[bobby] Pomoć, mislim da su mi upali VIRUSI!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Mislim da su mi sinoć pri downloadiranju neke muzike upali virusi i druge štetočine... Ovdje sam ostavio logfile.. Molio bih da pomognete..


Logfile of HijackThis v1.99.1
Scan saved at 9:03:42, on 18.10.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Applications\wcs.exe
C:\Program Files\Applications\iebtm.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Applications\wcm.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Applications\iebtmm.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\algg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Hum\LOCALS~1\Temp\RtkBtMnt.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Hum\My Documents\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = windiwsfsearch.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = windiwsfsearch.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = windiwsfsearch.com/ie6.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = windiwsfsearch.com
O2 - BHO: 675873 helper - {030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: VirRLWarningBHO Class - {A81EBFD7-0FA3-41ec-B60D-6DAE78B4D31A} - C:\Program Files\VirRL2009\VirRLWarning.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {BE1A344F-9FF5-4024-949B-52205E6DB2D0} - C:\Program Files\Applications\iebt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\msgr.en-us.en-gb\msntb.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: Internet Service - {144A6B24-0EBC-4D89-BF09-A06A718E57B5} - C:\Program Files\Applications\iebr.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [ares vista] "C:\Program Files\Ares Vista\Ares.exe" -h
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [wblogon] C:\WINDOWS\system32\algg.exe
O4 - HKCU\..\Run: [VirRL2009] "C:\Program Files\VirRL2009\VirRL2009.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: I&zvoz u Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - howtoiexplorer.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - howtoiexplorer.com/redirect.php (file missing)
O9 - Extra button: Istraživanje - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....7007377812
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Unknown owner - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe" /service (file missing)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-10-17.01 - Hum 2008-10-18 10:14:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2419 [GMT 2:00]
Running from: C:\Documents and Settings\Hum\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hum\My Documents\My Documents.url
C:\Documents and Settings\Hum\My Documents\My Music\My Music.url
C:\Documents and Settings\Hum\My Documents\My Pictures\My Pictures.url
C:\Documents and Settings\Hum\My Documents\My Videos\My Video.url
C:\Program Files\Applications\iebr.dll
C:\Program Files\Applications\iebt.dll
C:\Program Files\Applications\iebu.exe
C:\Program Files\Applications\myd.ico
C:\Program Files\Applications\mym.ico
C:\Program Files\Applications\myp.ico
C:\Program Files\Applications\myv.ico
C:\Program Files\Applications\ot.ico
C:\Program Files\Applications\ts.ico
C:\Program Files\Applications\wcm.exe
C:\Program Files\Applications\wcs.exe
C:\Program Files\VirRL2009
C:\Program Files\VirRL2009\VirRL2009.exe
C:\WINDOWS\system32\675873
C:\WINDOWS\system32\675873\675873.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-18 10:16 . 2008-10-18 10:19 <DIR> d-------- C:\WINDOWS\system32\675873
2008-10-18 02:34 . 2008-10-18 02:49 <DIR> d-------- C:\Program Files\WAV
2008-10-18 02:28 . 2008-10-18 09:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-18 02:24 . 2008-10-18 02:24 20,992 --a------ C:\WINDOWS\system32\algg.exe
2008-10-18 02:23 . 2008-10-18 10:19 <DIR> d-------- C:\Program Files\Applications
2008-10-15 16:30 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:30 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:30 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:30 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-25 09:16 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\Hum\Application Data\BitDefender
2008-09-25 09:15 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-25 09:12 . 2008-09-25 09:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-24 20:58 . 2008-09-24 20:58 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 08:17 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-18 06:58 --------- d-----w C:\Documents and Settings\Hum\Application Data\Skype
2008-10-18 06:57 --------- d-----w C:\Documents and Settings\Hum\Application Data\skypePM
2008-10-18 00:12 15,360 --s-a-w C:\WINDOWS\system32\bmztmss.dll
2008-10-09 11:08 --------- d-----w C:\Documents and Settings\Hum\Application Data\BSplayer PRO
2008-09-25 07:15 --------- d-----w C:\Program Files\BitDefender
2008-09-19 15:34 --------- d-----w C:\Program Files\Google
2008-09-17 22:29 --------- d-----w C:\Documents and Settings\Hum\Application Data\Ahead
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-31 23:03 --------- d-----w C:\Program Files\Ares
2008-08-31 23:00 --------- d-----w C:\Program Files\Ares Vista
2008-08-29 08:58 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-08-23 10:31 --------- d-----w C:\Program Files\EA SPORTS
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-25 08:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-07-19 12:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

