Rootkit ili sta ???

1

Rootkit ili sta ???

offline
  • Pridružio: 21 Jul 2012
  • Poruke: 7

Napisano: 21 Jul 2012 20:23

Windows vec neko vreme radi sporije, internet takodje, imam veliki broj konekcija i pre nego sto otvorim browser (netstat), u taskmanageru svchost cesto prelazi 50%. Pocelo je pre nedelju, dve, zena stalno skida hide and seek igrice sa raznih mesta
Imam nod 5 antivirus i on nadje sledece :
services.exe(756) a variant of Win32/Sirefef.EV trojan
Desktop.ini a variant of Win32/Sirefef.EZ trojan
skratio sam path... ali ne uspe da ih ocisti
pokushao sam sa spybot S&D i Malwarebytes antimalware, i oba svaki put nadju po desetak infekcija, ociste sve, i sutra ili za par dana ih ima opet
probao sam trendmicro housecall i on je nashao 3 infekcije u d3d... dll ovima sa nekim wormom ali posle restarta i dan dva opet nalazi druge slicne infekcije
takodje sam pokretao combofix ali iako zavrshi skeniranje i obrishe nekoliko fileova i dalje isti simtomi
imam adsl 6 mbps
Windows XP sp3 sa instaliranim updateima...
nadam se da nisam nista izostavio
korak 2 Smile

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.4.1
Run by X at 19:54:04 on 2012-07-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1205 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Vtune\TBPanel.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
"C:\WINDOWS\System32\svchost.exe" -g no -t 2 -o google-updaete.com:8344/ -u moexuou -p bfo
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uInternet Connection Wizard,ShellNext = hxxp://search.yahoo.com/search?p=Search+google&fr=chr-devicevm&type=IEBD
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: Winamp Toolbar Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo\YontooIEClient.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - c:\program files\bittorrentbar\prxtbBitT.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [TBPanel] c:\program files\vtune\TBPanel.exe /A
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\x\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTProAgent.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D1F4E87-2501-4BE0-A5CC-2E387195BA62} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\x\application data\mozilla\firefox\profiles\4s8r8ke3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=70232eba0000000000001c6f655d92c8&q=
FF - plugin: c:\documents and settings\all users\application data\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\x\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.hardId - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15516
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:17:56
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [2011-1-22 19496]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 104160]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-8-17 2255464]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [2010-3-18 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-22 119528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 mcrdsvc;Sandradatasrv;c:\windows\system32\svchost.exe -k netsvcs [2008-4-14 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-1-22 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 cpuz130;cpuz130;\??\c:\docume~1\x\locals~1\temp\cpuz130\cpuz_x32.sys --> c:\docume~1\x\locals~1\temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2012-5-9 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-1 113120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2011-6-16 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2011-6-16 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2011-6-16 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2011-6-16 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2011-6-16 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2011-6-16 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2011-6-16 109736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-07-21 17:41:20 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-18 13:40:05 -------- d-----w- c:\windows\system32\10561057
2012-07-18 13:03:34 -------- d-----w- c:\windows\system32\1056
2012-07-18 12:45:55 -------- d-----w- c:\windows\system32\1058
2012-07-18 12:45:39 -------- d-----w- c:\windows\system32\1057
2012-07-10 19:40:52 -------- d-----w- C:\ComboFix
2012-07-10 19:25:52 -------- d-----w- c:\documents and settings\x\application data\Malwarebytes
2012-07-10 19:24:56 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-07-10 19:24:55 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 19:24:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 18:52:06 -------- d-sh--w- c:\documents and settings\x\IECompatCache
2012-07-10 16:47:45 -------- d-----w- c:\documents and settings\x\local settings\application data\N Tri studio
2012-07-08 09:59:56 -------- d-----w- c:\documents and settings\x\TruePianos Settings
2012-07-08 09:59:27 -------- d-----w- c:\documents and settings\x\application data\Cakewalk
2012-07-08 09:57:24 -------- d-----w- c:\program files\common files\Native Instruments
2012-07-08 09:57:22 -------- d-----w- c:\program files\common files\Digidesign
2012-07-08 09:57:20 -------- d-----w- c:\program files\Vstplugins
2012-07-08 09:57:13 -------- d-----w- c:\program files\Native Instruments
2012-07-08 09:52:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-07-08 09:52:40 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-08 09:52:40 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-07-08 09:52:24 -------- d-----w- c:\program files\Cakewalk
2012-07-08 09:52:24 -------- d-----w- c:\documents and settings\all users\application data\Cakewalk
2012-07-08 09:52:24 -------- d-----w- C:\Cakewalk Projects
2012-07-08 08:52:12 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2012-07-08 08:52:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-08 07:53:20 -------- d-----w- c:\documents and settings\x\application data\DAEMON Tools Pro
2012-07-08 07:21:09 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-05 16:16:01 -------- d-----w- c:\documents and settings\x\local settings\application data\ESET
2012-07-05 16:03:22 -------- d-----w- c:\windows\Fierce Tales - The Dog's Heart Collector's Edition
2012-07-04 17:06:22 -------- d-----w- c:\documents and settings\x\application data\Skunk Studios
2012-07-01 18:44:57 388096 ----a-r- c:\documents and settings\x\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-07-01 18:44:56 -------- d-----w- c:\program files\Trend Micro
2012-07-01 18:39:16 -------- d-----w- c:\program files\ESET
2012-07-01 18:27:31 -------- d-----w- c:\program files\tnod
2012-06-27 11:47:50 -------- d-----w- c:\documents and settings\x\application data\SunRay Games
2012-06-25 20:17:42 -------- d-----w- c:\documents and settings\x\application data\YourFileDownloader
2012-06-24 18:46:29 -------- d-----w- c:\documents and settings\x\application data\Specialbit
2012-06-24 18:45:45 -------- d-----w- c:\documents and settings\x\application data\SMIGames
2012-06-24 13:52:05 -------- d-----w- c:\documents and settings\x\application data\Absolutist
2012-06-24 13:52:05 -------- d-----w- c:\documents and settings\all users\application data\Absolutist
.
==================== Find3M ====================
.
2012-07-03 23:26:50 280276 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-07-03 23:26:50 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-06-20 18:58:26 280276 -c--a-w- c:\windows\system32\nvdrsdb1.bin
2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18:58 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 17:52:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 19:18:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-09 19:18:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 45056 ----a-w- c:\windows\system32\ntkkrnlpa.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
.
============= FINISH: 19:54:25.35 ===============

mycity.rs/must-login.png

mycity.rs/must-login.png

mycity.rs/must-login.png

bar mi je lakshe nisam ovo istripovao, gmer mi kaze found sys modification sugesting rootkit activity. e sad koji i kako ocistiti.... bez reinstala

Dopuna: 21 Jul 2012 20:27

Security centar prijavljuje da firewall ne radi, a kada pokusam da ga otvorim ili startujem dobijem gresku.

ps izvinjavam se na odgovoru samom sebi ali ne mogu da nadjem dugme za edit poruke

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Napisano: 21 Jul 2012 20:34

Preuzmi program OTL sa donjeg linka na Desktop:
Download link1
Download link2



Dvoklikom pokreni OTL.

