Dobro vece

Dobro vece

offline
  • Pridružio: 13 Nov 2011
  • Poruke: 367

Pozdrav imam keylogger i hteo bih da ga uklonim pa me zanima dali postoji neki program za uklanjanje ili neki drugi nacin.Koristim Windows SP-3 32bit.

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Pozdrav, aca022.

Isprati uputstvo koje se nalazi na ovom linku:
http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html



Ivance95 (AMF Tim)

offline
  • Pridružio: 13 Nov 2011
  • Poruke: 367

Napisano: 22 Jun 2012 23:11

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by aca at 22:32:14 on 2012-06-22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.260 [GMT 2:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\MPK\mpk.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\BitTorrent\BitTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MCShield\mcshieldrtm.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.babylon.com/?AF=111434&babsrc=HP_ss&mntrId=e8a0207300000000000000e05290b384
uSearch Page = hxxp://search.live.com
uSearch Bar = hxxp://search.live.com/sphome.aspx
mStart Page = hxxp://www.bigseekpro.com/splitcam/{6A239B75-50ED-4698-97E5-A83AFCBF82EC}
mSearchAssistant = hxxp://search.live.com/sphome.aspx
uURLSearchHooks: Search Results Toolbar: {94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\toolbar2X.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\mpk.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TheBflix Class: {a20d3070-48a5-4d26-bc4e-2c0abf707493} - c:\documents and settings\all users\application data\thebflix\bhoclass.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Complitly: {d27fc31c-6e3d-4305-8d53-acdaefa5f862} - c:\documents and settings\aca\application data\complitly\Complitly.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - c:\program files\dealbulldog toolbar\tbcore3.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: DealBulldog Toolbar: {338b4dfe-2e2c-4338-9e41-e176d497299e} - c:\program files\dealbulldog toolbar\tbcore3.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Google Update] "c:\documents and settings\aca\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent] "c:\program files\bittorrent\BitTorrent.exe" /MINIMIZED
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MCShield Monitor] c:\program files\mcshield\mcshieldrtm.exe
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{46525721-73F6-48DA-B7A3-8E92D4F71FCC} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\aca\application data\mozilla\firefox\profiles\gps6eezm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\aca\application data\mozilla\firefox\profiles\gps6eezm.default\extensions\{7d2fb79e-e58c-4db5-a36f-ac1c73967f4d}\plugins\npqbc.dll
FF - plugin: c:\documents and settings\aca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\aca\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\aca\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e8a0207300000000000000e05290b384
FF - user.js: extensions.BabylonToolbar_i.hardId - e8a0207300000000000000e05290b384
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:00:55
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [2012-5-11 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2003-1-1 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2003-1-1 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-4-25 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2012-3-12 21624]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2003-1-1 20696]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2003-1-1 44768]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-5-30 3048136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2003-1-1 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-22 257696]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2003-1-1 136176]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\common files\surething shared\stllssvr.exe [2012-3-14 74392]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-06-12 17:17:52 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-30 11:59:30 4966600 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-05-28 15:57:04 -------- d-----w- c:\program files\directx
2012-05-28 15:53:34 -------- d-----w- c:\program files\Digitalo Studios
2012-05-28 15:44:56 57344 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\ctor.dll
2012-05-28 15:44:56 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\DotNetInstaller.exe
2012-05-28 15:44:56 237568 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iscript.dll
2012-05-28 15:44:56 155648 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iuser.dll
2012-05-28 15:44:55 692224 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iKernel.dll
2012-05-28 15:44:54 282756 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\setup.dll
2012-05-28 15:44:54 163972 ----a-w- c:\program files\common files\installshield\professional\runtime\0701\intel32\iGdi.dll
2012-05-24 20:43:17 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-05-24 19:01:43 -------- d-----w- c:\documents and settings\all users\application data\Readon
2012-05-23 21:48:11 -------- d-----w- c:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec
2012-05-05 14:15:24 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 14:15:22 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 13:12:30 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:59:56 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-19 18:40:07 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
.
============= FINISH: 22:33:06.64 ===============


https://www.mycity.rs/must-login.png
Evo dds a,Gmer mi jos skenira za sada je proslo vise od 10 minuta kako skenira

