_001.bat
2010-04-25 07:34 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-25 07:31 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-25 07:10 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-25 07:10 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-25 07:10 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-25 07:10 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-24 20:42 . 2010-01-25 14:39 124 ----a-w- C:\109451_896305325_Bootini.bat
2010-04-24 11:41 . 2005-07-19 03:05 135168 ----a-r- c:\windows\system32\igfxres.dll
2010-04-24 11:32 . 2002-10-29 09:40 25111 ----a-w- c:\windows\remove.exe
2010-04-24 11:12 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-04-24 11:11 . 2004-08-04 12:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll
2010-04-24 10:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-04-24 10:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-04-24 10:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-04-24 10:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-04-24 09:56 . 2010-04-24 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-24 09:22 . 2010-04-24 09:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\program files\Smart PC Solutions
2010-04-24 09:20 . 2010-04-24 09:20 -------- d-----w- C:\downloads
2010-04-23 22:32 . 2008-06-12 14:16 91648 -c--a-w- c:\windows\system32\dllcache\mtxoci.dll
2010-04-23 22:31 . 2009-02-06 16:39 227840 -c--a-w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-23 22:31 . 2009-02-06 16:39 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2010-04-23 22:30 . 2004-08-04 12:00 28672 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2010-04-23 17:10 . 2008-09-10 14:25 1059216 ----a-w- c:\program files\NTFSRatioSetup.exe
2010-04-23 16:15 . 2010-04-23 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-04-23 16:15 . 2010-04-23 16:15 -------- d-----w- c:\documents and settings\Milica\Application Data\Merscom
2010-04-23 14:05 . 2010-04-23 14:05 -------- d-----w- c:\documents and settings\Milica\Application Data\TMNT
2010-04-08 18:22 . 2010-04-23 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-06 22:56 . 2010-04-06 22:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 22:56 . 2010-04-06 22:56 503808 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2179fef5-n\msvcp71.dll
2010-04-06 22:56 . 2010-04-06 22:56 499712 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2179fef5-n\jmc.dll
2010-04-06 22:56 . 2010-04-06 22:56 61440 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ec1346e-n\decora-sse.dll
2010-04-06 22:56 . 2010-04-06 22:56 12800 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ec1346e-n\decora-d3d.dll
2010-04-05 15:26 . 2009-11-12 19:20 2046809 ----a-w- c:\program files\DupKillerSetup.exe
2010-04-05 15:13 . 2010-04-05 15:13 20992 ---ha-w- c:\documents and settings\Milica\Application Data\Easy Duplicate Finder\edflib.dll
2010-04-05 15:01 . 2010-04-23 22:24 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-04-05 15:01 . 2010-04-05 15:13 -------- d-----w- c:\documents and settings\Milica\Application Data\Easy Duplicate Finder
2010-04-05 15:01 . 2010-04-05 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy Duplicate Finder
2010-04-05 14:55 . 2010-04-05 14:54 2729744 ----a-w- c:\program files\easy_duplicate_setup.exe
2010-03-31 17:43 . 2010-03-31 21:30 -------- d-----w- c:\documents and settings\Milica\Local Settings\Application Data\WMTools Downloaded Files
2010-03-30 21:42 . 2010-03-30 21:42 -------- d-----w- c:\program files\PowerPoint to Video
2010-03-30 19:02 . 2010-03-30 19:07 -------- d-----w- c:\program files\MediaCoder
2010-03-29 15:18 . 2006-11-10 16:23 18704 ----a-r- c:\windows\system32\drivers\se2End5.sys
2010-03-28 19:24 . 2010-03-28 19:24 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-26 16:04 . 2010-01-19 16:28 1 ----a-w- c:\documents and settings\Milica\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-04-26 16:04 . 2010-01-19 16:27 -------- d-----w- c:\documents and settings\Milica\Application Data\OpenOffice.org2
2010-04-26 14:01 . 2009-06-16 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-24 11:08 . 2009-05-02 14:24 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-24 08:14 . 2009-05-04 19:47 73152 ----a-w- c:\documents and settings\Milica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-24 04:57 . 2009-06-05 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-04-24 04:53 . 2009-12-14 18:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2010-04-23 22:39 . 2009-05-02 20:02 -------- d-----w- c:\documents and settings\Milica\Application Data\Orbit
2010-04-23 22:26 . 2009-06-07 18:11 -------- d-----w- c:\documents and settings\Milica\Application Data\WinPatrol
2010-04-23 22:26 . 2009-07-23 19:48 -------- d-----w- c:\program files\windows media player1
2010-04-23 22:26 . 2009-07-09 17:29 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-23 22:26 . 2009-05-02 14:44 -------- d-----w- c:\program files\SuperUtility
2010-04-23 22:26 . 2009-10-29 19:12 -------- d-----w- c:\program files\Songbird
2010-04-23 22:26 . 2010-02-26 22:55 -------- d-----w- c:\program files\QuickZip4
2010-04-23 22:26 . 2010-01-19 16:24 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-04-23 22:25 . 2009-06-06 08:05 -------- d-----w- c:\program files\DupKiller
2010-04-23 22:25 . 2009-08-28 19:59 -------- d-----w- c:\program files\ConvertHelper
2010-04-23 22:25 . 2009-08-18 11:36 -------- d-----w- c:\program files\BitComet
2010-04-23 22:25 . 2009-12-30 17:34 -------- d-----w- c:\program files\Adacco
2010-04-23 22:25 . 2009-08-17 16:18 -------- d-----w- c:\documents and settings\Milica\Application Data\uTorrent
2010-04-23 22:25 . 2009-11-20 16:53 -------- d-----w- c:\documents and settings\Milica\Application Data\XnView