((((((((((((((((((((((((((((( snapshot@2008-08-31_22.36.47.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-20 04:58:54 3,067,904 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\mshtml.dll
+ 2008-08-20 04:58:47 1,499,136 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\shdocvw.dll
+ 2008-08-20 04:58:50 620,032 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\urlmon.dll
+ 2008-08-20 04:58:48 666,624 ----a-w C:\WINDOWS\$hf_mig$\KB956390\SP3QFE\wininet.dll
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB956390\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB956390\update\updspapi.dll
+ 2007-11-30 12:39:22 231,288 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe
+ 2007-11-30 12:39:22 382,840 -c----w C:\WINDOWS\$NtUninstallKB938464$\spuninst\updspapi.dll
+ 2008-08-14 10:09:26 2,145,280 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlmp.exe
+ 2008-08-14 09:33:16 2,066,048 ------w C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
+ 2008-08-14 09:33:16 2,023,936 ------w C:\WINDOWS\Driver Cache\i386\ntkrpamp.exe
+ 2008-08-14 10:11:02 2,189,184 ------w C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ARPPRODUCTICON.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2008-09-19 15:35:00 26,694 ----a-r C:\WINDOWS\Installer\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
- 2008-08-17 09:51:12 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe
+ 2008-10-16 09:07:27 593,920 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\accicons.exe
- 2008-08-17 09:51:12 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2008-10-16 09:07:27 12,288 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\cagicon.exe
- 2008-08-17 09:51:12 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe
+ 2008-10-16 09:07:27 86,016 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\inficon.exe
- 2008-08-17 09:51:11 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2008-10-16 09:07:27 135,168 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2008-08-17 09:51:12 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
+ 2008-10-16 09:07:27 11,264 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\mspicons.exe
- 2008-08-17 09:51:12 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
+ 2008-10-16 09:07:27 27,136 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2008-08-17 09:51:12 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
+ 2008-10-16 09:07:27 4,096 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2008-08-17 09:51:12 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe
+ 2008-10-16 09:07:27 794,624 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\outicon.exe
- 2008-08-17 09:51:12 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe
+ 2008-10-16 09:07:27 249,856 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pptico.exe
- 2008-08-17 09:51:11 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe
+ 2008-10-16 09:07:27 61,440 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\pubs.exe
- 2008-08-17 09:51:12 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
+ 2008-10-16 09:07:27 23,040 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\unbndico.exe
- 2008-08-17 09:51:11 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
+ 2008-10-16 09:07:26 286,720 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\wordicon.exe
- 2008-08-17 09:51:11 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-10-16 09:07:26 409,600 ----a-r C:\WINDOWS\Installer\{9011041A-6000-11D3-8CFE-0150048383C9}\xlicons.exe
+ 2008-09-25 07:16:37 61,440 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\helpicon.exe
+ 2008-09-25 07:16:37 32,768 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\maintenance_icon.exe
+ 2008-09-25 07:16:37 22,486 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\register_icon.exe
+ 2008-09-25 07:16:37 57,344 ----a-r C:\WINDOWS\Installer\{E404EFD4-6110-413C-AD1A-D6D0F261960E}\texticon.exe
+ 2008-07-19 14:43:08 1,163,960 ----a-w C:\WINDOWS\system32\aswBoot.exe
+ 2008-07-19 14:30:53 94,392 ----a-w C:\WINDOWS\system32\AvastSS.scr
- 2008-06-20 11:40:08 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
+ 2008-08-14 10:04:36 138,496 -c--a-w C:\WINDOWS\system32\dllcache\afd.sys
- 2007-07-30 17:19:20 92,504 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
+ 2008-07-18 20:10:48 94,920 -c--a-w C:\WINDOWS\system32\dllcache\cdm.dll
- 2008-06-23 15:09:27 3,067,392 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-08-20 05:30:53 3,067,904 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-06-26 08:15:29 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
+ 2008-08-20 05:30:51 1,499,136 -c--a-w C:\WINDOWS\system32\dllcache\shdocvw.dll
- 2008-04-13 22:45:12 334,848 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
+ 2008-09-08 10:41:42 333,824 -c--a-w C:\WINDOWS\system32\dllcache\srv.sys
- 2008-06-26 08:15:30 619,520 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-08-20 05:30:52 619,520 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-13 23:00:12 1,845,632 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
+ 2008-09-15 12:12:56 1,846,400 -c--a-w C:\WINDOWS\system32\dllcache\win32k.sys
- 2008-06-23 15:09:27 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-08-20 05:30:51 666,112 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2007-07-30 17:19:36 549,720 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
+ 2008-07-18 20:09:44 563,912 -c--a-w C:\WINDOWS\system32\dllcache\wuapi.dll
- 2007-07-30 17:19:16 53,080 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
+ 2008-07-18 20:10:42 53,448 -c--a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
- 2007-07-30 17:19:42 1,712,984 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
+ 2008-07-18 20:09:42 1,811,656 -c--a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
- 2007-07-30 17:19:32 325,976 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
+ 2008-07-18 20:09:46 325,832 -c--a-w C:\WINDOWS\system32\dllcache\wucltui.dll
- 2007-07-30 17:18:40 33,624 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
+ 2008-07-18 20:10:20 36,552 -c--a-w C:\WINDOWS\system32\dllcache\wups.dll
- 2007-07-30 17:19:46 203,096 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-18 20:09:44 205,000 -c--a-w C:\WINDOWS\system32\dllcache\wuweb.dll