Dopuna: 23 Jun 2012 0:10

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Ivance95 (AMF Tim)

offline
  • Pridružio: 13 Nov 2011
  • Poruke: 367

Napisano: 23 Jun 2012 17:13

evo sada sam dosao sa posla i uradio ComboFix :
ComboFix 12-06-23.05 - aca 06/23/2012 16:54:05.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.767.153 [GMT 2:00]
Running from: c:\documents and settings\aca\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\aca\Application Data\Toolbar4
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\27c746d432b7a753a0af8d7c033b46fe
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2b4ad282984708f7b89800e17a257476
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2cc60d08b36af576b11419505050cc6e
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\2f67f9b7129266dcee9a12d98e35994e
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\757a20d7a75ae93435ac64a6095eab39
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9956734e872eec3ea3e17f52e84dc6cc
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d810aab3f7bcbacb07c241f8d726714
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\9d8130b58a287707712d6ec1d17db7e6
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\c48c9e27c16419ab995d48b077a802ff
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d07510b741bd23d4aad1749f528c1ed3
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d57d3f554ba48c6d60c03fb39c9099f9
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\d8ea4c9bb43f7b6eb8cb4c444ec42a4c
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\e929ea4d588ef8100cc7e650d2bfb758
c:\documents and settings\aca\Application Data\Toolbar4\{338B4DFE-2E2C-4338-9E41-E176D497299E}\cache\fd9c1bbea7c840d5659a2f136d4185fa
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\1\D0000
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9771648843
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9806371065
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9841093287
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9875815509
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9910537731
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9945278125
c:\documents and settings\All Users\Application Data\MPK\1\I41046_9979982176
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0014704398
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0049426620
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0084148843
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0118939815
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0153593287
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0188315509
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0223037731
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0257759954
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0292482176
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0327204398
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0361926620
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0396648843
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0431371065
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0466093287
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0500815509
c:\documents and settings\All Users\Application Data\MPK\1\I41047_0535537731
c:\documents and settings\All Users\Application Data\MPK\1\I41055_8272994329
c:\documents and settings\All Users\Application Data\MPK\1\I41055_8395551157
c:\documents and settings\All Users\Application Data\MPK\1\I41055_8395583681
c:\documents and settings\All Users\Application Data\MPK\1\S0000
c:\documents and settings\All Users\Application Data\MPK\2\D0000
c:\documents and settings\All Users\Application Data\MPK\2\S0000
c:\documents and settings\All Users\Application Data\MPK\CPDM\cpfm.bin
c:\documents and settings\All Users\Application Data\MPK\M0000
c:\documents and settings\All Users\Application Data\MPK\REFOG Free Keylogger.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Free Keylogger\ REFOG Free Keylogger on the Web.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Free Keylogger\Get discount!.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Free Keylogger\Order now!.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Free Keylogger\REFOG Free Keylogger.lnk
c:\documents and settings\All Users\Application Data\MPK\REFOG Keylogger.lnk
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TheBflix
c:\documents and settings\All Users\Application Data\TheBflix\background.html
c:\documents and settings\All Users\Application Data\TheBflix\bhOClass.dll
c:\documents and settings\All Users\Application Data\TheBflix\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\content.js
c:\documents and settings\All Users\Application Data\TheBflix\data\jsondb.js