2010-04-23 22:24 . 2009-08-17 17:17 -------- d-----w- c:\documents and settings\Milica\Application Data\Azureus
2010-04-23 22:24 . 2010-01-15 21:15 -------- d-----w- c:\program files\FastPictureViewer
2010-04-23 22:23 . 2010-02-25 18:51 -------- d-----w- c:\program files\AutoGK
2010-04-23 22:23 . 2009-09-18 15:37 -------- d-----w- c:\program files\Magentic
2010-04-23 22:23 . 2009-06-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-23 19:31 . 2009-11-07 08:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 14:25 . 2010-02-15 17:58 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-04-08 19:09 . 2009-05-11 16:05 -------- d-----w- c:\program files\Google
2010-04-08 19:07 . 2010-02-15 09:10 -------- d-----w- c:\program files\File Extension Changer
2010-04-08 18:56 . 2009-07-28 18:38 -------- d-----w- c:\program files\MV2Player
2010-04-08 18:23 . 2009-08-17 17:16 -------- d-----w- c:\program files\Vuze
2010-04-08 18:22 . 2009-07-08 18:16 -------- d-----w- c:\program files\Yahoo!
2010-04-06 22:56 . 2010-01-23 21:26 -------- d-----w- c:\program files\Java
2010-03-30 21:41 . 2009-10-23 17:21 -------- d-----w- c:\documents and settings\Milica\Application Data\OpenWith.org Cache
2010-03-30 21:02 . 2010-01-27 18:49 -------- d-----w- c:\program files\Application Updater
2010-03-29 15:21 . 2009-06-08 18:38 -------- d-----w- c:\documents and settings\Milica\Application Data\Teleca
2010-03-25 13:28 . 2009-05-05 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-23 18:38 . 2010-03-23 18:38 -------- d-----w- c:\documents and settings\Milica\Application Data\Western Software Technologies
2010-03-23 18:28 . 2010-03-23 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Frenzy
2010-03-22 11:46 . 2010-03-23 18:31 34640088 ----a-w- c:\program files\amazingpyramids_setup.exe
2010-03-16 20:31 . 2010-03-16 20:31 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-16 20:31 . 2010-03-16 20:31 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-16 20:31 . 2009-05-11 16:06 -------- d-----w- c:\program files\Common Files\Real
2010-03-16 20:31 . 2010-01-10 08:31 -------- d-----w- c:\program files\Real
2010-03-16 20:31 . 2010-03-16 20:31 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-14 08:31 . 2010-03-14 07:59 -------- d-----w- c:\documents and settings\Milica\Application Data\Sammsoft
2010-03-10 14:44 . 2010-03-23 18:08 17812664 ----a-w- c:\program files\farmfrenzy_setup.exe
2010-03-10 08:02 . 2004-08-04 12:00 417792 ----a-w- c:\windows\system32\vbscript.dll
2010-03-09 07:48 . 2010-02-14 10:22 2577824 ----a-w- c:\program files\OrbitDownloaderSetup.exe
2010-02-28 08:16 . 2010-02-28 08:16 -------- d-----w- c:\program files\7-Zip
2010-02-28 08:15 . 2010-02-26 23:01 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-02-26 06:12 . 2004-08-04 12:00 662016 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 06:12 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-25 18:51 . 2010-02-25 18:51 -------- d-----w- c:\program files\XviD
2010-02-25 18:51 . 2010-02-25 18:51 -------- d-----w- c:\program files\AviSynth 2.5
2010-02-25 18:51 . 2010-02-25 18:51 -------- d-----w- c:\program files\Gabest
2010-02-25 18:03 . 2010-02-25 18:03 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2010-02-25 17:42 . 2010-02-25 17:42 57856 ----a-w- c:\windows\system32\CgdRun20.DLL
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 13:19 . 2004-08-04 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 17:58 . 2010-02-15 17:58 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-15 08:50 . 2010-02-15 08:47 17296645 ----a-w- c:\documents and settings\Milica\Application Data\OpenWith.org Downloaded Setups\Dia 0.97\Dia 0.97.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-28 13:46 . 2010-01-28 19:57 3370400 ----a-w- c:\program files\ccsetup228.exe
2010-01-20 10:47 . 2010-01-20 16:43 5160860 ----a-w- c:\program files\HSFormular_Setup.exe
2010-01-13 11:50 . 2010-01-15 21:12 4561408 ----a-w- c:\program files\FastPictureViewer.msi
2009-12-24 23:03 . 2010-01-10 07:50 793624 ----a-w- c:\program files\RealPlayerSPGold.exe
2009-12-18 19:12 . 2010-01-11 16:27 21540168 ----a-w- c:\program files\TU2010TrialEN-US.exe
2009-10-26 19:18 . 2010-02-14 10:25 3096366 ----a-w- c:\program files\YouTubeDownloaderSetup253b.exe
2009-07-22 07:57 . 2009-07-24 14:08 893537 ----a-w- c:\program files\MV2Player_06.010.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Milica\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-6-11 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-5-2 724992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SMSERIAL"=sm56hlpr.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"igfxpers"=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Orbitdownloader\\orbitdm.exe"=
"d:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:uTorrent
"61534:TCP"= 61534:TCP:Vuze
"61690:TCP"= 61690:TCP:Bit Torrent 61690
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [02.05.2009 18:15 114768]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02.05.2009 18:15 20560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13.07.2009 18:15 93320]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [02.05.2009 17:05 25105]
S2 gupdate1c9d2524ce163b4;Google Update Service (gupdate1c9d2524ce163b4);c:\program files\Google\Update\GoogleUpdate.exe [11.05.2009 18:05 133104]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [26.10.2009 16:05 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [26.10.2009 16:05 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [26.10.2009 16:05 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [26.10.2009 16:05 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [26.10.2009 16:05 83344]
.
Contents of the 'Scheduled Tasks' folder