Štikliraj opciju Scan All Users.
U beli okvir prozora gde piše Custom Scans/Fixes iskopiraj sledeći tekst:


netsvcs
drives
%SYSTEMDRIVE%\*.exe
/md5start
services.*
/md5stop
C:\Windows\assembly\GAC_32\Desktop.ini /md5
C:\Windows\assembly\GAC_64\Desktop.ini /md5
CREATERESTOREPOINT



Klikni RunScan i pričekaj da se skeniranje završi.
Iskopiraj sadržaj OTL.txt izveštaja u temu na forumu.


Dopuna: 21 Jul 2012 20:40

Takodje mi okaci Combofix log

C:\ComboFix.txt

offline
  • Pridružio: 21 Jul 2012
  • Poruke: 7

Hvala na brzom i profi odgovoru. evo dok ovo pishem otl radi scan a ja trazim combofix log koga nema... tu je folder combofix ali loga nema ni u rootu ni u folderu... ne bih da pokrecem comofix opet bez preke potrebe posto prvi put nije reshio problem... evo otl loga


OTL logfile created on: 7/22/2012 7:44:00 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Documents and Settings\X\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 45.83% Memory free
5.84 Gb Paging File | 4.84 Gb Available in Paging File | 82.84% Paging File free
Paging file location(s): C:\pagefile.sys 4092 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 45.54 Gb Free Space | 31.09% Space Free | Partition Type: NTFS
Drive D: | 319.27 Gb Total Space | 200.69 Gb Free Space | 62.86% Space Free | Partition Type: NTFS
Drive F: | 7.40 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: X-EB84A57F7ECA4 | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/22 19:42:11 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\X\My Documents\Downloads\OTL.exe
PRC - [2012/07/10 06:09:02 | 001,250,328 | ---- | M] (Google Inc.) -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2012/04/17 17:19:40 | 003,671,872 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2012/03/07 15:40:28 | 003,117,344 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2011/08/03 13:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/02 16:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
PRC - [2010/03/18 19:17:48 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CtHelper.exe
PRC - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/04/14 14:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2012/07/10 06:09:00 | 000,438,296 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppgooglenaclpluginchrome.dll
MOD - [2012/07/10 06:08:59 | 003,972,120 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/10 06:07:39 | 000,554,520 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/10 06:07:37 | 000,117,784 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/10 06:07:22 | 000,140,328 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/10 06:07:21 | 000,262,184 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/10 06:07:19 | 002,386,984 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/10 04:17:27 | 009,255,112 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2011/11/03 17:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/08/02 16:38:20 | 002,248,704 | ---- | M] () -- C:\Program Files\Vtune\TBPANEL.exe
MOD - [2011/02/06 20:32:14 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 18:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [1998/10/31 05:55:56 | 000,005,120 | ---- | M] () -- C:\Program Files\Vtune\TBMANAGE.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %systemroot%\system32\MSFWDrv.dll -- (twdns)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\pml.dll -- (SRVLOC)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\contentfilter.dll -- (s117mdfl)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\slapd-data52.dll -- (personalsecuredriveservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\revudfservice.dll -- (mcrdsvc)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\SE2Dbus.dll -- (int15.sys)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\se58mdm.dll -- (fasttrackinstallerservice)
SRV - File not found [Auto | Stopped] -- %systemroot%\system32\zenos1.dll -- (EPSON_EB_RPCV4_01)
SRV - [2012/06/19 19:51:13 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/09 21:19:03 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/04/04 18:47:32 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/03/07 15:40:34 | 000,913,144 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2011/08/03 13:49:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010/04/07 02:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\WINDOWS\system32\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2010/02/12 10:23:12 | 000,286,720 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- -- (SCDEmu)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\X\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/07/21 20:38:18 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012/07/21 20:36:27 | 000,477,240 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2012/03/14 08:40:04 | 000,104,160 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2012/03/14 08:40:02 | 000,160,816 | ---- | M] (ESET) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2012/03/14 08:40:02 | 000,120,152 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2011/05/10 11:41:30 | 000,119,528 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011/02/10 06:21:10 | 000,281,504 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/02/10 06:21:09 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/04/30 10:56:24 | 006,032,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2010/04/27 21:56:44 | 000,019,496 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AppleCharger.sys -- (AppleCharger)
DRV - [2010/04/08 20:30:10 | 000,168,040 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nvgts.sys -- (nvgts)
DRV - [2010/03/18 20:50:12 | 000,189,528 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2010/03/18 20:50:04 | 000,162,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2010/03/18 20:49:56 | 000,798,808 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2010/03/18 20:45:42 | 000,092,760 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2010/03/18 20:45:28 | 000,157,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2010/03/18 20:45:20 | 000,014,424 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2010/03/18 20:45:12 | 000,127,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2010/03/18 20:40:56 | 000,018,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctgame.sys -- (ctgame)
DRV - [2010/03/18 20:40:48 | 000,347,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2010/03/18 20:40:40 | 000,528,472 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2010/03/18 20:40:32 | 000,511,064 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV - [2010/03/18 20:39:36 | 000,100,952 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV - [2010/03/18 20:39:28 | 000,566,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV - [2010/03/18 20:39:18 | 000,555,096 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV - [2010/03/18 20:39:10 | 000,099,416 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\COMMONFX.sys -- (COMMONFX)
DRV - [2010/03/04 12:02:10 | 000,013,824 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2010/03/04 12:02:08 | 000,070,912 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/21 19:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008/10/21 19:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV - [2008/10/21 19:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV - [2008/10/21 19:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008/10/21 19:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV - [2008/10/21 19:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV - [2008/10/21 19:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2007/04/17 02:46:34 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2007/03/16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TBPanel.sys -- (Cardex)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20110527015409359&tb_oid=27-05-2011&tb_mrud=27-05-2011
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = searchqu.com/web?src=ieb&appid=113&.....r=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com?SearchSource=10&ctid=CT2790392
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes,DefaultScope = {443789B7-F39C-4b5c-9287-DA72D38F4FE6}
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = search.babylon.com/?q={searchTerms}&affID=112555&tt=060612_5_&babsrc=SP_ss&mntrId=70232eba0000000000001c6f655d92c8
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = slirsredirect.search.aol.com/redirector/sredir?sredir=843&query={searchTerms}&invocationType=tb50-ie-customie9-chromesbox-en-us&tb_uuid=20110527015409359&tb_oid=27-05-2011&tb_mrud=27-05-2011
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = searchqu.com/web?src=ieb&appid=113&.....r=0&q={searchTerms}
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2790392
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110527012626718&tb_oid=27-05-2011&tb_mrud=27-05-2011
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>


========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.rs/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=70232eba0000000000001c6f655d92c8&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\X\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\X\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/19 19:51:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/07/18 22:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/07/01 20:39:18 | 000,000,000 | ---D | M]