c:\documents and settings\All Users\Application Data\TheBflix\joifgdlkhokekeaenpkaehbnjhncglbh.crx
c:\documents and settings\All Users\Application Data\TheBflix\settings.ini
c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
C:\install.exe
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\DealBulldog Toolbar
c:\program files\DealBulldog Toolbar\affid.dat
c:\program files\DealBulldog Toolbar\alert_plugin.dll
c:\program files\DealBulldog Toolbar\basis.xml
c:\program files\DealBulldog Toolbar\CustomTabPage.dll
c:\program files\DealBulldog Toolbar\icons.bmp
c:\program files\DealBulldog Toolbar\info.txt
c:\program files\DealBulldog Toolbar\install.ico
c:\program files\DealBulldog Toolbar\MacroParserPlugin.dll
c:\program files\DealBulldog Toolbar\mbback.bmp
c:\program files\DealBulldog Toolbar\mbbigopen.bmp
c:\program files\DealBulldog Toolbar\mbclose.bmp
c:\program files\DealBulldog Toolbar\mbfwd.bmp
c:\program files\DealBulldog Toolbar\mbsep.bmp
c:\program files\DealBulldog Toolbar\nav1c.bmp
c:\program files\DealBulldog Toolbar\somoto.dll
c:\program files\DealBulldog Toolbar\TbCommonUtils.dll
c:\program files\DealBulldog Toolbar\tbcore3.dll
c:\program files\DealBulldog Toolbar\tbcore3.inf
c:\program files\DealBulldog Toolbar\TbHelper2.exe
c:\program files\DealBulldog Toolbar\uninstall.exe
c:\program files\DealBulldog Toolbar\update.exe
c:\program files\DealBulldog Toolbar\version.txt
c:\windows\system32\MPK
c:\windows\system32\MPK\cinfo.bin
c:\windows\system32\MPK\Help\English\alarms.htm
c:\windows\system32\MPK\Help\English\clipboard.htm
c:\windows\system32\MPK\Help\English\computer.htm
c:\windows\system32\MPK\Help\English\delivery.htm
c:\windows\system32\MPK\Help\English\file.htm
c:\windows\system32\MPK\Help\English\filters.htm
c:\windows\system32\MPK\Help\English\imhelp.htm
c:\windows\system32\MPK\Help\English\internet.htm
c:\windows\system32\MPK\Help\English\invisible.htm
c:\windows\system32\MPK\Help\English\keyboard.htm
c:\windows\system32\MPK\Help\English\log_size.htm
c:\windows\system32\MPK\Help\English\logging.htm
c:\windows\system32\MPK\Help\English\need_update_net.htm
c:\windows\system32\MPK\Help\English\password.htm
c:\windows\system32\MPK\Help\English\programs.htm
c:\windows\system32\MPK\Help\English\screenshot.htm
c:\windows\system32\MPK\Help\English\settings_node.htm
c:\windows\system32\MPK\Help\English\update.htm
c:\windows\system32\MPK\Help\English\users_node.htm
c:\windows\system32\MPK\Help\German\alarms.htm
c:\windows\system32\MPK\Help\German\clipboard.htm
c:\windows\system32\MPK\Help\German\computer.htm
c:\windows\system32\MPK\Help\German\delivery.htm
c:\windows\system32\MPK\Help\German\file.htm
c:\windows\system32\MPK\Help\German\filters.htm
c:\windows\system32\MPK\Help\German\imhelp.htm
c:\windows\system32\MPK\Help\German\internet.htm
c:\windows\system32\MPK\Help\German\invisible.htm
c:\windows\system32\MPK\Help\German\keyboard.htm
c:\windows\system32\MPK\Help\German\log_size.htm
c:\windows\system32\MPK\Help\German\logging.htm
c:\windows\system32\MPK\Help\German\need_update_net.htm
c:\windows\system32\MPK\Help\German\password.htm
c:\windows\system32\MPK\Help\German\programs.htm
c:\windows\system32\MPK\Help\German\screenshot.htm
c:\windows\system32\MPK\Help\German\settings_node.htm
c:\windows\system32\MPK\Help\German\users_node.htm
c:\windows\system32\MPK\Help\Spanish\alarms.htm
c:\windows\system32\MPK\Help\Spanish\clipboard.htm
c:\windows\system32\MPK\Help\Spanish\computer.htm
c:\windows\system32\MPK\Help\Spanish\delivery.htm
c:\windows\system32\MPK\Help\Spanish\filters.htm
c:\windows\system32\MPK\Help\Spanish\internet.htm
c:\windows\system32\MPK\Help\Spanish\invisible.htm
c:\windows\system32\MPK\Help\Spanish\keyboard.htm
c:\windows\system32\MPK\Help\Spanish\log_size.htm
c:\windows\system32\MPK\Help\Spanish\logging.htm
c:\windows\system32\MPK\Help\Spanish\password.htm
c:\windows\system32\MPK\Help\Spanish\programs.htm
c:\windows\system32\MPK\Help\Spanish\screenshot.htm
c:\windows\system32\MPK\Help\Spanish\settings_node.htm
c:\windows\system32\MPK\Help\Spanish\users_node.htm
c:\windows\system32\MPK\icon_1.ico
c:\windows\system32\MPK\Images\banner_em_english.gif
c:\windows\system32\MPK\Images\banner_em_english.swf
c:\windows\system32\MPK\Images\banner_em_german.gif
c:\windows\system32\MPK\Images\banner_em_german.swf
c:\windows\system32\MPK\Images\banner_em_spanish.gif
c:\windows\system32\MPK\Images\banner_em_spanish.swf
c:\windows\system32\MPK\Images\banner_english.gif
c:\windows\system32\MPK\Images\banner_english.swf
c:\windows\system32\MPK\Images\banner_german.gif
c:\windows\system32\MPK\Images\banner_german.swf
c:\windows\system32\MPK\Images\banner_pm_english.gif
c:\windows\system32\MPK\Images\banner_pm_english.swf
c:\windows\system32\MPK\Images\banner_pm_german.gif
c:\windows\system32\MPK\Images\banner_pm_german.swf
