Restartuje mi se kompjuter

1

Restartuje mi se kompjuter

offline
  • Pridružio: 24 Nov 2008
  • Poruke: 6
  • Gde živiš: Sombor

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:17:04, on 14.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
D:\antivirus\aswUpdSv.exe
D:\antivirus\ashServ.exe
C:\windows\Explorer.EXE
D:\ANTIVI~1\ashDisp.exe
C:\windows\system32\spoolsv.exe
C:\windows\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
D:\antivirus\ashMaiSv.exe
D:\antivirus\ashWebSv.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\windows\system32\ctfmon.exe
D:\mp3\Winamp2\winamp.exe
C:\Documents and Settings\BOKI SMOKI\Desktop\Program\TR3.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.bearshare.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = 1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {0199DF25-9820-4bd5-9FEE-5A765AB4371E} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O1 - Hosts: 3466709097 auto.search.msn.com
O1 - Hosts: 3466709097 sitefinder.verisign.com
O1 - Hosts: 3466709097 sitefinder-idn.verisign.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466709097 your.com
O1 - Hosts: 3466690378 ad.doubleclick.net
O1 - Hosts: 3466690378 view.atdmt.com
O1 - Hosts: 3466690378 click.atdmt.com
O1 - Hosts: 3466690378 leader.linkexchange.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [avast!] D:\ANTIVI~1\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\DRTools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] D:\Program\DAEMON Tools Lite\daemon.exe -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - ak.exe.imgfarm.com/images/nocache/funwebpro......0.1.1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....7470401093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: awttsQgd - awttsQgd.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\windows\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\antivirus\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\windows\System32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 7856 bytes

E ovako imam problem oko kompa.
Naime sa vremene na vreme mi se ugasi tj. to se nekad dogodi ujutru, uveče, kad ga upalim, kada ga ostavim da radi neko vreme pa onda kada dođem i npr. otvorim neki program on se restaruje tj gasi se u svako doba.

Imam OS Windows XP Service Pack 3,
1.24 GB RAM-a,
80 GB HDD,
128 MB Grafičku MSI RX9250,
Procesor Intle(R) Celenor(R) CPU 2.40GHz,
Internet konekciju 1024/128,
I mnogo strpljenja.

Molim vas da li neko može da mi pomogne?

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pozdrav,

Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Program settings....

U prozoru koji se otvori, pod Troubleshooting, čekiraj opciju Disable avast! self-defence i klikni OK.

Takođe, klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection.


Napomena: Ne zaboravi da uključiš ove opcije po završetku čišćenja.


Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati

offline
  • Pridružio: 24 Nov 2008
  • Poruke: 6
  • Gde živiš: Sombor

ComboFix 09-04-14.09 - BOKI SMOKI 14.04.2009 19:03.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1279.857 [GMT 2:00]
Running from: D:\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\FunWebProducts
c:\program files\FunWebProducts\ScreenSaver\Images\011CDBB4.urr
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\MyFunCardsIMBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\FunWebProducts\Shared\Cache\WebfettiBtn.html
c:\program files\INSTALL.LOG
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\00316FC3
c:\program files\MyWebSearch\bar\Cache\00317C94
c:\program files\MyWebSearch\bar\Cache\003180F9.bin
c:\program files\MyWebSearch\bar\Cache\00318ED4.bin
c:\program files\MyWebSearch\bar\Cache\00319099.bin
c:\program files\MyWebSearch\bar\Cache\00319404.bin
c:\program files\MyWebSearch\bar\Cache\00319711.bin
c:\program files\MyWebSearch\bar\Cache\00328FF8.bin
c:\program files\MyWebSearch\bar\Cache\0032919E.bin
c:\program files\MyWebSearch\bar\Cache\0032943E.bin
c:\program files\MyWebSearch\bar\Cache\003299DB.bin
c:\program files\MyWebSearch\bar\Cache\00329F98
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Message\COMMON\ask_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.gif
c:\program files\MyWebSearch\bar\Message\COMMON\autoup.htm
c:\program files\MyWebSearch\bar\Message\COMMON\center.htm
c:\program files\MyWebSearch\bar\Message\COMMON\index.htm
c:\program files\MyWebSearch\bar\Message\COMMON\mid_dots.gif
c:\program files\MyWebSearch\bar\Message\COMMON\mws_logo.gif
c:\program files\MyWebSearch\bar\Message\COMMON\protect.htm
c:\program files\MyWebSearch\bar\Message\COMMON\shocked.gif
c:\program files\MyWebSearch\bar\Message\COMMON\stop.gif
c:\program files\MyWebSearch\bar\Message\COMMON\systray.htm
c:\program files\MyWebSearch\bar\Message\COMMON\systrayp.htm
c:\program files\MyWebSearch\bar\Message\COMMON\tp_grad.gif
c:\program files\MyWebSearch\bar\Message\COMMON\warn.gif
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\program files\newdotnet
c:\program files\newdotnet\readme.html
c:\windows\file.bat
c:\windows\k.txt
c:\windows\system32\843bc320-dcaf-d29d-8ffc-420f03ade3ed.exe
c:\windows\system32\cont_adservefast-remove.exe
c:\windows\system32\drivers\str.sys
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\hewbyhrv.ini
c:\windows\system32\ikytybtg.ini
c:\windows\system32\nqmoeljk.ini
c:\windows\system32\system.dll
c:\windows\system32\thybsmdq.ini
c:\windows\system32\utkuwvwd.ini
c:\windows\system32\uvvyHRqr.ini
c:\windows\system32\uvvyHRqr.ini2
c:\windows\system32\wjxmniqnxqfurg.dll
c:\windows\system32\xsacowiv.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ISODRIVE
-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_ISODrive
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 11:03 . 2009-04-14 11:03 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools
2009-04-14 11:03 . 2009-04-14 11:03 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools Pro
2009-04-14 11:01 . 2009-04-14 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-14 10:58 . 2009-04-14 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools Lite
2009-04-12 17:13 . 2005-02-01 12:20 5760056 ----a-w c:\windows\Darkstar.bmp
2009-04-12 14:50 . 2009-04-12 14:50 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\liveradiotv
2009-04-12 12:28 . 2009-04-12 12:28 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\WinPatrol
2009-04-12 11:06 . 2009-04-12 17:13 5760054 ----a-w c:\windows\AW_1600x1200.bmp
2009-04-12 11:04 . 2009-04-12 11:04 5760054 ----a-w c:\windows\ALX_1600x1200.bmp
2009-04-12 11:01 . 2009-04-12 11:01 -------- d-sh--w C:\FOUND.081
2009-04-12 08:33 . 2009-04-12 08:33 -------- d-sh--w C:\FOUND.080
2009-04-12 07:01 . 2009-04-12 07:01 -------- d-sh--w C:\FOUND.079
2009-04-11 21:23 . 2009-04-11 21:23 -------- d-sh--w C:\FOUND.078
2009-04-11 12:10 . 2009-04-12 17:12 3932214 ----a-w c:\windows\AW_XenoMorph1280.bmp
2009-04-10 10:58 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\TeamViewer
2009-04-10 10:57 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\temp
2009-04-10 10:36 . 2009-04-10 10:36 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\FastStone
2009-04-09 16:54 . 2009-04-09 16:54 715264 ----a-w c:\windows\system32\nsk3AC.dll
2009-04-09 15:11 . 2009-04-09 15:11 -------- d-sh--w C:\FOUND.077
2009-04-09 11:22 . 2009-04-09 11:22 -------- d-sh--w C:\FOUND.076
2009-04-08 18:23 . 2009-04-08 18:23 -------- d-sh--w C:\FOUND.075
2009-04-05 12:20 . 2009-04-05 12:20 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\My Games
2009-04-05 08:30 . 2009-04-05 08:30 -------- d-sh--w C:\FOUND.074
2009-04-04 09:05 . 2009-04-04 09:05 -------- d-sh--w c:\documents and settings\BOKI SMOKI\IECompatCache
2009-04-04 09:04 . 2009-04-04 09:04 -------- d-sh--w c:\documents and settings\BOKI SMOKI\PrivacIE
2009-04-04 09:04 . 2009-04-04 09:04 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-04 09:03 . 2009-04-04 09:03 -------- d-sh--w c:\documents and settings\BOKI SMOKI\IETldCache
2009-04-04 08:54 . 2009-04-04 08:54 -------- d-----w c:\windows\ie8updates
2009-04-04 08:51 . 2009-04-04 08:51 -------- d--h--w c:\windows\ie8
2009-04-04 08:43 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-02 21:28 . 2009-04-02 21:28 -------- d-sh--w C:\FOUND.073
2009-04-02 18:58 . 2009-04-02 18:58 -------- d-sh--w C:\FOUND.072
2009-04-02 17:48 . 2009-04-02 17:48 -------- d-sh--w C:\FOUND.071
2009-04-02 17:38 . 2009-04-02 17:38 54156 ---ha-w c:\windows\QTFont.qfn
2009-04-02 17:38 . 2009-04-02 17:38 1409 ----a-w c:\windows\QTFont.for
2009-04-01 18:35 . 2009-04-01 18:35 -------- d-sh--w C:\FOUND.070
2009-03-30 21:26 . 2009-03-30 21:26 -------- d-sh--w C:\FOUND.069
2009-03-29 20:56 . 2009-03-29 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2009-03-29 18:43 . 2009-03-29 18:43 -------- d-sh--w C:\FOUND.068
2009-03-29 18:22 . 2009-03-29 18:22 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-03-29 18:12 . 2009-03-29 18:12 -------- d-sh--w C:\FOUND.067
2009-03-29 18:00 . 2009-03-29 18:00 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\PMB Files
2009-03-29 18:00 . 2009-03-29 18:00 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-03-27 19:53 . 2009-03-27 19:53 -------- d-sh--w C:\FOUND.066
2009-03-27 19:07 . 2009-03-27 19:07 -------- d-sh--w C:\FOUND.065
2009-03-27 15:34 . 2009-03-27 15:34 -------- d-sh--w C:\FOUND.064
2009-03-23 19:06 . 2009-03-23 19:06 -------- d-----w c:\documents and settings\All Users\Application Data\0BB
2009-03-23 12:28 . 2009-03-23 12:28 -------- d-sh--w C:\FOUND.063
2009-03-22 21:11 . 2009-03-22 21:11 -------- d-sh--w C:\FOUND.062
2009-03-21 16:23 . 2009-03-21 16:23 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-03-20 21:16 . 2009-03-20 21:16 -------- d-----w c:\documents and settings\All Users\Application Data\FDA
2009-03-20 14:07 . 2009-03-20 14:07 -------- d-----w c:\documents and settings\All Users\Application Data\25138
2009-03-20 12:07 . 2009-03-20 12:07 -------- d-sh--w C:\FOUND.061
2009-03-19 15:03 . 2009-03-19 15:03 -------- d-sh--w C:\FOUND.060
2009-03-17 16:20 . 2009-03-17 16:20 -------- d-sh--w C:\FOUND.059
2009-03-17 12:58 . 2009-03-17 12:58 -------- d-sh--w C:\FOUND.058
2009-03-16 19:21 . 2009-03-16 19:21 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\Genimo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 17:10 . 2007-06-22 21:38 937 --sha-w c:\windows\system32\mmf.sys
2009-04-14 11:01 . 2009-04-14 11:01 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 10:58 . 2008-09-26 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-14 10:08 . 2009-04-14 10:08 -------- d-----w c:\program files\TeamViewer
2009-04-12 22:50 . 2009-04-12 22:50 -------- d-----w c:\program files\Pivot Stickfigure Animator
2009-04-12 14:50 . 2009-04-12 14:50 -------- d-----w c:\program files\liveradiotv
2009-04-12 12:38 . 2009-04-12 12:38 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-11 15:24 . 2009-04-11 15:24 -------- d-----w c:\program files\Oberon Media
2009-04-11 15:24 . 2009-04-11 15:24 -------- d-----w c:\program files\Common Files\Oberon Media
2009-04-11 12:09 . 2009-04-11 12:09 -------- d-----w c:\program files\AlienGUIse
2009-04-10 18:39 . 2009-02-03 20:51 69194 ----a-w c:\windows\system32\kdigxccjbakfxzqb.dll-uninst.exe
2009-04-10 10:36 . 2009-04-10 10:36 -------- d-----w c:\program files\FastStone Image Viewer
2009-04-06 19:57 . 2008-01-14 20:06 4 ----a-w C:\bootlf.sys
2009-03-30 18:35 . 2008-01-14 20:50 26978 ----a-w C:\hpfr3600.log
2009-03-29 08:55 . 2009-03-29 08:55 -------- d-----w c:\program files\Rockstar Games
2009-03-28 10:44 . 2005-09-18 19:27 93992 ----a-w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-16 20:37 . 2009-03-16 20:37 -------- d-----w c:\program files\DkZ Studio
2009-03-16 20:36 . 2005-08-06 14:44 737280 ----a-w c:\windows\iun6002.exe
2009-03-15 08:27 . 2009-03-15 08:26 48371712 ----a-w C:\dualis.avi
2009-03-14 18:43 . 2009-03-14 18:43 -------- d-----w c:\program files\7-Zip
2009-03-08 16:39 . 2009-03-08 16:39 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-08 12:09 . 2007-08-13 16:43 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 . 2007-08-13 16:39 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 . 2007-08-13 16:54 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:39 . 2008-12-20 15:48 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 02:34 . 2007-08-13 16:54 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 . 2006-06-23 09:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2007-08-13 16:54 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:34 . 2007-08-13 16:54 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 . 2007-08-13 16:44 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 . 2002-08-28 23:41 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 . 2007-08-13 16:44 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 . 2007-08-13 16:44 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 . 2007-08-13 16:44 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:33 . 2007-08-13 16:54 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 . 2007-08-13 16:42 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 . 2001-08-23 08:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2007-08-13 16:54 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 . 2007-08-13 16:38 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 . 2007-08-13 16:39 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 . 2007-08-13 16:54 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 . 2002-08-28 23:41 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 . 2007-08-13 16:39 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 . 2007-08-13 16:39 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 . 2001-08-23 08:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2007-08-13 16:39 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 . 2001-08-23 08:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 . 2007-08-13 16:39 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 . 2007-08-13 16:39 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 . 2002-08-28 23:40 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 . 2007-08-13 16:39 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 . 2007-08-13 16:39 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 . 2008-12-20 15:48 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:32 . 2008-12-20 15:48 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:32 . 2007-08-13 16:54 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:24 . 2007-08-13 16:18 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 . 2001-08-23 08:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 . 2001-08-23 08:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 02:11 . 2008-12-20 15:48 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-07 12:57 . 2008-11-30 19:05 0 ----a-w C:\testwma.raw
2009-03-06 16:16 . 2009-03-06 16:16 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-06 16:14 . 2009-03-06 16:14 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-06 15:28 . 2009-03-06 15:28 -------- d-----w c:\program files\Microsoft
2009-03-06 15:28 . 2009-03-06 15:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-06 15:10 . 2009-03-06 15:10 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-02 16:43 . 2009-03-02 16:43 -------- d-----w c:\documents and settings\All Users\Application Data\432C
2009-02-27 13:34 . 2009-02-27 13:34 -------- d-----w c:\program files\Common Files\INCA Shared
2009-02-23 21:06 . 2009-02-23 21:06 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\ACD Systems
2009-02-23 21:05 . 2009-02-23 21:05 -------- d-----w c:\program files\Common Files\ACD Systems
2009-02-20 16:10 . 2009-02-20 16:10 268 ---ha-w C:\sqmdata01.sqm
2009-02-20 16:10 . 2009-02-20 16:10 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-09 10:13 . 2008-12-21 08:43 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:13 . 2002-08-28 22:14 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:07 . 2008-12-20 15:48 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 17:20 . 2009-02-06 17:20 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-30 22:15 . 2009-01-30 22:15 401408 ----a-w c:\windows\system32\srkey.exe
2009-01-26 12:56 . 2009-01-26 12:56 0 ----a-w C:\paklog.txt
2009-01-16 21:17 . 2008-11-23 15:28 2560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-23 09:20 . 2008-11-23 09:20 26376 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-23 09:19 . 2008-11-23 09:19 128 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2008-02-08 13:31 . 2005-02-11 18:05 23232 ----a-w c:\documents and settings\BOKI SMOKI\Application Data\GDIPFONTCACHEV1.DAT
2007-08-17 20:39 . 2007-08-17 20:39 133 ----a-w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\fusioncache.dat
2005-08-30 21:08 . 2005-08-05 19:00 560 ----a-w c:\program files\Global.sw
2004-08-18 18:36 . 2004-03-07 10:41 20136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-04-29 11:14 . 2004-03-22 18:29 20136 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d150283-9400-4931-86b9-87c8f86663c4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d150283-9400-4931-86b9-87c8f86663c4}]
2009-02-19 14:58 2081304 ----a-w c:\program files\liveradiotv\tblive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9d150283-9400-4931-86b9-87c8f86663c4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D150283-9400-4931-86B9-87C8F86663C4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="d:\program\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\antivi~1\ashDisp.exe" [2009-02-05 81000]
"DAEMON Tools-1033"="c:\program files\DRTools\daemon.exe" [2004-08-22 81920]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - d:\destop skrinsever\Webshots\WebshotsTray.exe [2004-2-14 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"VIDC.IV41"= ir41_32.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchpad.lnk]
backup=c:\windows\pss\Launchpad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BOKI SMOKI^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-12 19:10 335872 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-15 20:25 342848 ----a-w c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 16:37 229437 ----a-w c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamSmash]
2009-02-01 13:54 1986224 ----a-w c:\program files\RamSmash\RamSmash.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-18 14:31 21633320 ----a-r c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2009-04-07 19:16 337216 ------w d:\programi\WinPatrol\WinPatrol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Torrent\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Torrent\\uTorrent 1.8.2\\utorrent-1.8.2.upx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Igre\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Igre\\CIV IV\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)
"57920:TCP"= 57920:TCP:Pando Media Booster
"57920:UDP"= 57920:UDP:Pando Media Booster