[2012/05/01 08:23:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\X\Application Data\Mozilla\Extensions
[2012/07/21 20:31:31 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\X\Application Data\Mozilla\Firefox\Profiles\4s8r8ke3.default\extensions
[2012/05/01 08:22:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/19 19:51:14 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2009/07/02 11:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012/06/25 22:17:51 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/04/21 03:18:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/05/04 05:21:43 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchvsl.xml
[2011/10/28 19:36:15 | 000,002,520 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
[2012/04/21 03:18:25 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Zylom Plugin (Disabled) = C:\Program Files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\X\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google \u043F\u0440\u0435\u0442\u0440\u0430\u0433\u0430 = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Documents and Settings\X\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/10 20:57:13 | 000,442,251 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15220 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBitT.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\System32\CtHelper.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" File not found
O4 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1659004503-1482476501-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D1F4E87-2501-4BE0-A5CC-2E387195BA62}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/01/22 11:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/21 01:28:31 | 000,475,998 | R--- | M] () - F:\autorun.ico -- [ UDF ]
O32 - AutoRun File - [2010/02/12 04:58:58 | 000,000,047 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: s117mdfl - %systemroot%\system32\contentfilter.dll File not found
NetSvcs: personalsecuredriveservice - %systemroot%\system32\slapd-data52.dll File not found
NetSvcs: twdns - %systemroot%\system32\MSFWDrv.dll File not found
NetSvcs: SRVLOC - %systemroot%\system32\pml.dll File not found
NetSvcs: mbr - File not found
NetSvcs: mcrdsvc - %systemroot%\system32\revudfservice.dll File not found
NetSvcs: EPSON_EB_RPCV4_01 - %systemroot%\system32\zenos1.dll File not found
NetSvcs: int15.sys - %systemroot%\system32\SE2Dbus.dll File not found
NetSvcs: fasttrackinstallerservice - %systemroot%\system32\se58mdm.dll File not found
NetSvcs: aswmon2 - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 20:38:18 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/07/21 19:41:20 | 000,205,072 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/07/18 15:40:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\The Promised Land
[2012/07/18 15:40:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\10561057
[2012/07/18 15:03:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1056
[2012/07/18 14:45:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1058
[2012/07/18 14:45:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1057
[2012/07/18 11:03:33 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\X\Recent
[2012/07/10 21:47:05 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/07/10 21:40:52 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/07/10 21:40:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/10 21:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\Malwarebytes
[2012/07/10 21:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/10 21:24:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/07/10 21:24:55 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/10 21:24:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/07/10 20:52:06 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\X\IECompatCache
[2012/07/10 20:42:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Desktop\Sims
[2012/07/10 18:47:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Local Settings\Application Data\N Tri studio
[2012/07/10 18:47:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Start Menu\Programs\Ghost Whisperer
[2012/07/08 11:59:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\TruePianos Settings
[2012/07/08 11:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\My Documents\Cakewalk
[2012/07/08 11:59:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\Cakewalk
[2012/07/08 11:59:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\My Documents\Native Instruments
[2012/07/08 11:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Native Instruments
[2012/07/08 11:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Start Menu\Programs\Native Instruments
[2012/07/08 11:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Native Instruments
[2012/07/08 11:57:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Digidesign
[2012/07/08 11:57:20 | 000,000,000 | ---D | C] -- C:\Program Files\Vstplugins
[2012/07/08 11:57:13 | 000,000,000 | ---D | C] -- C:\Program Files\Native Instruments
[2012/07/08 11:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Identities
[2012/07/08 11:56:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cakewalk
[2012/07/08 11:52:40 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71.dll
[2012/07/08 11:52:40 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mfc71u.dll
[2012/07/08 11:52:40 | 000,487,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp70.dll
[2012/07/08 11:52:24 | 000,000,000 | ---D | C] -- C:\Cakewalk Projects
[2012/07/08 11:52:24 | 000,000,000 | ---D | C] -- C:\Program Files\Cakewalk
[2012/07/08 11:52:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Cakewalk
[2012/07/08 10:52:12 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Toolbar
[2012/07/08 10:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DAEMON Tools Lite
[2012/07/08 10:52:03 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
[2012/07/08 09:53:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\DAEMON Tools Pro
[2012/07/08 09:21:09 | 000,477,240 | ---- | C] (Duplex Secure Ltd.) -- C:\WINDOWS\System32\drivers\sptd.sys
[2012/07/08 08:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Desktop\video i audio
[2012/07/05 18:16:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Local Settings\Application Data\ESET
[2012/07/05 18:03:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\Fierce Tales - The Dog's Heart Collector's Edition
[2012/07/04 19:06:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\Skunk Studios
[2012/07/01 21:53:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ESET
[2012/07/01 20:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/07/01 20:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Start Menu\Programs\HiJackThis
[2012/07/01 20:39:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ESET
[2012/07/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/01 20:39:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ESET
[2012/07/01 20:27:31 | 000,000,000 | ---D | C] -- C:\Program Files\tnod
[2012/06/27 13:47:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\SunRay Games
[2012/06/25 22:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\YourFileDownloader
[2012/06/24 20:46:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\Specialbit
[2012/06/24 20:45:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\SMIGames
[2012/06/24 15:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Application Data\Absolutist
[2012/06/24 15:52:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Absolutist
[2012/06/24 15:48:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Start Menu\Programs\The City of Fools
[2012/06/22 19:56:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\X\Start Menu\Programs\Royal Envoy II CE
[2011/01/06 17:25:54 | 212,833,048 | ---- | C] (Just For Fun Games ) -- C:\Documents and Settings\X\Application Data\_Sherlock_Holmes_and_the_Hound_of_the_Baskervilles___justforfun-games.com.exe
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/22 19:21:00 | 000,000,962 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003UA.job
[2012/07/22 18:32:34 | 000,493,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/07/22 18:32:34 | 000,083,802 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/07/22 18:28:05 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/07/22 15:52:44 | 000,032,000 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/07/22 15:52:44 | 000,032,000 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/07/22 15:52:44 | 000,031,368 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/07/22 15:52:44 | 000,031,368 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/07/22 15:52:44 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000001-00000000-00000007-00001102-00000004-10071102}.rfx
[2012/07/22 15:52:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/07/22 15:52:44 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/07/22 15:52:35 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.CDF
[2012/07/22 15:52:35 | 004,931,577 | ---- | M] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.BAK
[2012/07/21 20:38:18 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/07/21 20:36:27 | 000,001,618 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2012/07/21 19:41:20 | 000,205,072 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2012/07/21 19:36:53 | 000,214,685 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\census.cache
[2012/07/21 19:36:47 | 000,195,068 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\ars.cache
[2012/07/21 19:29:05 | 000,000,036 | ---- | M] () -- C:\Documents and Settings\X\Local Settings\Application Data\housecall.guid.cache
[2012/07/21 12:40:49 | 000,000,789 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/19 17:21:00 | 000,000,910 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003Core.job
[2012/07/19 12:11:35 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/07/18 15:40:47 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Promised Land.lnk
[2012/07/18 15:40:05 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/07/18 15:03:36 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/07/18 14:45:55 | 000,000,352 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/07/18 14:45:40 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/07/18 14:42:57 | 000,000,938 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Shortcut to GrimTales3_TheWishes_CE.lnk
[2012/07/13 11:24:21 | 000,002,235 | ---- | M] () -- C:\Documents and Settings\X\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/07/13 11:24:20 | 000,002,257 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Google Chrome.lnk
[2012/07/11 01:29:04 | 000,270,192 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/07/10 20:57:13 | 000,442,251 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/07/10 18:52:45 | 000,001,804 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Fairway Collectors Edition.lnk
[2012/07/10 18:47:36 | 000,001,846 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Ghost Whisperer.lnk
[2012/07/06 23:00:30 | 018,063,464 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Romeo se budi-01.wav
[2012/07/04 19:05:44 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Flux Family Secrets The Book of Oracles.lnk
[2012/07/04 01:26:50 | 000,280,276 | ---- | M] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/07/04 01:26:50 | 000,000,001 | ---- | M] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/07/01 22:06:17 | 000,000,162 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2012/07/01 20:40:01 | 000,000,339 | RHS- | M] () -- C:\boot.ini
[2012/07/01 20:33:28 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/06/25 22:17:57 | 000,000,250 | ---- | M] () -- C:\user.js
[2012/06/24 15:48:44 | 000,001,779 | ---- | M] () -- C:\Documents and Settings\X\Desktop\The City of Fools.lnk
[2012/06/22 19:56:22 | 000,001,814 | ---- | M] () -- C:\Documents and Settings\X\Desktop\Royal Envoy 2.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/21 19:36:53 | 000,214,685 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\census.cache
[2012/07/21 19:36:47 | 000,195,068 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\ars.cache
[2012/07/21 19:29:05 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\housecall.guid.cache
[2012/07/20 19:57:42 | 018,063,464 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Romeo se budi-01.wav
[2012/07/19 17:16:31 | 000,000,962 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003UA.job
[2012/07/19 17:16:31 | 000,000,910 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003Core.job
[2012/07/18 23:15:54 | 004,931,577 | ---- | C] () -- C:\WINDOWS\{00000001-00000000-00000007-00001102-00000004-10071102}.BAK
[2012/07/18 15:40:47 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\The Promised Land.lnk
[2012/07/18 15:40:05 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At4.job
[2012/07/18 15:03:35 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At3.job
[2012/07/18 14:45:55 | 000,000,352 | ---- | C] () -- C:\WINDOWS\tasks\At2.job
[2012/07/18 14:45:40 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2012/07/18 14:43:05 | 000,000,938 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Shortcut to GrimTales3_TheWishes_CE.lnk
[2012/07/10 21:24:56 | 000,000,789 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/10 18:52:45 | 000,001,804 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Fairway Collectors Edition.lnk
[2012/07/10 18:47:36 | 000,001,846 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Ghost Whisperer.lnk
[2012/07/08 10:52:11 | 000,001,618 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DAEMON Tools Lite.lnk
[2012/07/04 19:05:44 | 000,002,112 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Flux Family Secrets The Book of Oracles.lnk
[2012/07/01 22:06:17 | 000,000,162 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/06/25 22:17:56 | 000,000,250 | ---- | C] () -- C:\user.js
[2012/06/24 15:48:44 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\X\Desktop\The City of Fools.lnk
[2012/06/22 19:56:22 | 000,001,814 | ---- | C] () -- C:\Documents and Settings\X\Desktop\Royal Envoy 2.lnk
[2012/04/11 21:44:44 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/12/31 17:05:13 | 000,000,535 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/12/12 18:56:14 | 000,000,010 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011/09/12 17:46:40 | 000,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo.dll
[2011/08/17 19:18:21 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/08/17 19:18:21 | 000,280,276 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/08/17 19:18:21 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/08/17 19:17:58 | 002,128,778 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011/08/17 12:09:51 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/08/17 12:08:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/10 19:57:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Shadow.INI
[2011/06/16 11:33:36 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2011/05/03 03:27:31 | 000,008,704 | ---- | C] () -- C:\Documents and Settings\X\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 21:54:16 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\fdcb5a6f
[2011/05/02 21:54:01 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\c21a8dca
[2011/05/02 21:53:04 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\841b8a65
[2011/05/02 21:53:04 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\83ddb93c
[2011/05/02 21:52:56 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\fff39c9c
[2011/05/02 21:52:56 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\34fc7f
[2011/05/02 21:27:05 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\93932c7b
[2011/05/02 21:26:56 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\82d706a1
[2011/05/02 21:25:53 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\86bb1860
[2011/05/02 21:25:53 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\867ac081
[2011/05/02 21:25:44 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\e0e96184
[2011/05/02 21:25:44 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\e0a43cf7
[2011/05/02 21:25:31 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\bcd9e948
[2011/05/02 21:25:31 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\bc93dcf5
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3cb862b7
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3c6a138b
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3be1dc09
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3bb0acb1
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3b7aebcd
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\39f788a3
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\39a5aef5
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\35e17c89
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\3383f280
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\334dd222
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\32ff368e
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\32b71a2c
[2011/05/02 21:25:20 | 000,004,670 | ---- | C] () -- C:\Documents and Settings\X\Application Data\2ff6962d
[2011/05/02 21:18:20 | 000,004,870 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\qupdvies.imb
[2011/04/23 00:21:54 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2011/02/12 05:00:39 | 000,000,440 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/02/10 06:21:10 | 000,281,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2011/02/10 06:21:09 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2011/01/31 05:21:20 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\X\Application Data\1hycguevpnbgdwcck0runy43mol1dpttxqkyd
[2011/01/22 12:08:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/01/22 11:19:37 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe
[2011/01/22 11:19:37 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys
[2011/01/22 11:14:28 | 000,010,084 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011/01/22 11:10:58 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe
[2011/01/22 11:10:58 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini
[2011/01/22 11:06:18 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/01/22 11:02:09 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/01/22 02:57:26 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/01/22 02:54:45 | 000,270,192 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