c:\windows\system32\MPK\Images\banner_pm_spanish.gif
c:\windows\system32\MPK\Images\banner_pm_spanish.swf
c:\windows\system32\MPK\Images\banner_russian.gif
c:\windows\system32\MPK\Images\banner_spanish.gif
c:\windows\system32\MPK\Images\banner_spanish.swf
c:\windows\system32\MPK\Images\english.gif
c:\windows\system32\MPK\Images\german.gif
c:\windows\system32\MPK\Images\upgrade_aeu.png
c:\windows\system32\MPK\Images\upgrade_aus.png
c:\windows\system32\MPK\Images\upgrade_eu.png
c:\windows\system32\MPK\Images\upgrade_faeu.png
c:\windows\system32\MPK\Images\upgrade_faus.png
c:\windows\system32\MPK\Images\upgrade_feu.png
c:\windows\system32\MPK\Images\upgrade_fus.png
c:\windows\system32\MPK\Images\upgrade_us.png
c:\windows\system32\MPK\Images\vista_hide.bmp
c:\windows\system32\MPK\Images\xp_hide.bmp
c:\windows\system32\MPK\key.bin
c:\windows\system32\MPK\Lang\Brazilian.frc
c:\windows\system32\MPK\Lang\Brazilian.lng
c:\windows\system32\MPK\Lang\English.frc
c:\windows\system32\MPK\Lang\French.frc
c:\windows\system32\MPK\Lang\French.lng
c:\windows\system32\MPK\Lang\German.frc
c:\windows\system32\MPK\Lang\German.lng
c:\windows\system32\MPK\Lang\Italian.frc
c:\windows\system32\MPK\Lang\Italian.lng
c:\windows\system32\MPK\Lang\Japanese.frc
c:\windows\system32\MPK\Lang\Japanese.lng
c:\windows\system32\MPK\Lang\Polish.frc
c:\windows\system32\MPK\Lang\Polish.lng
c:\windows\system32\MPK\Lang\Portuguese.frc
c:\windows\system32\MPK\Lang\Portuguese.lng
c:\windows\system32\MPK\Lang\Romanian.frc
c:\windows\system32\MPK\Lang\Romanian.lng
c:\windows\system32\MPK\Lang\Russian.frc
c:\windows\system32\MPK\Lang\Spanish.frc
c:\windows\system32\MPK\Lang\Spanish.lng
c:\windows\system32\MPK\Lang\Turkish.frc
c:\windows\system32\MPK\Lang\Turkish.lng
c:\windows\system32\MPK\Lang\Ukrainian.frc
c:\windows\system32\MPK\Lang\Ukrainian.lng
c:\windows\system32\MPK\libeay32.dll
c:\windows\system32\MPK\lnkmst.exe
c:\windows\system32\MPK\logstart.vbs
c:\windows\system32\MPK\loguninstall.vbs
c:\windows\system32\MPK\MPK.exe
c:\windows\system32\MPK\Mpk64.dll
c:\windows\system32\MPK\MPK64.exe
c:\windows\system32\MPK\MPKView.exe
c:\windows\system32\MPK\sqlite3.dll
c:\windows\system32\MPK\ssleay32.dll
c:\windows\system32\MPK\unins000.dat
c:\windows\system32\MPK\unins000.exe
c:\windows\system32\MPK\unins000.msg
c:\windows\system32\MPK\zlib1.dll
c:\windows\system32\SET287.tmp
c:\windows\system32\SET28B.tmp
c:\windows\system32\SET28C.tmp
c:\windows\system32\SET293.tmp
c:\windows\system32\SET29C.tmp
c:\windows\system32\SET29D.tmp
c:\windows\system32\SET29E.tmp
c:\windows\system32\SET2A1.tmp
c:\windows\system32\SET2D6.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET95.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-19 20:21 . 2012-06-19 20:21 -------- d-----w- c:\program files\Microsoft.NET
2012-06-12 17:17 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-05-30 11:59 . 2012-05-30 11:59 4966600 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-05-28 15:57 . 2012-05-28 15:57 -------- d-----w- c:\program files\directx
2012-05-28 15:53 . 2012-05-28 15:53 -------- d-----w- c:\program files\Digitalo Studios
2012-05-28 15:44 . 2002-12-05 12:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-05-28 15:44 . 2002-12-02 13:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-05-28 15:44 . 2002-12-02 11:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-05-28 15:44 . 2002-12-02 11:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-05-28 15:44 . 2002-12-05 12:12 692224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-05-28 15:44 . 2012-05-28 15:44 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-05-28 15:44 . 2012-05-28 15:44 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-05-24 20:43 . 2009-11-12 12:48 5504 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2012-05-24 20:43 . 2012-05-24 20:43 -------- d-----w- c:\program files\CDBurnerXP
2012-05-24 19:32 . 2012-05-26 19:37 -------- d-----w- c:\documents and settings\aca\Application Data\vlc
2012-05-24 19:01 . 2012-05-24 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Readon