2010-04-26 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:05]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:05]

2010-04-26 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-07-24 10:30]

2010-04-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-507921405-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-24 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-507921405-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{0163AA88-21A2-4366-B7E6-E0B064C036AC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milica\Application Data\Mozilla\Firefox\Profiles\72z8v99e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: d:\orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\Milica\Application Data\Mozilla\Firefox\Profiles\72z8v99e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Milica\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.interval - 100000
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.max-connections-per-server - 8
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4F11ACBB-393F-4C86-A214-FF3D0D155CC3} - (no file)
AddRemove-Lost City of Z_is1 - c:\program files\MyPlayCity.com\Lost City of Z\unins000.exe
AddRemove-Wubi - c:\ubuntu\uninstall-wubi.exe
AddRemove-BitTorrent - c:\program files\BitTorrent\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-26 18:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-507921405-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
Completion time: 2010-04-26 18:19:17
ComboFix-quarantined-files.txt 2010-04-26 16:19

Pre-Run: 51,335,647,232 bytes free
Post-Run: 51,317,956,608 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 8F6BE48EB004451209500C78D18E06F7
Evo ga

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Izvini na čekanju.



Otvoriti Notepad i iskopirati sledeci tekst:

FileLook::
c:\program files\Application Updater\ApplicationUpdater.exe
c:\windows\system32\dllcache\register.exe
c:\windows\remove.exe

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 27 Apr 2010 7:09

Hvala na strpljenju ali ja sam već dva tri dana "noćobdija" zbog ovoga i nisam mogla da izdržim više zaspala sam pa ću tako moći ovo da primenim tek kad odem kući- a sta je u pitanju sta je ovaj Application Updater\ApplicationUpdater.exe ?

Dopuna: 27 Apr 2010 17:03

Pa evo mene konacno - morala sam i avast ponovo da instaliram tj apdejtujem (u 5-cu) jer mi je na danasnji dan proteklo godinu dana pa nisam mogla nikako da ga deaktiviram dok nisam apdejtovala. I to je zavrseno i kacim log
https://www.mycity.rs/must-login.png




ComboFix 10-04-26.04 - Milica 27.04.2010 16:48:24.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.506 [GMT 2:00]
Running from: c:\documents and settings\Milica\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Milica\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-03-27 to 2010-04-27 )))))))))))))))))))))))))))))))
.