========== Custom Scans ==========

========== Drive Information ==========

Physical Drives
---------------

Drive: \\\\.\\PHYSICALDRIVE0 - Fixed\thard disk media
Interface type: IDE
Media Type: Fixed\thard disk media
Model: WDC WD50 00AAKX-001CA SCSI Disk Device
Partitions: 2
Status: OK
Status Info: 0

Partitions
---------------

DeviceID: Disk #0, Partition #0
PartitionType: Installable File System
Bootable: True
BootPartition: True
PrimaryPartition: True
Size: 146.00GB
Starting Offset: 32256
Hidden sectors: 0


DeviceID: Disk #0, Partition #1
PartitionType: Extended w/Extended Int 13
Bootable: False
BootPartition: False
PrimaryPartition: False
Size: 319.00GB
Starting Offset: 157283804160
Hidden sectors: 0


< %SYSTEMDRIVE%\*.exe >

< MD5 for: SERVICES >
[2008/04/14 14:00:00 | 000,007,116 | ---- | M] () MD5=95826940E657FE0567A8EC0F2A6AD11A -- C:\WINDOWS\system32\drivers\etc\services

< MD5 for: SERVICES.EXE >
[2009/02/06 13:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/14 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\$NtUninstallKB956572$\services.exe
[2008/04/14 14:00:00 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 13:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe

< MD5 for: SERVICES.LNK >
[2011/01/22 11:04:44 | 000,001,602 | ---- | M] () MD5=C147E260F8D359C4DE0982778F35D464 -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\Services.lnk

< MD5 for: SERVICES.MSC >
[2008/04/14 14:00:00 | 000,033,464 | ---- | M] () MD5=E8089AA2A6F7FEE89B38C1F2D77BA6C6 -- C:\WINDOWS\system32\services.msc

< MD5 for: SERVICES.SBS >
[2011/03/01 09:58:46 | 000,034,818 | ---- | M] () MD5=62AFD4B2025CE6D4706B36F4C4808F9B -- C:\Program Files\Spybot - Search & Destroy\Includes\Services.sbs

< MD5 for: SERVICES.WHM >
[2008/11/09 20:49:56 | 000,003,678 | ---- | M] () MD5=78C07607AD198E5769746185F8EF2D78 -- C:\Program Files\Rockstar Games\Grand Theft Auto IV\pc\html\www.craplist.net\services.whm

< C:\Windows\assembly\GAC_32\Desktop.ini /md5 >

< C:\Windows\assembly\GAC_64\Desktop.ini /md5 >

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB58764$] -> Error: Cannot create file handle -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F5FC5DCE
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E153075C
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC3A9923
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E01F67
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1B3549F2
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D026A5A4

< End of report >




mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

U redu. Pre nego sto nastavimo da razjasnimo par stvari: Wink

> Nikada ne pokreci Combofix na svoju ruku i bez nadzora helpera!
Combofix je veoma agresivan i mocan alat i drugacije radi nego standardni softweri te iz tog razloga moze biti veoma opasan po operativni sistem.