+ 2008-07-19 14:32:15 26,944 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
- 2008-06-20 11:40:08 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-08-14 10:04:36 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
+ 2008-07-19 14:37:42 20,560 ----a-w C:\WINDOWS\system32\drivers\aswFsBlk.sys
+ 2008-01-17 16:34:01 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
+ 2008-07-19 14:37:21 94,416 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
+ 2008-07-19 14:33:42 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
+ 2008-07-19 14:35:18 78,416 ----a-w C:\WINDOWS\system32\drivers\aswSP.sys
+ 2008-07-19 14:32:36 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
- 2008-07-19 08:13:32 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
+ 2008-06-02 14:16:08 86,792 ----a-w C:\WINDOWS\system32\drivers\bdfndisf.sys
- 2008-01-07 15:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
+ 2008-01-07 16:41:34 196,368 ----a-w C:\WINDOWS\system32\drivers\bdfsfltr.sys
- 2008-08-10 10:32:57 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2008-10-16 10:47:28 203,328 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
- 2004-03-31 10:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 11:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
- 2002-01-05 00:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
+ 2002-01-05 01:48:16 974,848 ----a-w C:\WINDOWS\system32\mfc70.dll
- 2002-01-05 00:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
+ 2002-01-05 01:36:38 964,608 ----a-w C:\WINDOWS\system32\mfc70u.dll
- 2003-03-18 18:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
+ 2003-03-18 19:20:00 1,060,864 ----a-w C:\WINDOWS\system32\mfc71.dll
- 2003-03-18 18:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
+ 2003-03-18 19:12:12 1,047,552 ----a-w C:\WINDOWS\system32\mfc71u.dll
- 2008-06-23 15:09:27 3,067,392 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-08-20 05:30:53 3,067,904 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2002-01-05 00:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
+ 2002-01-05 01:38:38 54,784 ----a-w C:\WINDOWS\system32\msvci70.dll
- 2002-01-05 00:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
+ 2002-01-05 01:40:20 487,424 ----a-w C:\WINDOWS\system32\msvcp70.dll
- 2003-03-18 17:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
+ 2003-03-18 18:14:52 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
- 2002-01-04 23:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
+ 2002-01-05 00:37:28 344,064 ----a-w C:\WINDOWS\system32\msvcr70.dll
- 2003-02-21 01:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
+ 2003-02-21 02:42:22 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
- 2008-08-31 20:24:45 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-18 07:01:33 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-08-31 20:24:45 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-18 07:01:33 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-26 08:15:29 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-08-20 05:30:51 1,499,136 ----a-w C:\WINDOWS\system32\shdocvw.dll
+ 2008-07-18 20:10:20 36,552 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.2.6001.784\wups.dll
+ 2008-07-18 20:10:40 45,768 ----a-w C:\WINDOWS\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.2.6001.784\wups2.dll
- 2007-11-30 12:39:22 17,272 ------w C:\WINDOWS\system32\spmsg.dll
+ 2007-11-30 11:18:51 17,272 ------w C:\WINDOWS\system32\spmsg.dll
- 2008-06-26 08:15:30 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-08-20 05:30:52 619,520 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2007-11-27 14:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
+ 2007-11-27 15:46:24 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
- 2007-01-31 11:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
+ 2007-01-31 12:50:32 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
+ 2008-10-18 08:19:35 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_354.dat
- 2006-12-01 19:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
- 2006-12-01 19:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
- 2006-12-01 19:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
- 2006-12-01 21:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
- 2006-12-01 21:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
- 2006-12-01 21:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:25:58 69,632 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
- 2006-12-01 21:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:26:00 57,856 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
- 2006-12-01 21:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 40,960 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
- 2006-12-01 21:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 45,056 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
- 2006-12-01 21:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 65,536 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
- 2006-12-01 21:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
- 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
- 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
- 2006-12-01 21:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
- 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
- 2006-12-01 21:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2006-12-01 22:08:00 49,152 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
+ 2008-04-15 17:47:33 1,724,416 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\GdiPlus.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-07-26 2321600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Hum\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{fef6ace8-bb45-4009-8342-63415164d691}"= "C:\WINDOWS\system32\bmztmss.dll" [2008-10-18 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\BIHPL.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Ares Vista\\Ares.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iastor78;iastor78;C:\WINDOWS\system32\drivers\iastor78.sys [2008-06-08 308248]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
- - - - ORPHANS REMOVED - - - -