R0 ST77bus;ST77bus;c:\windows\System32\DRIVERS\ST77bus.sys [2004-08-22 155136]
R0 ST77prt;ST77prt;c:\windows\System32\Drivers\ST77prt.sys [2004-08-22 5248]
R2 gupdate1c9570f5a5a19b0;Google Update Service (gupdate1c9570f5a5a19b0); [x]
R3 aaudstum;aaudstum; [x]
R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-10 95232]
R3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
R3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
R3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
R3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
R3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-08-17 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-08-17 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-08-17 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-08-17 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-08-17 83344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-16 2736890]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 GenPort;GenPort; [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-06-22 2560]
S2 MapMem;MapMem; [x]
S2 NTRemap;NTRemap; [x]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{08E9E407-9582-4820-925D-2799447CA3D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
- - - - ORPHANS REMOVED - - - -

Notify-awttsQgd - awttsQgd.dll
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
mSearch Bar = hxxp://%31%2D%73%65%2E%63%6F%6D/%73%72%63%68%61%73%73%74%2E%68%74%6D%6C
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Download with GetRight
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\BOKI SMOKI\Application Data\Mozilla\Firefox\Profiles\5g0bg7o6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://www6.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: network.proxy.type - 2
FF - component: d:\programi\FireFox\components\663c4c31-6e07-9d13-b8b7-bd5fe96f9391.dll
FF - component: d:\programi\FireFox\components\kdigxccjbakfxzqb.dll
FF - component: d:\programi\FireFox\components\nsadservefast.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programi\FireFox\plugins\NPMyWebS.dll
FF - plugin: d:\programi\FireFox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www6.yoog.com/search.php?q=
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-14 19:10
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004
c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004\2940639483c8c8b1b3bae7fb15180393_af6ed4c4-1a5e-4637-83f0-69eacfb819e5 16384 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(440)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
d:\programi\Stardock\Object Desktop\IconPackager\iprepair.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\windows\SYSTEM32\ATI2EVXX.EXE
d:\antivirus\aswUpdSv.exe
d:\antivirus\ashServ.exe
c:\windows\SYSTEM32\ATI2EVXX.EXE
c:\windows\ATKKBSERVICE.EXE
c:\program files\JAVA\JRE6\BIN\JQS.EXE
c:\program files\COMMON FILES\MICROSOFT SHARED\VS7DEBUG\MDM.EXE
c:\windows\SYSTEM32\WDFMGR.EXE
d:\antivirus\ashMaiSv.exe
d:\antivirus\ashWebSv.exe
.
**************************************************************************
.
Completion time: ~,10time:~,-3machine was rebootedCombobatch-by
ComboFix-quarantined-files.txt 2009-04-14 17:13