Da ne bi mislio da je to neki nas hir ili sta vec, procitaj sta autor Combofix-a "sUBs" misli o tome:
http://www.techsupportforum.com/1829551-post6.html



Takodje, pokretanjem Combofix-a meni si poremetio logove i ja sada na nemam cistu sliku sta se desilo.
OTL pokazuje ostatke neaktivnog ZeroAcces rootkita. Re-infekcija je vrlo moguca te stoga pazljivo isprati sledece uputstvo:


***************************************************

Arrow Obrisi taj Combofix koji imas na racunaru.


Preuzmi svez ComboFix sa sledeće adrese i sačuvaj ga obavezno na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;

Klikni Start a zatim Run ( mozes koristiti kombinaciju tastera Windows () +R )


Tamo kopiraj sledece:
"%userprofile%\desktop\ComboFix.exe" /KillAll


Evo kako to izgleda:



Pritisni Enter/Ok
Ova komanda će pokrenuti program ComboFix;

u prozoru koji se otvori klikni "I Agree".


U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 21 Jul 2012
  • Poruke: 7

Ok, ja se trudim da radim sto mi se kaze ali combofix sam pokrenuo pre posta na forumu jer mi je par puta reshavao probleme, da jasno mi je agresivan jer sam citao uputstva na bleepingcomputer i tek kada uocim neke od simptome koje kod drugih reshi combofix ga pokrenem.
Izvinjavam se sto sam OTL log prikacio a ne stavio u body poruke, nisam dobro protumacio tvoje uputstvo, no svakako nema potreba da gubish vreme na objasnjenje select all i copy paste Smile Combofix mi prijavi da imam avira antivirus aktivan koji je uredno deinstaliran pre stavljanja NOD-a ali ipak nastavi scan i detektovao je rootkit activity trazio restart i evo njegovog loga