2010-04-27 14:32 . 2010-04-27 14:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-04-27 14:16 . 2010-02-25 06:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-04-27 14:16 . 2010-02-25 09:54 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-04-27 14:16 . 2010-02-25 06:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-04-27 14:16 . 2010-02-25 06:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-04-27 14:16 . 2010-02-25 06:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-04-27 14:16 . 2010-02-25 06:24 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-04-27 14:15 . 2010-02-16 04:50 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-04-25 08:44 . 2010-04-25 08:44 -------- d-----w- c:\documents and settings\Milica\Application Data\TP
2010-04-25 07:36 . 2010-01-25 14:39 124 ----a-w- C:\109451_896305325_Bootini_001.bat
2010-04-25 07:34 . 2010-02-24 12:31 454016 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-25 07:31 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-25 07:10 . 2010-02-16 13:17 2137088 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-25 07:10 . 2010-02-16 13:19 2181376 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-04-25 07:10 . 2010-02-16 12:39 2016768 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-25 07:10 . 2010-02-16 12:39 2058368 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-24 20:42 . 2010-01-25 14:39 124 ----a-w- C:\109451_896305325_Bootini.bat
2010-04-24 11:41 . 2005-07-19 03:05 135168 ----a-r- c:\windows\system32\igfxres.dll
2010-04-24 11:32 . 2002-10-29 09:40 25111 ----a-w- c:\windows\remove.exe
2010-04-24 11:12 . 2004-08-04 12:00 14848 -c--a-w- c:\windows\system32\dllcache\register.exe
2010-04-24 11:11 . 2004-08-04 12:00 57856 -c--a-w- c:\windows\system32\dllcache\esuimgd.dll
2010-04-24 10:58 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-04-24 10:58 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-04-24 10:58 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-04-24 10:58 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-04-24 09:56 . 2010-04-24 09:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-24 09:22 . 2010-04-24 09:26 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-04-24 09:21 . 2010-04-24 09:21 -------- d-----w- c:\program files\Smart PC Solutions
2010-04-24 09:20 . 2010-04-24 09:20 -------- d-----w- C:\downloads
2010-04-23 22:32 . 2008-06-12 14:16 91648 -c--a-w- c:\windows\system32\dllcache\mtxoci.dll
2010-04-23 22:31 . 2009-02-06 16:39 227840 -c--a-w- c:\windows\system32\dllcache\wmiprvse.exe
2010-04-23 22:31 . 2009-02-06 16:39 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2010-04-23 22:30 . 2004-08-04 12:00 28672 -c--a-w- c:\windows\system32\dllcache\custsat.dll
2010-04-23 17:10 . 2008-09-10 14:25 1059216 ----a-w- c:\program files\NTFSRatioSetup.exe
2010-04-23 16:15 . 2010-04-23 16:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Merscom
2010-04-23 16:15 . 2010-04-23 16:15 -------- d-----w- c:\documents and settings\Milica\Application Data\Merscom
2010-04-23 14:05 . 2010-04-23 14:05 -------- d-----w- c:\documents and settings\Milica\Application Data\TMNT
2010-04-08 18:22 . 2010-04-23 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-04-06 22:56 . 2010-04-06 22:56 -------- d-----w- c:\program files\Common Files\Java
2010-04-06 22:56 . 2010-04-06 22:56 503808 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2179fef5-n\msvcp71.dll
2010-04-06 22:56 . 2010-04-06 22:56 499712 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2179fef5-n\jmc.dll
2010-04-06 22:56 . 2010-04-06 22:56 61440 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ec1346e-n\decora-sse.dll
2010-04-06 22:56 . 2010-04-06 22:56 12800 ----a-w- c:\documents and settings\Milica\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-4ec1346e-n\decora-d3d.dll
2010-04-05 15:26 . 2009-11-12 19:20 2046809 ----a-w- c:\program files\DupKillerSetup.exe
2010-04-05 15:13 . 2010-04-05 15:13 20992 ---ha-w- c:\documents and settings\Milica\Application Data\Easy Duplicate Finder\edflib.dll
2010-04-05 15:01 . 2010-04-23 22:24 -------- d-----w- c:\program files\Easy Duplicate Finder
2010-04-05 15:01 . 2010-04-05 15:13 -------- d-----w- c:\documents and settings\Milica\Application Data\Easy Duplicate Finder
2010-04-05 15:01 . 2010-04-05 15:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Easy Duplicate Finder
2010-04-05 14:55 . 2010-04-05 14:54 2729744 ----a-w- c:\program files\easy_duplicate_setup.exe
2010-03-31 17:43 . 2010-03-31 21:30 -------- d-----w- c:\documents and settings\Milica\Local Settings\Application Data\WMTools Downloaded Files
2010-03-30 21:42 . 2010-03-30 21:42 -------- d-----w- c:\program files\PowerPoint to Video
2010-03-30 19:02 . 2010-03-30 19:07 -------- d-----w- c:\program files\MediaCoder
2010-03-29 15:18 . 2006-11-10 16:23 18704 ----a-r- c:\windows\system32\drivers\se2End5.sys
2010-03-28 19:24 . 2010-03-28 19:24 -------- d-----w- c:\windows\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-27 14:34 . 2010-01-19 16:27 -------- d-----w- c:\documents and settings\Milica\Application Data\OpenOffice.org2
2010-04-27 14:34 . 2009-05-02 16:15 -------- d-----w- c:\program files\Alwil Software
2010-04-26 16:04 . 2010-01-19 16:28 1 ----a-w- c:\documents and settings\Milica\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2010-04-26 14:01 . 2009-06-16 18:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-04-24 11:08 . 2009-05-02 14:24 22748 ----a-w- c:\windows\system32\emptyregdb.dat
2010-04-24 08:14 . 2009-05-04 19:47 73152 ----a-w- c:\documents and settings\Milica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-24 04:57 . 2009-06-05 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-04-24 04:53 . 2009-12-14 18:59 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2010-04-23 22:39 . 2009-05-02 20:02 -------- d-----w- c:\documents and settings\Milica\Application Data\Orbit
2010-04-23 22:26 . 2009-06-07 18:11 -------- d-----w- c:\documents and settings\Milica\Application Data\WinPatrol
2010-04-23 22:26 . 2009-07-23 19:48 -------- d-----w- c:\program files\windows media player1
2010-04-23 22:26 . 2009-07-09 17:29 -------- d-----w- c:\program files\Windows Media Connect 2
2010-04-23 22:26 . 2009-05-02 14:44 -------- d-----w- c:\program files\SuperUtility
2010-04-23 22:26 . 2009-10-29 19:12 -------- d-----w- c:\program files\Songbird