Pre-Run: 2.020.802.560 bytes free
Post-Run: 1.962.098.688 bytes free

488 --- E O F --- 2009-03-11 15:14

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\kdigxccjbakfxzqb.dll-uninst.exe

FileLook::
c:\windows\system32\nsk3AC.dll

Dirlook::
c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004
c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004\2940639483c8c8b1b3bae7fb15180393_af6ed4c4-1a5e-4637-83f0-69eacfb819e5

Firefox::
FF - ProfilePath - c:\documents and settings\BOKI SMOKI\Application Data\Mozilla\Firefox\Profiles\5g0bg7o6.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - Yoog Search
FF - prefs.js: keyword.URL - hxxp://www6.yoog.com/search.php?q=
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: d:\programi\FireFox\components\663c4c31-6e07-9d13-b8b7-bd5fe96f9391.dll
FF - component: d:\programi\FireFox\components\kdigxccjbakfxzqb.dll
FF - component: d:\programi\FireFox\components\nsadservefast.dll
FF - plugin: d:\programi\FireFox\plugins\NPMyWebS.dll
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: browser.search.defaulturl - hxxp://www6.yoog.com/search.php?q=
FF - user.js: browser.search.selectedEngine - Yoog Search
FF - user.js: keyword.URL - hxxp://www6.yoog.com/search.php?q=


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 24 Nov 2008
  • Poruke: 6
  • Gde živiš: Sombor

ComboFix 09-04-14.09 - BOKI SMOKI 14.04.2009 22:53.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.1279.866 [GMT 2:00]
Running from: c:\documents and settings\BOKI SMOKI\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\BOKI SMOKI\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090414-0] *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system32\kdigxccjbakfxzqb.dll-uninst.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\kdigxccjbakfxzqb.dll-uninst.exe
d:\programi\FireFox\components\663c4c31-6e07-9d13-b8b7-bd5fe96f9391.dll
d:\programi\FireFox\components\kdigxccjbakfxzqb.dll
d:\programi\FireFox\components\nsadservefast.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-14 to 2009-04-14 )))))))))))))))))))))))))))))))
.

2009-04-14 20:42 . 2009-04-14 20:42 -------- d-sh--w C:\FOUND.082
2009-04-14 11:03 . 2009-04-14 11:03 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools
2009-04-14 11:03 . 2009-04-14 11:03 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools Pro
2009-04-14 11:01 . 2009-04-14 11:01 -------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-04-14 10:58 . 2009-04-14 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\DAEMON Tools Lite
2009-04-12 17:13 . 2005-02-01 12:20 5760056 ----a-w c:\windows\Darkstar.bmp
2009-04-12 14:50 . 2009-04-12 14:50 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\liveradiotv
2009-04-12 12:28 . 2009-04-12 12:28 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\WinPatrol
2009-04-12 11:06 . 2009-04-12 17:13 5760054 ----a-w c:\windows\AW_1600x1200.bmp
2009-04-12 11:04 . 2009-04-12 11:04 5760054 ----a-w c:\windows\ALX_1600x1200.bmp
2009-04-12 11:01 . 2009-04-12 11:01 -------- d-sh--w C:\FOUND.081
2009-04-12 08:33 . 2009-04-12 08:33 -------- d-sh--w C:\FOUND.080
2009-04-12 07:01 . 2009-04-12 07:01 -------- d-sh--w C:\FOUND.079
2009-04-11 21:23 . 2009-04-11 21:23 -------- d-sh--w C:\FOUND.078
2009-04-11 12:10 . 2009-04-12 17:12 3932214 ----a-w c:\windows\AW_XenoMorph1280.bmp
2009-04-10 10:58 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\TeamViewer
2009-04-10 10:57 . 2009-04-10 10:58 -------- d-----w c:\documents and settings\BOKI SMOKI\temp
2009-04-10 10:36 . 2009-04-10 10:36 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\FastStone
2009-04-09 16:54 . 2009-04-09 16:54 715264 ----a-w c:\windows\system32\nsk3AC.dll
2009-04-09 15:11 . 2009-04-09 15:11 -------- d-sh--w C:\FOUND.077
2009-04-09 11:22 . 2009-04-09 11:22 -------- d-sh--w C:\FOUND.076
2009-04-08 18:23 . 2009-04-08 18:23 -------- d-sh--w C:\FOUND.075
2009-04-05 12:20 . 2009-04-05 12:20 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\My Games
2009-04-05 08:30 . 2009-04-05 08:30 -------- d-sh--w C:\FOUND.074
2009-04-04 09:05 . 2009-04-04 09:05 -------- d-sh--w c:\documents and settings\BOKI SMOKI\IECompatCache
2009-04-04 09:04 . 2009-04-04 09:04 -------- d-sh--w c:\documents and settings\BOKI SMOKI\PrivacIE
2009-04-04 09:04 . 2009-04-04 09:04 -------- d-sh--w c:\documents and settings\LocalService\IETldCache
2009-04-04 09:03 . 2009-04-04 09:03 -------- d-sh--w c:\documents and settings\BOKI SMOKI\IETldCache
2009-04-04 08:54 . 2009-04-04 08:54 -------- d-----w c:\windows\ie8updates
2009-04-04 08:51 . 2009-04-04 08:51 -------- d--h--w c:\windows\ie8
2009-04-04 08:43 . 2009-02-28 04:55 105984 ------w c:\windows\system32\dllcache\iecompat.dll
2009-04-02 21:28 . 2009-04-02 21:28 -------- d-sh--w C:\FOUND.073
2009-04-02 18:58 . 2009-04-02 18:58 -------- d-sh--w C:\FOUND.072
2009-04-02 17:48 . 2009-04-02 17:48 -------- d-sh--w C:\FOUND.071
2009-04-01 18:35 . 2009-04-01 18:35 -------- d-sh--w C:\FOUND.070
2009-03-30 21:26 . 2009-03-30 21:26 -------- d-sh--w C:\FOUND.069
2009-03-29 20:56 . 2009-03-29 20:56 -------- d-----w c:\documents and settings\All Users\Application Data\NexonEU
2009-03-29 18:43 . 2009-03-29 18:43 -------- d-sh--w C:\FOUND.068
2009-03-29 18:22 . 2009-03-29 18:22 421888 ----a-w c:\windows\NEXON_EU_DownloaderUpdater.exe
2009-03-29 18:12 . 2009-03-29 18:12 -------- d-sh--w C:\FOUND.067
2009-03-29 18:00 . 2009-03-29 18:00 -------- d-----w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\PMB Files
2009-03-29 18:00 . 2009-03-29 18:00 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files
2009-03-27 19:53 . 2009-03-27 19:53 -------- d-sh--w C:\FOUND.066
2009-03-27 19:07 . 2009-03-27 19:07 -------- d-sh--w C:\FOUND.065
2009-03-27 15:34 . 2009-03-27 15:34 -------- d-sh--w C:\FOUND.064
2009-03-23 19:06 . 2009-03-23 19:06 -------- d-----w c:\documents and settings\All Users\Application Data\0BB
2009-03-23 12:28 . 2009-03-23 12:28 -------- d-sh--w C:\FOUND.063
2009-03-22 21:11 . 2009-03-22 21:11 -------- d-sh--w C:\FOUND.062
2009-03-21 16:23 . 2009-03-21 16:23 -------- d-----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-03-20 21:16 . 2009-03-20 21:16 -------- d-----w c:\documents and settings\All Users\Application Data\FDA
2009-03-20 14:07 . 2009-03-20 14:07 -------- d-----w c:\documents and settings\All Users\Application Data\25138
2009-03-20 12:07 . 2009-03-20 12:07 -------- d-sh--w C:\FOUND.061
2009-03-19 15:03 . 2009-03-19 15:03 -------- d-sh--w C:\FOUND.060
2009-03-17 16:20 . 2009-03-17 16:20 -------- d-sh--w C:\FOUND.059
2009-03-17 12:58 . 2009-03-17 12:58 -------- d-sh--w C:\FOUND.058
2009-03-16 19:21 . 2009-03-16 19:21 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\Genimo