ComboFix 12-07-21.01 - X 07/22/2012 21:51:38.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1594 [GMT 2:00]
Running from: c:\documents and settings\X\desktop\ComboFix.exe
Command switches used :: /KillAll
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\X\Application Data\2ff6962d
c:\documents and settings\X\Application Data\32b71a2c
c:\documents and settings\X\Application Data\32ff368e
c:\documents and settings\X\Application Data\334dd222
c:\documents and settings\X\Application Data\3383f280
c:\documents and settings\X\Application Data\34fc7f
c:\documents and settings\X\Application Data\35e17c89
c:\documents and settings\X\Application Data\39a5aef5
c:\documents and settings\X\Application Data\39f788a3
c:\documents and settings\X\Application Data\3b7aebcd
c:\documents and settings\X\Application Data\3bb0acb1
c:\documents and settings\X\Application Data\3be1dc09
c:\documents and settings\X\Application Data\3c6a138b
c:\documents and settings\X\Application Data\3cb862b7
c:\documents and settings\X\Application Data\82d706a1
c:\documents and settings\X\Application Data\83ddb93c
c:\documents and settings\X\Application Data\841b8a65
c:\documents and settings\X\Application Data\867ac081
c:\documents and settings\X\Application Data\86bb1860
c:\documents and settings\X\Application Data\93932c7b
c:\documents and settings\X\Application Data\bc93dcf5
c:\documents and settings\X\Application Data\bcd9e948
c:\documents and settings\X\Application Data\c21a8dca
c:\documents and settings\X\Application Data\e0a43cf7
c:\documents and settings\X\Application Data\e0e96184
c:\documents and settings\X\Application Data\fdcb5a6f
c:\documents and settings\X\Application Data\fff39c9c
c:\windows\system32\10541055
c:\windows\system32\10561057
c:\windows\system32\c__10082.nls
c:\windows\system32\sdbbinst.exe
c:\windows\system32\sortttbls.nls
c:\windows\system32\tmp21.tmp
c:\windows\system32\tmp22.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 18:38 . 2012-07-22 18:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 18:38 . 2012-07-21 18:38 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-21 17:41 . 2012-07-21 17:41 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-18 13:03 . 2012-07-18 13:40 -------- d-----w- c:\windows\system32\1056
2012-07-18 12:45 . 2012-07-18 12:45 -------- d-----w- c:\windows\system32\1058
2012-07-18 12:45 . 2012-07-18 12:45 -------- d-----w- c:\windows\system32\1057
2012-07-10 19:25 . 2012-07-10 19:25 -------- d-----w- c:\documents and settings\X\Application Data\Malwarebytes
2012-07-10 19:24 . 2012-07-10 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 19:24 . 2012-07-21 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 19:24 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 18:52 . 2012-07-10 18:52 -------- d-sh--w- c:\documents and settings\X\IECompatCache
2012-07-10 16:47 . 2012-07-10 16:47 -------- d-----w- c:\documents and settings\X\Local Settings\Application Data\N Tri studio
2012-07-08 09:59 . 2012-07-08 09:59 -------- d-----w- c:\documents and settings\X\TruePianos Settings
2012-07-08 09:59 . 2012-07-08 09:59 -------- d-----w- c:\documents and settings\X\Application Data\Cakewalk
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Common Files\Digidesign
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Vstplugins
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Native Instruments
2012-07-08 09:52 . 2006-02-24 08:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-07-08 09:52 . 2006-02-24 08:00 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-08 09:52 . 2006-02-24 08:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-07-08 09:52 . 2012-07-08 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2012-07-08 09:52 . 2012-07-08 09:56 -------- d-----w- c:\program files\Cakewalk
2012-07-08 09:52 . 2012-07-08 09:52 -------- d-----w- C:\Cakewalk Projects
2012-07-08 08:52 . 2012-07-21 18:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2012-07-08 08:52 . 2012-07-21 18:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-08 07:53 . 2012-07-08 07:53 -------- d-----w- c:\documents and settings\X\Application Data\DAEMON Tools Pro
2012-07-08 07:21 . 2012-07-21 18:36 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-05 16:16 . 2012-07-05 16:16 -------- d-----w- c:\documents and settings\X\Local Settings\Application Data\ESET
2012-07-05 16:03 . 2012-07-05 16:03 -------- d-----w- c:\windows\Fierce Tales - The Dog's Heart Collector's Edition
2012-07-04 17:06 . 2012-07-04 17:06 -------- d-----w- c:\documents and settings\X\Application Data\Skunk Studios
2012-07-01 19:53 . 2012-07-01 19:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-07-01 18:44 . 2012-07-01 18:44 388096 ----a-r- c:\documents and settings\X\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-01 18:44 . 2012-07-01 18:44 -------- d-----w- c:\program files\Trend Micro
2012-07-01 18:40 . 2012-07-01 18:40 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\ESET
2012-07-01 18:39 . 2012-07-01 18:39 -------- d-----w- c:\program files\ESET
2012-07-01 18:39 . 2012-07-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-07-01 18:27 . 2012-07-01 18:45 -------- d-----w- c:\program files\tnod
2012-06-27 11:47 . 2012-06-27 11:47 -------- d-----w- c:\documents and settings\X\Application Data\SunRay Games
2012-06-25 20:17 . 2012-06-25 20:17 250 ----a-w- C:\user.js
2012-06-25 20:17 . 2012-06-25 20:17 -------- d-----w- c:\documents and settings\X\Application Data\YourFileDownloader
2012-06-24 18:46 . 2012-06-24 18:46 -------- d-----w- c:\documents and settings\X\Application Data\Specialbit
2012-06-24 18:45 . 2012-06-24 18:45 -------- d-----w- c:\documents and settings\X\Application Data\SMIGames
2012-06-24 13:52 . 2012-06-24 13:52 -------- d-----w- c:\documents and settings\X\Application Data\Absolutist
2012-06-24 13:52 . 2012-06-24 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Absolutist
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 18:42 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-01-22 09:03 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-01-22 09:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-01-22 09:03 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-01-22 09:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-01-22 09:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-01-22 09:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-01-22 09:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-06-21 10:14 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-06-21 10:14 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-06-21 10:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 17:52 . 2012-05-17 17:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 19:18 . 2011-08-18 13:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-09 19:18 . 2011-08-18 13:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 45056 ----a-w- c:\windows\system32\ntkkrnlpa.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-01-22 09:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-19 17:51 . 2012-05-01 06:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-08-02 2248704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 15:15 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 15:15 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1/22/2011 11:19 AM 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7/21/2012 8:38 PM 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 8:40 AM 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 8:40 AM 104160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/7/2012 3:40 PM 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/17/2011 7:20 PM 2255464]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 8:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/22/2011 11:26 AM 119528]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/22/2011 11:15 AM 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz130;cpuz130;\??\c:\docume~1\X\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\X\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/9/2012 9:19 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/1/2012 8:22 AM 113120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [6/16/2011 5:41 AM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [6/16/2011 5:41 AM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [6/16/2011 5:41 AM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [6/16/2011 5:41 AM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [6/16/2011 5:41 AM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [6/16/2011 5:41 AM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [6/16/2011 5:41 AM 109736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
s117mdfl
personalsecuredriveservice
twdns
CDRPDACC
SRVLOC
nmwcdcm
pchost
oraclemtsrecoveryservice
c-dillacdac11ba
TMBUS
ppped
mbr
bgmainsvc
sansaservice
btkrnl
mcrdsvc
EPSON_EB_RPCV4_01
int15.sys
fasttrackinstallerservice
aswmon2
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-18 c:\windows\Tasks\At2.job
- c:\windows\system32\sdbbbinst.exe [2008-04-14 12:00]
.
2012-07-18 c:\windows\Tasks\At3.job
- c:\windows\system32\comppact.exe [2008-04-14 12:00]
.
2012-07-18 c:\windows\Tasks\At4.job
- c:\windows\system32\ntkkrnlpa.exe [2008-04-14 12:32]
.
2012-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003Core.job
- c:\documents and settings\X\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 17:27]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003UA.job
- c:\documents and settings\X\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 17:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392
uInternet Connection Wizard,ShellNext = hxxp://search.yahoo.com/search?p=Search+google&fr=chr-devicevm&type=IEBD
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D1F4E87-2501-4BE0-A5CC-2E387195BA62}: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\X\Application Data\Mozilla\Firefox\Profiles\4s8r8ke3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=70232eba0000000000001c6f655d92c8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.hardId - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15516
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DAEMON Tools Pro Agent - c:\program files\DAEMON Tools Pro\DTProAgent.exe
SafeBoot-58937273.sys
MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-07-22 21:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1482476501-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,99,1d,34,a6,8f,64,8a,f2,54,93,66,0f,6c,6b,75,db,fa,ff,36,39,
21,44,10,1b,c9,19,f5,5e,ca,ba,c5,21,e6,5c,3a,46,ba,6b,fe,00,29,a6,83,01,6d,\
"rkeysecu"=hex:91,45,40,75,18,5f,26,68,8e,4c,b2,15,dc,a2,2d,6b
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(920)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Completion time: 2012-07-22 22:02:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-22 20:01
.
Pre-Run: 48,816,992,256 bytes free
Post-Run: 49,730,342,912 bytes free
.
- - End Of File - - A1A537D0B81ED096D4F7F732019BBA20

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Citat:Izvinjavam se sto sam OTL log prikacio a ne stavio u body poruke...
Ma totalno nebitna stvar. Wink Vise bih voleo da se nisi sam igrao sa svim tim alatima... Smile


U toku resavanja slucaja, pridrzavaj se sledeceg:
Detaljno citati moja uputstva ( ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima;
Ne traziti istovremeno pomoc na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo;
U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio;

Za vise informacija o pravilima Ambulante MyCity foruma: LINK

-------------------------------------------------------------------------------------
Korak#1

Arrow Preuzmi avira regcleaner sa sledeceg linka i pokreni alat i dozvoli da ukloni ostatke antivirusa. Restartuj racunar
http://www.mycity.rs/Zastitni-programi/Programi-za.....tvera.html

Arrow Potom poseti ovaj link za uputstvo za koriscenje AppRemover programa. Sa njim ces dodatno proveriti ima li jos ostataka.
http://www.mycity.rs/Zastitni-programi/Kako-ukloni.....mover.html



Korak#2

Arrow Pokretao si TDSSKiller. Na C:\ particiji okaci svaki TDSSKiller-ov logfile opcijom Prikaci fajl.
C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt



Korak#3

Arrow Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\windows\system32\sdbbbinst.exe
c:\windows\system32\comppact.exe
c:\windows\system32\ntkkrnlpa.exe

AtJob:: 

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2790392

ClearJavaCache::

SecCenter::
{AD166499-45F9-482A-A743-FDD3350758C7}

Firefox::
FF - ProfilePath - c:\documents and settings\X\Application Data\Mozilla\Firefox\Profiles\4s8r8ke3.default
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=70232eba0000000000001c6f655d92c8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.hardId - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15516
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.




Korak#4


Arrow Preuzmi aswMBR i sacuvaj ga na Desktop.

Dvoklikom pokreni aswMBR.

Ukoliko dobijes sledecu poruku:
Would you like to download latest Avast! virus definitions?
Klikni na dugme Yes i pricekaj da se proces preuzimanja definicija zavrsi.


Proveri da je pod AV Scan: izabrana opcija QuickScan

Klikni na Scan.

Kada zavrsi skeniranje ( Scan finished successfully ) klikni Save log.
Sacuvaj aswMBR log na Desktop.
Sadrzaj tog loga iskopiraj u temi.

offline
  • Pridružio: 21 Jul 2012
  • Poruke: 7

Napisano: 27 Jul 2012 20:00

namucih se sa ovim appremoverom ... evo tds loga prikacenog a sledi cobofixlog
izvini ali ne mogu da te ne pitam kako si ti naucio sve ovo bez "igranja" sa ovim alatima? probash citash, ja volim sam da reshavam probleme i smatram sebe bar napredim korisnikom xp-a... ali ovo je prevazislo moje mogucnosti pa sam se obratio za pomoc i vrlo sam zahvalan.