2010-04-23 22:26 . 2010-02-26 22:55 -------- d-----w- c:\program files\QuickZip4
2010-04-23 22:26 . 2010-01-19 16:24 -------- d-----w- c:\program files\OpenOffice.org 2.4
2010-04-23 22:25 . 2009-06-06 08:05 -------- d-----w- c:\program files\DupKiller
2010-04-23 22:25 . 2009-08-28 19:59 -------- d-----w- c:\program files\ConvertHelper
2010-04-23 22:25 . 2009-08-18 11:36 -------- d-----w- c:\program files\BitComet
2010-04-23 22:25 . 2009-12-30 17:34 -------- d-----w- c:\program files\Adacco
2010-04-23 22:25 . 2009-08-17 16:18 -------- d-----w- c:\documents and settings\Milica\Application Data\uTorrent
2010-04-23 22:25 . 2009-11-20 16:53 -------- d-----w- c:\documents and settings\Milica\Application Data\XnView
2010-04-23 22:24 . 2009-08-17 17:17 -------- d-----w- c:\documents and settings\Milica\Application Data\Azureus
2010-04-23 22:24 . 2010-01-15 21:15 -------- d-----w- c:\program files\FastPictureViewer
2010-04-23 22:23 . 2010-02-25 18:51 -------- d-----w- c:\program files\AutoGK
2010-04-23 22:23 . 2009-09-18 15:37 -------- d-----w- c:\program files\Magentic
2010-04-23 22:23 . 2009-06-30 15:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-23 19:31 . 2009-11-07 08:53 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-23 14:25 . 2010-02-15 17:58 -------- d-----w- c:\program files\TuneUp Utilities 2008
2010-04-14 16:47 . 2009-05-02 16:15 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-14 16:47 . 2009-05-02 16:15 153184 ----a-w- c:\windows\system32\aswBoot.exe
2010-04-14 16:35 . 2009-05-02 16:15 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-04-14 16:35 . 2009-05-02 16:15 162768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-04-14 16:31 . 2009-05-02 16:15 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-04-14 16:31 . 2009-05-02 16:15 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-04-14 16:31 . 2009-05-02 16:15 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-04-14 16:31 . 2009-05-02 16:15 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-04-14 16:30 . 2009-05-02 16:15 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-04-08 19:09 . 2009-05-11 16:05 -------- d-----w- c:\program files\Google
2010-04-08 19:07 . 2010-02-15 09:10 -------- d-----w- c:\program files\File Extension Changer
2010-04-08 18:56 . 2009-07-28 18:38 -------- d-----w- c:\program files\MV2Player
2010-04-08 18:23 . 2009-08-17 17:16 -------- d-----w- c:\program files\Vuze
2010-04-08 18:22 . 2009-07-08 18:16 -------- d-----w- c:\program files\Yahoo!
2010-04-06 22:56 . 2010-01-23 21:26 -------- d-----w- c:\program files\Java
2010-03-30 21:41 . 2009-10-23 17:21 -------- d-----w- c:\documents and settings\Milica\Application Data\OpenWith.org Cache
2010-03-30 21:02 . 2010-01-27 18:49 -------- d-----w- c:\program files\Application Updater
2010-03-29 15:21 . 2009-06-08 18:38 -------- d-----w- c:\documents and settings\Milica\Application Data\Teleca
2010-03-25 13:28 . 2009-05-05 18:29 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-23 18:38 . 2010-03-23 18:38 -------- d-----w- c:\documents and settings\Milica\Application Data\Western Software Technologies
2010-03-23 18:28 . 2010-03-23 18:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Farm Frenzy
2010-03-22 11:46 . 2010-03-23 18:31 34640088 ----a-w- c:\program files\amazingpyramids_setup.exe
2010-03-16 20:31 . 2010-03-16 20:31 329312 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-03-16 20:31 . 2010-03-16 20:31 300616 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-03-16 20:31 . 2010-03-16 20:31 118784 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-03-16 20:31 . 2009-05-11 16:06 -------- d-----w- c:\program files\Common Files\Real
2010-03-16 20:31 . 2010-01-10 08:31 -------- d-----w- c:\program files\Real
2010-03-16 20:31 . 2010-03-16 20:31 -------- d-----w- c:\program files\Common Files\xing shared
2010-03-14 08:31 . 2010-03-14 07:59 -------- d-----w- c:\documents and settings\Milica\Application Data\Sammsoft
2010-03-10 14:44 . 2010-03-23 18:08 17812664 ----a-w- c:\program files\farmfrenzy_setup.exe
2010-03-09 07:48 . 2010-02-14 10:22 2577824 ----a-w- c:\program files\OrbitDownloaderSetup.exe
2010-02-28 08:16 . 2010-02-28 08:16 -------- d-----w- c:\program files\7-Zip
2010-02-28 08:15 . 2010-02-26 23:01 -------- d-----w- c:\program files\Free RAR Extract Frog
2010-02-25 18:03 . 2010-02-25 18:03 43602 ----a-w- c:\windows\system32\xvid-uninstall.exe
2010-02-25 17:42 . 2010-02-25 17:42 57856 ----a-w- c:\windows\system32\CgdRun20.DLL
2010-02-25 06:24 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 12:31 . 2004-08-04 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
2010-02-16 13:19 . 2004-08-04 12:00 2181376 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 12:39 . 2004-08-03 22:59 2058368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-15 17:58 . 2010-02-15 17:58 355584 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-02-15 08:50 . 2010-02-15 08:47 17296645 ----a-w- c:\documents and settings\Milica\Application Data\OpenWith.org Downloaded Setups\Dia 0.97\Dia 0.97.exe
2010-02-12 04:47 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:01 . 2004-08-04 12:00 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2010-01-28 13:46 . 2010-01-28 19:57 3370400 ----a-w- c:\program files\ccsetup228.exe
2010-01-20 10:47 . 2010-01-20 16:43 5160860 ----a-w- c:\program files\HSFormular_Setup.exe
2010-01-13 11:50 . 2010-01-15 21:12 4561408 ----a-w- c:\program files\FastPictureViewer.msi
2009-12-24 23:03 . 2010-01-10 07:50 793624 ----a-w- c:\program files\RealPlayerSPGold.exe
2009-12-18 19:12 . 2010-01-11 16:27 21540168 ----a-w- c:\program files\TU2010TrialEN-US.exe
2009-10-26 19:18 . 2010-02-14 10:25 3096366 ----a-w- c:\program files\YouTubeDownloaderSetup253b.exe
2009-07-22 07:57 . 2009-07-24 14:08 893537 ----a-w- c:\program files\MV2Player_06.010.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\program files\Application Updater\ApplicationUpdater.exe ---
Company: Spigot, Inc.
File Description: Application Updater
File Version: 1, 1, 2, 17
Product Name: Application Updater
Copyright: Copyright © 2005-2010 Spigot, Inc.
Original Filename: ApplicationUpdater.exe
File size: 380928
Created time: 2010-02-19 17:43
Modified time: 2010-02-19 17:43
MD5: E0A2B1714BCA4BE98EEB63D7A44A8757
SHA1: 11D1287BDAD58A66AEDCF7738F3C9FE8539CF27B