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 10:16 . 2012-04-22 20:20 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 10:15 . 2003-01-02 03:45 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-02 13:19 . 2009-08-06 18:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2003-01-01 10:24 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2003-01-01 10:24 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2003-01-01 10:24 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2009-08-06 18:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 18:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 04:41 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2003-01-01 10:24 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2003-01-01 10:24 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 18:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2003-01-01 10:24 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2003-01-01 10:24 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2003-01-01 20:03 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2003-01-01 20:03 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2003-01-01 20:03 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 04:41 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-16 15:08 . 2008-04-14 04:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-14 00:00 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-14 04:42 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-05-11 14:42 . 2008-04-14 04:41 43520 ------w- c:\windows\system32\licmgr10.dll
2012-05-11 11:38 . 2008-04-13 23:07 385024 ------w- c:\windows\system32\html.iec
2012-05-04 13:12 . 2008-04-13 23:57 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2003-01-01 10:22 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-25 17:59 . 2012-04-25 17:59 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-19 18:40 . 2012-04-19 18:40 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-04-25 10:10 . 2003-01-01 10:38 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2012-05-12 6380400]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-03-12 583680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-04-01 5562368]
"nwiz"="nwiz.exe" [2005-04-01 1495040]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-04-01 86016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\aca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [5/11/2012 6:33 PM 24408]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [1/1/2003 1:16 PM 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/1/2003 1:16 PM 337880]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [4/25/2012 7:59 PM 242240]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [3/12/2012 11:52 PM 21624]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 6:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 11:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [8/12/2011 1:38 AM 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/1/2003 1:16 PM 20696]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2003 1:16 PM 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [5/30/2012 1:56 PM 3048136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [6/5/2012 3:17 PM 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/22/2012 10:20 PM 250056]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/1/2003 1:16 PM 136176]
S3 SureThing Labelflash service;SureThing Labelflash service;c:\program files\Common Files\SureThing Shared\stllssvr.exe [3/14/2012 5:45 PM 74392]
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-22 10:16]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2003-01-01 11:16]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2003-01-01 11:16]
.
2012-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1592454029-1606980848-1003Core.job
- c:\documents and settings\aca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 21:47]
.
2012-06-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2052111302-1592454029-1606980848-1003UA.job
- c:\documents and settings\aca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-03-10 21:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?AF=111434&babsrc=HP_ss&mntrId=e8a0207300000000000000e05290b384
mStart Page = hxxp://www.bigseekpro.com/splitcam/{6A239B75-50ED-4698-97E5-A83AFCBF82EC}
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\aca\Application Data\Mozilla\Firefox\Profiles\gps6eezm.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111434
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - e8a0207300000000000000e05290b384
FF - user.js: extensions.BabylonToolbar_i.hardId - e8a0207300000000000000e05290b384
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15477
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:00
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{94366e2c-9923-431c-b0d6-747447dd0f2b} - c:\program files\searchresults1\toolbar2X.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Complitly_is1 - c:\program files\Complitly\unins000.exe
AddRemove-{37476589-E48E-439E-A706-56189E2ED4C4} - c:\documents and settings\All Users\Application Data\TheBflix\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 17:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-06-23 17:08:15
ComboFix-quarantined-files.txt 2012-06-23 15:08
.
Pre-Run: 19,483,115,520 bytes free
Post-Run: 21,540,048,896 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - FD87216ED8720C5459D5254F8E3B7254