ComboFix 12-07-27.03 - X 07/27/2012 19:43:36.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1587 [GMT 2:00]
Running from: c:\documents and settings\X\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\X\Desktop\cfscript.txt
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Resident AV is active
.
.
FILE ::
"c:\windows\system32\comppact.exe"
"c:\windows\system32\ntkkrnlpa.exe"
"c:\windows\system32\sdbbbinst.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\comppact.exe
c:\windows\system32\ntkkrnlpa.exe
c:\windows\system32\sdbbbinst.exe
c:\windows\Tasks\At2.job
c:\windows\Tasks\At3.job
c:\windows\Tasks\At4.job
.
.
((((((((((((((((((((((((( Files Created from 2012-06-27 to 2012-07-27 )))))))))))))))))))))))))))))))
.
.
2012-07-22 18:38 . 2012-07-22 18:38 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-21 18:38 . 2012-07-21 18:38 242240 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-21 17:41 . 2012-07-21 17:41 205072 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-07-18 13:03 . 2012-07-18 13:40 -------- d-----w- c:\windows\system32\1056
2012-07-18 12:45 . 2012-07-18 12:45 -------- d-----w- c:\windows\system32\1058
2012-07-18 12:45 . 2012-07-18 12:45 -------- d-----w- c:\windows\system32\1057
2012-07-10 19:25 . 2012-07-10 19:25 -------- d-----w- c:\documents and settings\X\Application Data\Malwarebytes
2012-07-10 19:24 . 2012-07-10 19:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-07-10 19:24 . 2012-07-21 10:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-10 19:24 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-10 18:52 . 2012-07-10 18:52 -------- d-sh--w- c:\documents and settings\X\IECompatCache
2012-07-10 16:47 . 2012-07-10 16:47 -------- d-----w- c:\documents and settings\X\Local Settings\Application Data\N Tri studio
2012-07-08 09:59 . 2012-07-08 09:59 -------- d-----w- c:\documents and settings\X\TruePianos Settings
2012-07-08 09:59 . 2012-07-08 09:59 -------- d-----w- c:\documents and settings\X\Application Data\Cakewalk
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Common Files\Native Instruments
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Common Files\Digidesign
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Vstplugins
2012-07-08 09:57 . 2012-07-08 09:57 -------- d-----w- c:\program files\Native Instruments
2012-07-08 09:52 . 2006-02-24 08:00 487424 ----a-w- c:\windows\system32\msvcp70.dll
2012-07-08 09:52 . 2006-02-24 08:00 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-07-08 09:52 . 2006-02-24 08:00 1047552 ----a-w- c:\windows\system32\mfc71u.dll
2012-07-08 09:52 . 2012-07-08 09:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Cakewalk
2012-07-08 09:52 . 2012-07-08 09:56 -------- d-----w- c:\program files\Cakewalk
2012-07-08 09:52 . 2012-07-08 09:52 -------- d-----w- C:\Cakewalk Projects
2012-07-08 08:52 . 2012-07-21 18:31 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2012-07-08 08:52 . 2012-07-21 18:38 -------- d-----w- c:\program files\DAEMON Tools Lite
2012-07-08 07:53 . 2012-07-08 07:53 -------- d-----w- c:\documents and settings\X\Application Data\DAEMON Tools Pro
2012-07-08 07:21 . 2012-07-21 18:36 477240 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-07-05 16:16 . 2012-07-05 16:16 -------- d-----w- c:\documents and settings\X\Local Settings\Application Data\ESET
2012-07-05 16:03 . 2012-07-05 16:03 -------- d-----w- c:\windows\Fierce Tales - The Dog's Heart Collector's Edition
2012-07-04 17:06 . 2012-07-04 17:06 -------- d-----w- c:\documents and settings\X\Application Data\Skunk Studios
2012-07-01 19:53 . 2012-07-01 19:53 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2012-07-01 18:44 . 2012-07-01 18:44 388096 ----a-r- c:\documents and settings\X\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-07-01 18:44 . 2012-07-01 18:44 -------- d-----w- c:\program files\Trend Micro
2012-07-01 18:40 . 2012-07-01 18:40 -------- d-----w- c:\documents and settings\UpdatusUser\Local Settings\Application Data\ESET
2012-07-01 18:39 . 2012-07-01 18:39 -------- d-----w- c:\program files\ESET
2012-07-01 18:39 . 2012-07-01 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-07-01 18:27 . 2012-07-01 18:45 -------- d-----w- c:\program files\tnod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-22 18:42 . 2008-04-14 12:00 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-06-13 13:19 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2008-04-14 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2011-01-22 09:03 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2011-01-22 09:03 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2011-01-22 09:03 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2011-01-22 09:03 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2011-01-22 09:03 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2009-08-06 17:24 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2008-04-14 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2009-08-06 17:24 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2011-01-22 09:03 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2011-01-22 09:03 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 13:18 . 2012-06-21 10:14 275696 ----a-w- c:\windows\system32\mucltui.dll
2012-06-02 13:18 . 2012-06-21 10:14 214256 ----a-w- c:\windows\system32\muweb.dll
2012-06-02 13:18 . 2012-06-21 10:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-17 17:52 . 2012-05-17 17:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-05-16 15:08 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-11 14:42 . 2008-04-14 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-14 12:00 385024 ----a-w- c:\windows\system32\html.iec
2012-05-09 19:18 . 2011-08-18 13:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-05-09 19:18 . 2011-08-18 13:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2012-05-04 13:16 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2011-01-22 09:00 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-24 17:25 . 2012-05-01 06:22 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-07-22_19.58.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-27 17:42 . 2012-07-27 17:42 16384 c:\windows\Temp\Perflib_Perfdata_344.dat
+ 2008-04-14 12:00 . 2012-07-27 17:46 83802 c:\windows\system32\perfc009.dat
- 2008-04-14 12:00 . 2012-07-22 19:55 83802 c:\windows\system32\perfc009.dat
+ 2008-04-14 12:00 . 2012-07-27 17:46 493384 c:\windows\system32\perfh009.dat
- 2008-04-14 12:00 . 2012-07-22 19:55 493384 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
2011-05-09 08:49 176936 ----a-w- c:\program files\BitTorrentBar\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TBPanel"="c:\program files\Vtune\TBPanel.exe" [2011-08-02 2248704]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-08-03 13892200]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-08-03 111208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"CTHelper"="CTHELPER.EXE" [2010-03-18 19456]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 08:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 15:15 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2005-02-17 15:15 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [1/22/2011 11:19 AM 19496]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [7/21/2012 8:38 PM 242240]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [3/14/2012 8:40 AM 120152]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [3/14/2012 8:40 AM 104160]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [3/7/2012 3:40 PM 913144]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [8/17/2011 7:20 PM 2255464]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
R3 ctgame;Game Port;c:\windows\system32\drivers\ctgame.sys [3/18/2010 8:40 PM 18904]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/22/2011 11:26 AM 119528]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [1/22/2011 11:15 AM 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [3/18/2010 8:39 PM 99416]
S3 cpuz130;cpuz130;\??\c:\docume~1\X\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\X\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [5/9/2012 9:19 PM 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [3/18/2010 8:39 PM 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [3/18/2010 8:39 PM 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [3/18/2010 8:39 PM 566360]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/1/2012 8:22 AM 113120]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [6/16/2011 5:41 AM 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [6/16/2011 5:41 AM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [6/16/2011 5:41 AM 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [6/16/2011 5:41 AM 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [6/16/2011 5:41 AM 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [6/16/2011 5:41 AM 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [6/16/2011 5:41 AM 109736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
s117mdfl
personalsecuredriveservice
twdns
CDRPDACC
SRVLOC
nmwcdcm
pchost
oraclemtsrecoveryservice
c-dillacdac11ba
TMBUS
ppped
mbr
bgmainsvc
sansaservice
btkrnl
mcrdsvc
EPSON_EB_RPCV4_01
int15.sys
fasttrackinstallerservice
aswmon2
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003Core.job
- c:\documents and settings\X\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 17:27]
.
2012-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-1482476501-725345543-1003UA.job
- c:\documents and settings\X\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-05-04 17:27]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://search.yahoo.com/search?p=Search+google&fr=chr-devicevm&type=IEBD
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2D1F4E87-2501-4BE0-A5CC-2E387195BA62}: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\documents and settings\X\Application Data\Mozilla\Firefox\Profiles\4s8r8ke3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112555&tt=060612_5_&babsrc=KW_ss&mntrId=70232eba0000000000001c6f655d92c8&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=060612_5_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.hardId - 70232eba0000000000001c6f655d92c8
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15516
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1722:17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2012-07-27 19:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTHelper = CTHELPER.EXE?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1659004503-1482476501-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:f5,99,1d,34,a6,8f,64,8a,f2,54,93,66,0f,6c,6b,75,db,fa,ff,36,39,
21,44,10,1b,c9,19,f5,5e,ca,ba,c5,21,e6,5c,3a,46,ba,6b,fe,00,29,a6,83,01,6d,\
"rkeysecu"=hex:91,45,40,75,18,5f,26,68,8e,4c,b2,15,dc,a2,2d,6b
.
Completion time: 2012-07-27 19:51:17
ComboFix-quarantined-files.txt 2012-07-27 17:51
ComboFix2.txt 2012-07-22 20:02
.
Pre-Run: 44,952,993,792 bytes free
Post-Run: 65,274,187,776 bytes free
.
- - End Of File - - 78E37FD6047C217ACB29CDE807898543