--- c:\windows\remove.exe ---
Company: Windows (R) 2000 DDK provider
File Description: Remove Program for Windows 2000 Drivers
File Version: 5.00.2195.1620
Product Name: Windows (R) 2000 DDK driver
Copyright: Copyright (C) Microsoft Corp. 1981-1999
Original Filename: Remove.exe
File size: 25111
Created time: 2010-04-24 11:32
Modified time: 2002-10-29 09:40
MD5: FFE550D44DF09D1C5C2696D6A3BD58F7
SHA1: 32CC24F9153EE315C873C497E9DF7917ABB2A582


--- c:\windows\system32\dllcache\register.exe ---
Company: Microsoft Corporation
File Description: Program Register Utility
File Version: 5.1.2600.0 (xpclient.010817-1148-)
Product Name: Microsoft® Windows® Operating System
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: register.exe
File size: 14848
Created time: 2010-04-24 11:12
Modified time: 2004-08-04 12:00
MD5: 65454CC9B68270EF99550AE3BD9CB916
SHA1: 33DB9FBACD4E404BA9FEDB60D203E6EA9EB7A2E5


((((((((((((((((((((((((((((( SnapShot@2010-04-26_16.17.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 22:02 . 2009-07-11 22:02 51008 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_f0ccd4aa\vcomp90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 59728 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90rus.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 42832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90kor.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 43344 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90jpn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61264 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90ita.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 62800 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90fra.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61760 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esp.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 61776 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90esn.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 53568 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90enu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 63296 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90deu.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 36688 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90cht.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 35648 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_15fc9313\mfc90chs.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90u.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfcm90.dll
+ 2010-04-27 14:34 . 2010-04-27 14:34 16384 c:\windows\Temp\Perflib_Perfdata_7cc.dat
+ 2010-04-27 14:34 . 2010-04-27 14:34 16384 c:\windows\Temp\Perflib_Perfdata_394.dat
- 2009-05-02 15:06 . 2009-01-07 17:21 26144 c:\windows\system32\spupdsvc.exe
+ 2009-05-02 15:06 . 2009-01-07 16:21 26144 c:\windows\system32\spupdsvc.exe
- 2009-07-23 20:00 . 2009-01-07 17:20 16928 c:\windows\system32\spmsg.dll
+ 2009-07-23 20:00 . 2009-01-07 16:20 16928 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\pngfilt.dll
- 2009-01-07 16:20 . 2009-01-07 17:20 23552 c:\windows\system32\normaliz.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 23552 c:\windows\system32\normaliz.dll
- 2009-01-07 16:20 . 2009-01-07 17:20 24576 c:\windows\system32\nlsdl.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 24576 c:\windows\system32\nlsdl.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\mshta.exe
+ 2004-08-04 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\licmgr10.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\imgutil.dll
- 2009-03-08 02:32 . 2009-03-08 03:32 36864 c:\windows\system32\ieudinit.exe
+ 2009-03-08 02:32 . 2009-03-08 02:32 36864 c:\windows\system32\ieudinit.exe
+ 2004-08-04 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\iernonce.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 26112 c:\windows\system32\idndl.dll
- 2009-01-07 16:20 . 2009-01-07 17:20 26112 c:\windows\system32\idndl.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 46592 c:\windows\system32\dllcache\pngfilt.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 48128 c:\windows\system32\dllcache\mshtmler.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 45568 c:\windows\system32\dllcache\mshta.exe
+ 2004-08-04 12:00 . 2009-03-08 02:34 43008 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 94720 c:\windows\system32\dllcache\inseng.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 34816 c:\windows\system32\dllcache\imgutil.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 71680 c:\windows\system32\dllcache\iesetup.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 55808 c:\windows\system32\dllcache\iernonce.dll
+ 2009-05-02 14:24 . 2009-03-08 02:24 68608 c:\windows\system32\dllcache\hmmapi.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\dllcache\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\dllcache\admparse.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 18944 c:\windows\system32\corpol.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 72704 c:\windows\system32\admparse.dll
- 2010-03-31 19:45 . 2009-12-21 19:14 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
+ 2010-03-31 19:45 . 2009-03-08 02:33 25600 c:\windows\ie8updates\KB980182-IE8\jsproxy.dll
- 2009-12-12 18:20 . 2009-03-08 13:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2009-12-12 18:20 . 2009-03-08 12:23 58464 c:\windows\ie8\spuninst\iecustom.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 39424 c:\windows\ie8\pngfilt.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 39424 c:\windows\ie8\pngfilt.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 96256 c:\windows\ie8\occache.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 96256 c:\windows\ie8\occache.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 56832 c:\windows\ie8\mshtmler.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 29184 c:\windows\ie8\mshta.exe
- 2009-12-12 18:19 . 2004-08-04 12:00 29184 c:\windows\ie8\mshta.exe
+ 2010-04-27 14:14 . 2004-08-04 12:00 22016 c:\windows\ie8\licmgr10.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 22016 c:\windows\ie8\licmgr10.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 16384 c:\windows\ie8\jsproxy.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 96256 c:\windows\ie8\inseng.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 96256 c:\windows\ie8\inseng.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 35840 c:\windows\ie8\imgutil.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 35840 c:\windows\ie8\imgutil.dll
+ 2010-04-27 14:14 . 2010-04-25 20:11 93184 c:\windows\ie8\iexplore.exe
- 2009-12-12 18:19 . 2004-08-04 12:00 93184 c:\windows\ie8\iexplore.exe
- 2009-12-12 18:19 . 2004-08-04 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 62976 c:\windows\ie8\iesetup.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 48640 c:\windows\ie8\iernonce.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 48640 c:\windows\ie8\iernonce.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 81920 c:\windows\ie8\ieencode.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 81920 c:\windows\ie8\ieencode.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 34304 c:\windows\ie8\ie4uinit.exe
- 2009-12-12 18:19 . 2004-08-04 12:00 34304 c:\windows\ie8\ie4uinit.exe
+ 2010-04-27 14:14 . 2004-08-04 12:00 38912 c:\windows\ie8\hmmapi.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 38912 c:\windows\ie8\hmmapi.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 35328 c:\windows\ie8\corpol.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 35328 c:\windows\ie8\corpol.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 99840 c:\windows\ie8\advpack.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 99840 c:\windows\ie8\advpack.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 61440 c:\windows\ie8\admparse.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 61440 c:\windows\ie8\admparse.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-11 22:05 . 2009-07-11 22:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-01-07 16:21 . 2009-01-07 16:21 121856 c:\windows\system32\xmllite.dll