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-14 20:43 . 2007-06-22 21:38 937 --sha-w c:\windows\system32\mmf.sys
2009-04-14 11:01 . 2009-04-14 11:01 -------- d-----w c:\program files\DAEMON Tools Toolbar
2009-04-14 10:58 . 2008-09-26 18:29 717296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-04-14 10:08 . 2009-04-14 10:08 -------- d-----w c:\program files\TeamViewer
2009-04-12 22:50 . 2009-04-12 22:50 -------- d-----w c:\program files\Pivot Stickfigure Animator
2009-04-12 14:50 . 2009-04-12 14:50 -------- d-----w c:\program files\liveradiotv
2009-04-12 12:38 . 2009-04-12 12:38 -------- d-----w c:\program files\Eusing Free Registry Cleaner
2009-04-11 15:24 . 2009-04-11 15:24 -------- d-----w c:\program files\Oberon Media
2009-04-11 15:24 . 2009-04-11 15:24 -------- d-----w c:\program files\Common Files\Oberon Media
2009-04-11 12:09 . 2009-04-11 12:09 -------- d-----w c:\program files\AlienGUIse
2009-04-10 10:36 . 2009-04-10 10:36 -------- d-----w c:\program files\FastStone Image Viewer
2009-04-06 19:57 . 2008-01-14 20:06 4 ----a-w C:\bootlf.sys
2009-03-30 18:35 . 2008-01-14 20:50 26978 ----a-w C:\hpfr3600.log
2009-03-29 08:55 . 2009-03-29 08:55 -------- d-----w c:\program files\Rockstar Games
2009-03-28 10:44 . 2005-09-18 19:27 93992 ----a-w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-16 20:37 . 2009-03-16 20:37 -------- d-----w c:\program files\DkZ Studio
2009-03-16 20:36 . 2005-08-06 14:44 737280 ----a-w c:\windows\iun6002.exe
2009-03-15 08:27 . 2009-03-15 08:26 48371712 ----a-w C:\dualis.avi
2009-03-14 18:43 . 2009-03-14 18:43 -------- d-----w c:\program files\7-Zip
2009-03-08 16:39 . 2009-03-08 16:39 -------- d-----w c:\program files\Microsoft Sync Framework
2009-03-08 12:09 . 2007-08-13 16:43 638816 ----a-w c:\windows\system32\dllcache\iexplore.exe
2009-03-08 12:09 . 2007-08-13 16:39 391536 ----a-w c:\windows\system32\dllcache\iedkcs32.dll
2009-03-08 02:41 . 2007-08-13 16:54 5937152 ----a-w c:\windows\system32\dllcache\mshtml.dll
2009-03-08 02:39 . 2008-12-20 15:48 11063808 ----a-w c:\windows\system32\dllcache\ieframe.dll
2009-03-08 02:34 . 2007-08-13 16:54 914944 ----a-w c:\windows\system32\dllcache\wininet.dll
2009-03-08 02:34 . 2006-06-23 09:33 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 02:34 . 2007-08-13 16:54 1206784 ----a-w c:\windows\system32\dllcache\urlmon.dll
2009-03-08 02:34 . 2007-08-13 16:54 236544 ----a-w c:\windows\system32\dllcache\webcheck.dll
2009-03-08 02:34 . 2007-08-13 16:44 43008 ----a-w c:\windows\system32\dllcache\licmgr10.dll
2009-03-08 02:34 . 2002-08-28 23:41 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 02:34 . 2007-08-13 16:44 105984 ----a-w c:\windows\system32\dllcache\url.dll
2009-03-08 02:34 . 2007-08-13 16:44 193536 ----a-w c:\windows\system32\dllcache\msrating.dll
2009-03-08 02:34 . 2007-08-13 16:44 109568 ----a-w c:\windows\system32\dllcache\occache.dll
2009-03-08 02:33 . 2007-08-13 16:54 759296 ----a-w c:\windows\system32\dllcache\VGX.dll
2009-03-08 02:33 . 2007-08-13 16:42 18944 ----a-w c:\windows\system32\dllcache\corpol.dll
2009-03-08 02:33 . 2001-08-23 08:00 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 02:33 . 2007-08-13 16:54 25600 ----a-w c:\windows\system32\dllcache\jsproxy.dll
2009-03-08 02:33 . 2007-08-13 16:38 726528 ----a-w c:\windows\system32\dllcache\jscript.dll
2009-03-08 02:33 . 2007-08-13 16:39 229376 ----a-w c:\windows\system32\dllcache\ieaksie.dll
2009-03-08 02:33 . 2007-08-13 16:54 420352 ----a-w c:\windows\system32\dllcache\vbscript.dll
2009-03-08 02:33 . 2002-08-28 23:41 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 02:33 . 2007-08-13 16:39 125952 ----a-w c:\windows\system32\dllcache\ieakeng.dll
2009-03-08 02:32 . 2007-08-13 16:39 72704 ----a-w c:\windows\system32\dllcache\admparse.dll
2009-03-08 02:32 . 2001-08-23 08:00 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 02:32 . 2007-08-13 16:39 173056 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2009-03-08 02:32 . 2001-08-23 08:00 163840 ----a-w c:\windows\system32\dllcache\ieakui.dll
2009-03-08 02:32 . 2007-08-13 16:39 71680 ----a-w c:\windows\system32\dllcache\iesetup.dll
2009-03-08 02:32 . 2007-08-13 16:39 55808 ----a-w c:\windows\system32\dllcache\iernonce.dll
2009-03-08 02:32 . 2002-08-28 23:40 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 02:32 . 2007-08-13 16:39 128512 ----a-w c:\windows\system32\dllcache\advpack.dll
2009-03-08 02:32 . 2007-08-13 16:39 94720 ----a-w c:\windows\system32\dllcache\inseng.dll
2009-03-08 02:32 . 2008-12-20 15:48 594432 ----a-w c:\windows\system32\dllcache\msfeeds.dll
2009-03-08 02:32 . 2008-12-20 15:48 1985024 ----a-w c:\windows\system32\dllcache\iertutil.dll
2009-03-08 02:32 . 2007-08-13 16:54 611840 ----a-w c:\windows\system32\dllcache\mstime.dll
2009-03-08 02:24 . 2007-08-13 16:18 68608 ----a-w c:\windows\system32\dllcache\hmmapi.dll
2009-03-08 02:22 . 2001-08-23 08:00 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-08 02:22 . 2001-08-23 08:00 156160 ----a-w c:\windows\system32\dllcache\msls31.dll
2009-03-08 02:11 . 2008-12-20 15:48 445952 ----a-w c:\windows\system32\dllcache\ieapfltr.dll
2009-03-07 12:57 . 2008-11-30 19:05 0 ----a-w C:\testwma.raw
2009-03-06 16:16 . 2009-03-06 16:16 -------- d-----w c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-03-06 16:14 . 2009-03-06 16:14 -------- d-----w c:\program files\Messenger Plus! Live
2009-03-06 15:28 . 2009-03-06 15:28 -------- d-----w c:\program files\Microsoft
2009-03-06 15:28 . 2009-03-06 15:28 -------- d-----w c:\program files\Windows Live SkyDrive
2009-03-06 15:10 . 2009-03-06 15:10 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-02 16:43 . 2009-03-02 16:43 -------- d-----w c:\documents and settings\All Users\Application Data\432C
2009-02-27 13:34 . 2009-02-27 13:34 -------- d-----w c:\program files\Common Files\INCA Shared
2009-02-23 21:06 . 2009-02-23 21:06 -------- d-----w c:\documents and settings\BOKI SMOKI\Application Data\ACD Systems
2009-02-23 21:05 . 2009-02-23 21:05 -------- d-----w c:\program files\Common Files\ACD Systems
2009-02-20 16:10 . 2009-02-20 16:10 268 ---ha-w C:\sqmdata01.sqm
2009-02-20 16:10 . 2009-02-20 16:10 244 ---ha-w C:\sqmnoopt01.sqm
2009-02-09 10:13 . 2008-12-21 08:43 1846784 ------w c:\windows\system32\dllcache\win32k.sys
2009-02-09 10:13 . 2002-08-28 22:14 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 19:07 . 2008-12-20 15:48 3698584 ----a-w c:\windows\system32\dllcache\ieapfltr.dat
2009-02-06 17:20 . 2009-02-06 17:20 308088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 16:52 . 2009-02-06 16:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-01-30 22:15 . 2009-01-30 22:15 401408 ----a-w c:\windows\system32\srkey.exe
2009-01-26 12:56 . 2009-01-26 12:56 0 ----a-w C:\paklog.txt
2009-01-16 21:17 . 2008-11-23 15:28 2560 ----a-w c:\windows\_MSRSTRT.EXE
2008-11-23 09:20 . 2008-11-23 09:20 26376 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-11-23 09:19 . 2008-11-23 09:19 128 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\fusioncache.dat
2008-02-08 13:31 . 2005-02-11 18:05 23232 ----a-w c:\documents and settings\BOKI SMOKI\Application Data\GDIPFONTCACHEV1.DAT
2007-08-17 20:39 . 2007-08-17 20:39 133 ----a-w c:\documents and settings\BOKI SMOKI\Local Settings\Application Data\fusioncache.dat
2005-08-30 21:08 . 2005-08-05 19:00 560 ----a-w c:\program files\Global.sw
2004-08-18 18:36 . 2004-03-07 10:41 20136 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2004-04-29 11:14 . 2004-03-22 18:29 20136 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.