a evo i aswMBR loga :

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-27 19:54:18
-----------------------------
19:54:18.515 OS Version: Windows 5.1.2600 Service Pack 3
19:54:18.515 Number of processors: 2 586 0x603
19:54:18.515 ComputerName: X-EB84A57F7ECA4 UserName: X
19:54:18.953 Initialize success
19:56:13.593 AVAST engine defs: 12072700
19:56:32.968 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0
19:56:32.968 Disk 0 Vendor: WDC_WD50 15.0 Size: 476940MB BusType: 3
19:56:32.968 Disk 0 MBR read successfully
19:56:32.968 Disk 0 MBR scan
19:56:33.000 Disk 0 Windows XP default MBR code
19:56:33.000 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 149997 MB offset 63
19:56:33.015 Disk 0 Partition - 00 0F Extended LBA 326932 MB offset 307194930
19:56:33.031 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 326932 MB offset 307194993
19:56:33.031 Disk 0 scanning sectors +976752000
19:56:33.093 Disk 0 scanning C:\WINDOWS\system32\drivers
19:56:41.859 Service scanning
19:56:55.906 Modules scanning
19:57:00.093 Disk 0 trace - called modules:
19:57:00.109 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7871e8]<<
19:57:00.109 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a653ab8]
19:57:00.109 3 CLASSPNP.SYS[b80e8fd7] -> nt!IofCallDriver -> \Device\00000072[0x8a6f7ac0]
19:57:00.109 5 ACPI.sys[b7e64620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a6d7a38]
19:57:00.109 \Driver\nvgts[0x8a6dcf38] -> IRP_MJ_CREATE -> 0x8a7871e8
19:57:00.640 AVAST engine scan C:\WINDOWS
19:57:06.921 AVAST engine scan C:\WINDOWS\system32
19:59:00.171 AVAST engine scan C:\WINDOWS\system32\drivers
19:59:11.093 AVAST engine scan C:\Documents and Settings\X
19:59:28.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\X\Desktop\MBR.dat"
19:59:28.984 The log file has been saved successfully to "C:\Documents and Settings\X\Desktop\aswMBR.txt"

Dopuna: 27 Jul 2012 20:03

zaboravih da prikacim tds
mycity.rs/must-login.png

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Miroslav Griffin ::
izvini ali ne mogu da te ne pitam kako si ti naucio sve ovo bez "igranja" sa ovim alatima? probash citash, ja volim sam da reshavam probleme i smatram sebe bar napredim korisnikom xp-a... ali ovo je prevazislo moje mogucnosti pa sam se obratio za pomoc i vrlo sam zahvalan.


http://www.mycity.rs/Zastita/Saznajte-vise-o-Ambulanti.html
Tako sto si video ovu temu verujem da si shvatio kako funkcionisu. Wink



Arrow Pustao si Combofix na aktivan antivirus.
Logovi sada izgledaju cisto. Reci prijavljuje li sad NOD detekcije?

offline
  • Pridružio: 21 Jul 2012
  • Poruke: 7

ne nod ne prijavljuje josh od proshlog puta, pustio sam na kao aktivan avira koji combofix josh prijavljuje jer nisam imao strpljenja za ovaj appremove, radi sken preko 2 sata, a nod sam deaktivirao pre scana.... da nashao sam informacije o ambulati Smile pozz

offline
  • magna86  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 21 Jun 2008
  • Poruke: 6102

Ostalo je jos ovo da uradis: (nemoj da preskocis ove korake )


Arrow Potrebno je deinstalirati ComboFix:

Privremeno deaktiviraj aviru.

klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

**********************************

Arrow Potrebno je deinstalirati OTL
Ponovo pokreni OTL i klikni na dugme CleanUp!.

Ko je trenutno na forumu
 

Ukupno su 906 korisnika na forumu :: 70 registrovanih, 9 sakrivenih i 827 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, Alibaba1981, arzak, bigfoot, Bubimir, bufanje, darkangel, Dejan84, Djokislav, draganca, Drug pukovnik, FOX, gagidjuric, Georgius, gmlale, goran.vvv, Haryy, ivan1973, ivan979, jackreacher011011, KonstantinR, kunktator, kybonacci, Leonov, Lieutenant, Lord Nem, manda87, Marko Marković, mercedesamg, mihajlot2013, Mimikrija, Miskohd, mkukoleca, mnn2, nebojsag, nenad81, nenad_l, nevjerna beba, novator, Outis, panonski mornar, pedja.st, raskoljnikov, Ray1973, rikirubio, robertino, RobinHood12, rodoljub, rovac, S2M, sakota79, samsung, ser.hill, Singidunumac, Sirius, slonic_tonic, Srle993, Steeeefan, t84dar, Tex Viler, Toni, Van, vaso1, vathra, virked, VladaNS1978, wizzardone, zmajbre, znaisha, zxstole