- 2009-01-07 16:21 . 2009-01-07 17:21 121856 c:\windows\system32\xmllite.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\webcheck.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\vbscript.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\url.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\msrating.dll
+ 2004-08-04 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\msls31.dll
- 2009-01-07 16:20 . 2009-01-07 17:20 265720 c:\windows\system32\msdbg2.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 265720 c:\windows\system32\msdbg2.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\jscript.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\ieakeng.dll
+ 2004-08-04 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 02:31 216064 c:\windows\system32\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 348160 c:\windows\system32\dxtmsft.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 236544 c:\windows\system32\dllcache\webcheck.dll
+ 2009-05-02 14:25 . 2009-03-08 02:33 759296 c:\windows\system32\dllcache\VGX.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 420352 c:\windows\system32\dllcache\vbscript.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 105984 c:\windows\system32\dllcache\url.dll
+ 2009-01-07 16:20 . 2009-01-07 16:20 134144 c:\windows\system32\dllcache\sqmapi.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 611840 c:\windows\system32\dllcache\mstime.dll
+ 2004-08-04 12:00 . 2009-03-08 02:34 193536 c:\windows\system32\dllcache\msrating.dll
+ 2004-08-04 12:00 . 2009-03-08 02:22 156160 c:\windows\system32\dllcache\msls31.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 726528 c:\windows\system32\dllcache\jscript.dll
+ 2009-05-02 14:24 . 2009-03-08 12:09 638816 c:\windows\system32\dllcache\iexplore.exe
+ 2004-08-04 12:00 . 2010-02-25 06:24 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 163840 c:\windows\system32\dllcache\ieakui.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 229376 c:\windows\system32\dllcache\ieaksie.dll
+ 2004-08-04 12:00 . 2009-03-08 02:33 125952 c:\windows\system32\dllcache\ieakeng.dll
+ 2004-08-04 12:00 . 2010-02-24 09:54 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-03-08 02:31 216064 c:\windows\system32\dllcache\dxtrans.dll
+ 2004-08-04 12:00 . 2009-03-08 02:31 348160 c:\windows\system32\dllcache\dxtmsft.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\dllcache\advpack.dll
+ 2004-08-04 12:00 . 2009-03-08 02:32 128512 c:\windows\system32\advpack.dll
+ 2010-04-27 14:32 . 2010-04-27 14:32 219648 c:\windows\Installer\cea5a.msi
+ 2010-04-27 14:16 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980302-IE8\spuninst\updspapi.dll
+ 2010-04-27 14:16 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980302-IE8\spuninst\spuninst.exe
+ 2010-04-27 14:16 . 2009-07-01 07:08 101376 c:\windows\ie8updates\KB980302-IE8\iecompat.dll
+ 2010-03-31 19:45 . 2009-03-08 02:34 914944 c:\windows\ie8updates\KB980182-IE8\wininet.dll
+ 2010-04-27 14:16 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB980182-IE8\spuninst\updspapi.dll
+ 2010-04-27 14:16 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB980182-IE8\spuninst\spuninst.exe
+ 2010-03-31 19:45 . 2009-03-08 02:34 109568 c:\windows\ie8updates\KB980182-IE8\occache.dll
- 2010-03-31 19:45 . 2009-03-08 03:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 19:45 . 2009-03-08 02:32 611840 c:\windows\ie8updates\KB980182-IE8\mstime.dll
+ 2010-03-31 19:45 . 2009-03-08 02:31 183808 c:\windows\ie8updates\KB980182-IE8\iepeers.dll
+ 2010-03-31 19:45 . 2009-03-08 12:09 391536 c:\windows\ie8updates\KB980182-IE8\iedkcs32.dll
+ 2010-03-31 19:45 . 2009-03-08 02:32 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
- 2010-03-31 19:45 . 2009-12-21 13:19 173056 c:\windows\ie8updates\KB980182-IE8\ie4uinit.exe
+ 2009-12-12 18:19 . 2010-02-26 06:12 662016 c:\windows\ie8\wininet.dll
+ 2009-12-12 18:19 . 2010-03-10 08:02 417792 c:\windows\ie8\vbscript.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 417792 c:\windows\ie8\vbscript.dll
+ 2009-12-12 18:19 . 2010-02-26 06:12 624640 c:\windows\ie8\urlmon.dll
+ 2009-12-12 18:20 . 2009-01-07 16:21 382496 c:\windows\ie8\spuninst\updspapi.dll
- 2009-12-12 18:20 . 2009-01-07 17:21 382496 c:\windows\ie8\spuninst\updspapi.dll
+ 2009-12-12 18:20 . 2009-01-07 16:20 231456 c:\windows\ie8\spuninst\spuninst.exe
- 2009-12-12 18:20 . 2009-01-07 17:20 231456 c:\windows\ie8\spuninst\spuninst.exe
+ 2010-04-27 14:14 . 2010-02-26 06:12 532480 c:\windows\ie8\mstime.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 146432 c:\windows\ie8\msrating.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 146432 c:\windows\ie8\msrating.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 146432 c:\windows\ie8\msls31.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 449024 c:\windows\ie8\mshtmled.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 450560 c:\windows\ie8\jscript.dll
+ 2010-04-27 14:14 . 2009-08-21 09:46 450560 c:\windows\ie8\jscript.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 251392 c:\windows\ie8\iepeers.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 323584 c:\windows\ie8\iedkcs32.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 323584 c:\windows\ie8\iedkcs32.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 221184 c:\windows\ie8\ieakui.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 216576 c:\windows\ie8\ieaksie.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 216576 c:\windows\ie8\ieaksie.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 139264 c:\windows\ie8\ieakeng.dll
+ 2010-04-27 14:14 . 2004-08-04 12:00 139264 c:\windows\ie8\ieakeng.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 205312 c:\windows\ie8\dxtrans.dll
- 2009-12-12 18:19 . 2004-08-04 12:00 357888 c:\windows\ie8\dxtmsft.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 357888 c:\windows\ie8\dxtmsft.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3780424 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90u.dll
+ 2009-07-11 22:02 . 2009-07-11 22:02 3765048 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_a57c1f53\mfc90.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 1209344 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-02-25 06:24 5944832 c:\windows\system32\dllcache\mshtml.dll
- 2009-10-14 19:36 . 2009-10-14 19:36 3571712 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2009-10-14 19:36 . 2010-04-27 14:32 3571712 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-03-31 19:45 . 2009-03-08 02:34 1206784 c:\windows\ie8updates\KB980182-IE8\urlmon.dll
+ 2010-03-31 19:45 . 2009-03-08 02:41 5937152 c:\windows\ie8updates\KB980182-IE8\mshtml.dll
+ 2010-04-27 14:14 . 2010-02-26 06:12 3065344 c:\windows\ie8\mshtml.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2010-01-26 1724728]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-06-20 153856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-03-23 14202368]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-07 61952]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-16 202256]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-19 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-19 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-19 114688]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Milica\Start Menu\Programs\Startup\
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-6-11 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
RAID Manager.lnk - c:\program files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe [2009-5-2 724992]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0pgdfgsvc C 1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SearchSettings"=c:\program files\Search Settings\SearchSettings.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SMSERIAL"=sm56hlpr.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"High Definition Audio Property Page Shortcut"=HDAShCut.exe
"igfxpers"=c:\windows\system32\igfxpers.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Orbitdownloader\\orbitdm.exe"=
"d:\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Magentic\\bin\\MgImp.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65535:TCP"= 65535:TCP:uTorrent
"61534:TCP"= 61534:TCP:Vuze
"61690:TCP"= 61690:TCP:Bit Torrent 61690
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundRouterRequest"= 0 (0x0)
"AllowOutboundSourceQuench"= 0 (0x0)