---- c:\windows\system32\nsk3AC.dll ----
Company:
File Description:
File Version: 4, 6, 5, 0
Product Name:
Copyright:
Original file name:
File Size: 715264
Created Time: 2009-04-09 16:54
Modified Time: 2009-04-09 16:54
Accessed Time: 2009-04-13 22:00
MD5: A61AB2986F0D896A427AC76B59BEF058
SHA: 24C06AC6BF8D5F44C7495DF69352538C63335060

---- Directory of c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004 ----

1979-12-31 22:00 . 2007-04-02 20:38 879 --s-a-w c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004\2940639483c8c8b1b3bae7fb15180393_af6ed4c4-1a5e-4637-83f0-69eacfb819e5

---- Directory of c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004\2940639483c8c8b1b3bae7fb15180393_af6ed4c4-1a5e-4637-83f0-69eacfb819e5 ----



((((((((((((((((((((((((((((( SnapShot@2009-04-14_17.10.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-04-14 20:43 . 2009-04-14 20:43 16384 c:\windows\Temp\Perflib_Perfdata_e4.dat
+ 2009-04-14 20:42 . 2009-04-14 20:43 16384 c:\windows\Temp\Perflib_Perfdata_480.dat
+ 2001-08-23 08:00 . 2009-04-14 20:47 60956 c:\windows\system32\perfc009.dat
- 2001-08-23 08:00 . 2009-04-14 11:04 60956 c:\windows\system32\perfc009.dat
+ 2001-08-23 08:00 . 2009-04-14 20:47 397682 c:\windows\system32\perfh009.dat
- 2001-08-23 08:00 . 2009-04-14 11:04 397682 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{9d150283-9400-4931-86b9-87c8f86663c4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9d150283-9400-4931-86b9-87c8f86663c4}]
2009-02-19 14:58 2081304 ----a-w c:\program files\liveradiotv\tblive.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9d150283-9400-4931-86b9-87c8f86663c4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9D150283-9400-4931-86B9-87C8F86663C4}"= "c:\program files\liveradiotv\tblive.dll" [2009-02-19 2081304]

[HKEY_CLASSES_ROOT\clsid\{9d150283-9400-4931-86b9-87c8f86663c4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"DAEMON Tools Lite"="d:\program\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="d:\antivi~1\ashDisp.exe" [2009-02-05 81000]
"DAEMON Tools-1033"="c:\program files\DRTools\daemon.exe" [2004-08-22 81920]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-09-01 176128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Webshots.lnk - d:\destop skrinsever\Webshots\WebshotsTray.exe [2004-2-14 208896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB]
2001-12-20 21:34 24576 ----a-w c:\program files\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"VIDC.IV41"= ir41_32.dll
"VIDC.ACDV"= ACDV.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchpad.lnk]
backup=c:\windows\pss\Launchpad.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^BOKI SMOKI^Start Menu^Programs^Startup^Webshots.lnk]
backup=c:\windows\pss\Webshots.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 15:41 45056 ----a-w c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
2003-09-12 19:10 335872 ----a-w c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2008-12-15 20:25 342848 ----a-w c:\program files\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeviceDiscovery]
2003-05-21 16:37 229437 ----a-w c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RamSmash]
2009-02-01 13:54 1986224 ----a-w c:\program files\RamSmash\RamSmash.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2008-11-18 14:31 21633320 ----a-r c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinPatrol]
2009-04-07 19:16 337216 ------w d:\programi\WinPatrol\WinPatrol.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\windows\\system32\\sessmgr.exe"=
"c:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=
"d:\\Torrent\\utorrent.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"d:\\Torrent\\uTorrent 1.8.2\\utorrent-1.8.2.upx.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Igre\\Stronghold 2\\Stronghold2.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"d:\\Igre\\CIV IV\\Civilization4.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"7001:UDP"= 7001:UDP:AFS CacheManager Callback (UDP)
"57920:TCP"= 57920:TCP:Pando Media Booster
"57920:UDP"= 57920:UDP:Pando Media Booster