Dopuna: 23 Jun 2012 23:08

eto poslao sam izvestaj sa ComboFix dali postoji nacin da keylogger izbrisem iz racunara?da ga iskorenim

offline
  • Osvjedodžbeni spretnik munjarstva
  • Pridružio: 04 Jul 2011
  • Poruke: 5424
  • Gde živiš: Beograd

Arrow Tvoj kompjuter je čist što se malware-a tiče. Takođe i keylogger je obrisan.



Arrow Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.



Arrow Obavezno poseti temu "Testirajte da li vam je pretrazivac ranjiv", procitaj i isprati link koji stoji u njoj. Link do teme je: http://www.mycity.rs/Web-browseri/Testirajte-da-li.....anjiv.html


Ivance95 (AMF Tim)

offline
  • Pridružio: 13 Nov 2011
  • Poruke: 367

Cao sada sam stigao sa posla i video poruku hvala Ivance95 svaka cast.Puno pozdrava.

Ko je trenutno na forumu
 

Ukupno su 885 korisnika na forumu :: 21 registrovanih, 9 sakrivenih i 855 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, AK - 230, aleksmajstor, babaroga, celik, crnitrn, darcaud, Dorcolac, gorantrojka, goxin, Hoegaarden, hyla, ivan979, MB120mm, Milan A. Nikolic, miodrag, mnn2, panonski mornar, raketaš, ssekir75, topalovicdj