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [02.05.2009 18:15 162768]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [19.02.2010 19:43 380928]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [02.05.2009 18:15 19024]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [13.07.2009 18:15 93320]
S0 iteraid;ITERAID_Service_Install;c:\windows\system32\drivers\iteraid.sys [02.05.2009 17:05 25105]
S2 gupdate1c9d2524ce163b4;Google Update Service (gupdate1c9d2524ce163b4);c:\program files\Google\Update\GoogleUpdate.exe [11.05.2009 18:05 133104]
S3 FXDRV;FXDRV;\??\e:\fxdrv.sys --> e:\Fxdrv.sys [?]
S3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\drivers\k510bus.sys [26.10.2009 16:05 58288]
S3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\drivers\k510mdfl.sys [26.10.2009 16:05 8336]
S3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\drivers\k510mdm.sys [26.10.2009 16:05 94064]
S3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\k510mgmt.sys [26.10.2009 16:05 85408]
S3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\drivers\k510obex.sys [26.10.2009 16:05 83344]
.
Contents of the 'Scheduled Tasks' folder

2010-04-27 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClickStarter.exe [2008-06-20 08:09]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:05]

2010-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-11 16:05]

2010-04-27 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-07-24 10:30]

2010-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1409082233-507921405-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-26 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1409082233-507921405-839522115-1003.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-24 21:09]

2010-04-27 c:\windows\Tasks\User_Feed_Synchronization-{0163AA88-21A2-4366-B7E6-E0B064C036AC}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = <local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &Add animation to IncrediMail Style Box - c:\program files\IncrediMail\bin\resources\WebMenuImg.htm
IE: &Download by Orbit - d:\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Milica\Application Data\Mozilla\Firefox\Profiles\72z8v99e.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p=
FF - component: c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: d:\orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\documents and settings\Milica\Application Data\Mozilla\Firefox\Profiles\72z8v99e.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\documents and settings\Milica\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: nglayout.initialpaint.delay - 300
FF - user.js: content.notify.interval - 100000
FF - user.js: content.max.tokenizing.time - 200000
FF - user.js: content.switch.threshold - 650000
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.max-connections-per-server - 8
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-27 16:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1409082233-507921405-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(4040)
c:\windows\system32\WININET.dll
c:\windows\IME\SPGRMR.DLL
c:\windows\system32\msi.dll
c:\program files\Common Files\Microsoft Shared\INK\PENUSA.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-04-27 16:56:05
ComboFix-quarantined-files.txt 2010-04-27 14:56
ComboFix2.txt 2010-04-26 16:19

Pre-Run: 52,338,327,552 bytes free
Post-Run: 52,312,547,328 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 0DA2D858F51A58D683A57CB7F616FBB2







Dopuna: 27 Apr 2010 22:04

Koliko mogu da primetim posle napred odradjenog vise mi ne iskacu one "napasti" da li treba da deinstaliram kombo fix(barem sam tako procitala u ostalim slucajevima.

Dopuna: 27 Apr 2010 22:05

Hvaaaaalaa na pomoci, sad mogu konacno da se naspavam

Dopuna: 27 Apr 2010 22:36

Hoce li neko ako ne zahteva mnogo truda da mi ukratko objasni sta je bilo u pitanju i kako se kombo fix deinstalira?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pronađi sledeći file:

c:\windows\remove.exe

i uradi upload istog preko sledećeg linka...

http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 27 Apr 2010 23:14

* Nasla sam uputstvo za deinstalaciju . Da li je to ovo?
Klikni START a zatim RUN.
* U liniju za unos teksta ukucaj (iskopiraj) sledeće:
* Combofix /u
* a zatim klikni OK.
* Sačekaj da se proces deinstalacije završi.

Da li Kombo Fix pravi log ikada se deinstalira ili sam nesto pogresno uradila?
Jos uvek me interesuje sta je bilo u ovoj prici?

Dopuna: 27 Apr 2010 23:17

Jesam izvrsila sam upload-uspesno tako je pisalo

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ovo sad deluje ok, nema više tragova malicioznih programa.


Isprati još sledeće uputstvo...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).

Sačekaj da se proces deinstalacije završi.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Konacno ComboFix deinstaliran i jos jednom veliko hvala.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Nema na čemu, tu smo da pomognemo.



Pozdrav.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovo ja , za svaki slucaj da proverim ovako mi je izgledao bootini pre:
[boot loader]
timeout=30
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

a ovako sada
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

da li je to u redu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Da, u redu je.


ComboFix je instalirao Microsoft Windows Recovery Console i moja preporuka ti je da je ostaviš na kompjuteru.

Ukoliko ipak želiš da je ukloniš na ovom linku imaš program za deinstalaciju Recovery Console -> http://www.mycity.rs/Windows/Deinstalacija-Recovery-Console.html