R0 ST77bus;ST77bus;c:\windows\System32\DRIVERS\ST77bus.sys [2004-08-22 155136]
R0 ST77prt;ST77prt;c:\windows\System32\Drivers\ST77prt.sys [2004-08-22 5248]
R2 gupdate1c9570f5a5a19b0;Google Update Service (gupdate1c9570f5a5a19b0); [x]
R3 aaudstum;aaudstum; [x]
R3 DCamUSBUVT;ICM532A;c:\windows\system32\Drivers\usbuvt.sys [2002-07-10 95232]
R3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\DRIVERS\K320bus.sys [2006-08-18 61504]
R3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\DRIVERS\K320mdfl.sys [2006-08-18 9328]
R3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\DRIVERS\K320mdm.sys [2006-08-18 97056]
R3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\K320mgmt.sys [2006-08-18 88560]
R3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\K320obex.sys [2006-08-18 86368]
R3 k510bus;Sony Ericsson K510 Driver driver (WDM);c:\windows\system32\DRIVERS\k510bus.sys [2007-08-17 58288]
R3 k510mdfl;Sony Ericsson K510 USB WMC Modem Filter;c:\windows\system32\DRIVERS\k510mdfl.sys [2007-08-17 8336]
R3 k510mdm;Sony Ericsson K510 USB WMC Modem Driver;c:\windows\system32\DRIVERS\k510mdm.sys [2007-08-17 94064]
R3 k510mgmt;Sony Ericsson K510 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\k510mgmt.sys [2007-08-17 85408]
R3 k510obex;Sony Ericsson K510 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\k510obex.sys [2007-08-17 83344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2009-02-16 2736890]
S1 aswSP;avast! Self Protection; [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560]
S2 GenPort;GenPort; [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-06-22 2560]
S2 MapMem;MapMem; [x]
S2 NTRemap;NTRemap; [x]
S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\DRIVERS\Amps2prt.sys [2004-08-25 9984]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-14 c:\windows\Tasks\User_Feed_Synchronization-{08E9E407-9582-4820-925D-2799447CA3D4}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.bearshare.com/intl/
mSearch Bar = hxxp://%31%2D%73%65%2E%63%6F%6D/%73%72%63%68%61%73%73%74%2E%68%74%6D%6C
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.searchgateway.net/search/%s
IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZKfox000
IE: Download with GetRight
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Open with GetRight Browser
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\BOKI SMOKI\Application Data\Mozilla\Firefox\Profiles\5g0bg7o6.default\
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\documents and settings\All Users\Application Data\NexonEU\NGM\npNxGameeu.dll
FF - plugin: c:\program files\Google\Google Earth Plugin\npgeplugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\programi\FireFox\plugins\NPMyWebS.dll
FF - plugin: d:\programi\FireFox\plugins\npPandoWebInst.dll

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
FF - user.js: browser.search.defaultenginename - Yoog Search
FF - user.js: keyword.enabled - true
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-14 22:56
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004
c:\documents and settings\BOKI SMOKI\Application Data\Microsoft\Crypto\DSS\S-1-5-21-606747145-1770027372-839522115-1004\2940639483c8c8b1b3bae7fb15180393_af6ed4c4-1a5e-4637-83f0-69eacfb819e5 16384 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(448-)
c:\windows\system32\Ati2evxx.dll
c:\program files\AlienGUIse\fastload.dll

- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
d:\programi\Stardock\Object Desktop\IconPackager\iprepair.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
.
Completion time: ~,10time:~,-3
ComboFix-quarantined-files.txt 2009-04-14 20:59
ComboFix2.txt 2009-04-14 17:14

Pre-Run: 2.237.480.960 bytes free
Post-Run: 2.222.178.304 bytes free

360 --- E O F --- 2009-03-11 15:14

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Preuzmi instalaciju za program Malwarebytes Anti-Malware sa sledećeg linka:
http://www.besttechie.net/tools/mbam-setup.exe

Dvoklikom pokreni instalaciju - na samom kraju procesa, proveri da su obeležene opcije:
Update Malwarebytes' Anti-Malware;
Launch Malwarebytes Anti-Malware;

a zatim klikni Finish.

Nakon završenog ažuriranja program će se pokrenuti.

Izaberi opciju Perform Full Scan i klikni Scan.

Po završetku procesa klikni OK, Show Results: u listi detektovanog malware-a, obeleži sve stavke i klikni Remove Selected.

Po završetku procesa, logfile će se otvoriti u Notepad-u; iskopiraj ga u temu na forumu.
Ukoliko program zatraži restart kako bi se završio proces čišćenja, obavezno ga dozvoliti.

Napomena: ako dođe do restarta na kraju procesa čišćenja, logfile će biti dostupan na Logs kartici (obeleži ga i klikni Open).


Takođe, nakon svega, potrebno je postaviti i svež HijackThis logfile.

offline
  • Pridružio: 24 Nov 2008
  • Poruke: 6
  • Gde živiš: Sombor

Malwarebytes' Anti-Malware 1.36
Verzija baze podataka: 1985
Windows 5.1.2600 Service Pack 3

15.4.2009 13:35:52
mbam-log-2009-04-15 (13-35-52).txt

Tip skeniranja: Kompletno Skeniranje (C:\|D:\Smajli
Skeniranih objekata: 283162
Proteklo vreme: 1 hour(s), 2 minute(s), 13 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 98
Inficirane vrednosti u registru: 3
Inficirani podaci u registru: 0
Inficirane fascikle: 1
Inficirane datoteke: 62

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani ključevi u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho.incredifindbho.1 (Trojan.KeenValue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bho.incredifindbho (Trojan.KeenValue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{de289bfa-737b-4abb-a4ec-f8753551b875} (Trojan.KeenValue) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8b8f6968-2f24-41e3-b653-e9613226f14d} (Trojan.KeenValue) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\WhenUSave (Adware.WhenUSave) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.htmlmenu.2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswattersettingscontrol (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.chatsessionplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.htmlpanel (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.pseudotransparentplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearch.outlookaddin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch bar Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eac-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1093995a-ba37-41d2-836e-091067c4ad17} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720451-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.datacontrol.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historykillerscheduler (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{247a115f-06c2-4fb3-967d-2d62d3cf4f0a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.historyswattercontrolbar.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2b-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e1656ed-f60e-4597-b6aa-b6a58e171495} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e53e2cb-86db-4a4a-8bd9-ffeb7a64df82} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3e720453-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d297-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bbabdc90-f3d5-4801-863a-ee6ae529862d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{63d0ed2d-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{991aac62-b100-47ce-8b75-253965244f69} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{a626cdbd-3d13-4f78-b819-440a28d7e8fc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d291-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d293-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{7473d295-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{90449521-d834-4703-bb4e-d3aa44042ff8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mywebsearchtoolbar.toolbarplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\screensavercontrol.screensaverinstaller.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{07b18eaa-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{6e74766c-4d93-4cc0-96d1-47b8e07ff9ca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{72ee7f04-15bd-4845-a005-d6711144d86a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{120927bf-1700-43bc-810f-fab92549b390} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{17de5e5e-bfe3-4e83-8e1f-8755795359ec} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{1f52a5fa-a705-4415-b975-88503b291728} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e47caee0-deea-464a-9326-3f2801535a4d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e3537fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.iecookiesmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.killerobjmanager.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{0d26bc71-a633-4e71-ad31-eadc3a1b6a3a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d6ff3684-ad3b-48eb-bbb4-b9e6c5a355c1} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{de38c398-b328-4f4c-a3ad-1b5e4ed93477} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e342af55-b78a-4cd0-a2bb-da7f52d9d25f} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbc9-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e79dfbcb-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{eb9e5c1c-b1f9-4c2b-be8a-27d6446fdaf8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{f87d7fb5-9dc5-4c8c-b998-d8dfe02e2978} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{07b18ea0-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8ca01f0e-987c-49c3-b852-2f1ac4a7094c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{29d67d3c-509a-4544-903f-c8c1b8236554} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{3e720450-b472-4954-b7aa-33069eb53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{7473d290-b7bb-4f24-ae82-7e2ce94bb6a9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{e79dfbc0-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{8e6f1830-9607-4440-8530-13be7c4b1d14} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c8cecde3-1ae1-4c4a-ad82-6d5b00212144} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{f42228fb-e84e-479e-b922-fbbd096e792c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\funwebproducts.popswatterbarbutton (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.

Inficirane vrednosti u registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Download\CheckExeSignatures (Disabled.checkEXESignatures) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources\f3PopularScreensavers (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Inficirani podaci u registru:
(Maliciozne stavke nisu detektovane)

Inficirane fascikle:
C:\Program Files\Save (Adware.WhenUSave) -> Quarantined and deleted successfully.

Inficirane datoteke:
C:\FOUND.078\FILE0009.CHK (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\FOUND.078\FILE0008.CHK (Trojan.Vundo.V) -> Quarantined and deleted successfully.
C:\WINDOWS\San Andreas Mod Installer\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Reflexive Arcade Games - Action\uninstall.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Setup_ver1.1550.2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Save\save.htm (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Program Files\Save\ReadMe.txt (Adware.WhenUSave) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499391.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499392.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\Internet Explorer\msimg32.dll.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499401.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499397.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499399.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499436.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499421.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499410.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499413.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499422.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499419.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MEDINT.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
D:\Programi\FireFox\plugins\NPMyWebS.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499417.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499418.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499423.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499420.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499415.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499416.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499414.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499424.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\Qoobox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE.vir (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499411.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499407.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
D:\Programi\WebfettiSetup2.3.50.24.ZKfox000.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499432.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499406.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499408.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP573\A0499409.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP568\A0491180.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{AC51A436-371C-46D2-9968-E639B7462F7C}\RP567\A0491094.exe (Adware.Adrotator) -> Quarantined and deleted successfully.


________________________________________________________


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:42:44, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
D:\antivirus\aswUpdSv.exe
D:\antivirus\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
D:\ANTIVI~1\ashDisp.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\windows\system32\ctfmon.exe
D:\Program\DAEMON Tools Lite\daemon.exe
C:\windows\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\slserv.exe
D:\antivirus\ashMaiSv.exe
D:\antivirus\ashWebSv.exe
C:\windows\system32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\BOKI SMOKI\Desktop\Program\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = 1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = 1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = 1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = searchgateway.net/search/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O4 - HKLM\..\Run: [avast!] D:\ANTIVI~1\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....7470401093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\windows\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\antivirus\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\windows\System32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe

--
End of file - 6018 bytes

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

MBAM je odradio dobar posao. Sada pokreni HijackThis, pronađi i obriši dole navedene unose. Brišeš ih tako što pored svake štikliraš onaj box (paralelelan sa linijom) i stisneš FixChecked.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/intl/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://1-se.com/srchasst.html (obfuscated)
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,(Default) = http://1-se.com/srchasst.html (obfuscated)
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.searchgateway.net/search/%s


Restartuj PC nakon toga i postavi mi nov HijackThis log da vidim kakvo je stanje.

offline
  • Pridružio: 24 Nov 2008
  • Poruke: 6
  • Gde živiš: Sombor

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:07:04, on 15.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\System32\Ati2evxx.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
D:\antivirus\aswUpdSv.exe
D:\antivirus\ashServ.exe
C:\windows\system32\Ati2evxx.exe
C:\windows\Explorer.EXE
D:\ANTIVI~1\ashDisp.exe
C:\windows\system32\ctfmon.exe
D:\Program\DAEMON Tools Lite\daemon.exe
C:\windows\system32\spoolsv.exe
C:\windows\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\windows\system32\slserv.exe
D:\antivirus\ashMaiSv.exe
D:\antivirus\ashWebSv.exe
D:\antivirus\setup\avast.setup
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\BOKI SMOKI\Desktop\Program\TR3.exe.exe
\?\C:\windows\system32\WBEM\WMIADAP.EXE

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: liveradiotv Toolbar - {9d150283-9400-4931-86b9-87c8f86663c4} - C:\Program Files\liveradiotv\tblive.dll
O4 - HKLM\..\Run: [avast!] D:\ANTIVI~1\ashDisp.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....7470401093
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\antivirus\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\windows\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\antivirus\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\antivirus\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\antivirus\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrB - Unknown owner - C:\windows\System32\PnkBstrB.exe
O23 - Service: SmartLinkService (SLService) - - C:\windows\SYSTEM32\slserv.exe

--
End of file - 5458 bytes

offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

To je to. Kakvo je sada stanje što se restartovanja tiče?

Ko je trenutno na forumu
 

Ukupno su 809 korisnika na forumu :: 36 registrovanih, 3 sakrivenih i 770 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Sale, A.R.Chafee.Jr., Atomski čoban, Bane san, bojank, Boris90, Crazzer, DJORDJE-NO-1, Drug pukovnik, Georgius, goxin, HDMI, HrcAk47, indja, ivan979, ivica976, Kalvi1979, kuntalo, ljiljak, Marko Marković, MB120mm, MegaVLAdaR, Milan.1976, Mixelotti, nemkea71, ObelixSRB, repac, rodoljub, rovac, Snorks, suton, Trpe Grozni, vobo, Yellow Pinky, yrraf, Živković