BHO-{030A0F33-5B99-482E-83F5-2EEB8457878B} - C:\WINDOWS\system32\675873\675873.dll
HKLM-Explorer_Run-smile - C:\Program Files\Applications\wcs.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Hum\Application Data\Mozilla\Firefox\Profiles\6yd6ihjy.default\
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF -: plugin - C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF -: plugin - C:\Program Files\Virtual Earth 3D\npVE3D.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-18 10:19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-10-18 10:24:00 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-18 08:23:55

Pre-Run: 16.729.903.104 bytes free
Post-Run: 16,821,223,424 bytes free

336 --- E O F --- 2008-10-18 07:02:44

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

1. Imas dva antivirusa instalirana (BitDefender i Avast)?

2. Sledece fajlove ces da mi spakujes u jedan zip i da mi ih posaljes da ih pogledam:

C:\WINDOWS\system32\wbem\wmiadap.exe
C:\WINDOWS\system32\algg.exe
C:\WINDOWS\system32\bdod.bin

Upload ces uraditi preko sledece forme:
http://www.mycity.rs/ambulanta-upload.php

3. Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\bmztmss.dll

DirLook::
C:\WINDOWS\system32\675873

Registry::
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{fef6ace8-bb45-4009-8342-63415164d691}"=-


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

BitDefender-u je istekao rok, zato sam instalirao Avast...

Dopuna: 18 Okt 2008 11:20

Fajlove sam uploadirao!

Dopuna: 18 Okt 2008 11:37

Evo i logfile-a od Combo Fix-a:

ComboFix 08-10-17.01 - Hum 2008-10-18 11:19:56.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.2328 [GMT 2:00]
Running from: C:\Documents and Settings\Hum\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hum\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\bmztmss.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\bmztmss.dll

.
((((((((((((((((((((((((( Files Created from 2008-09-18 to 2008-10-18 )))))))))))))))))))))))))))))))
.

2008-10-18 10:16 . 2008-10-18 10:19 <DIR> d-------- C:\WINDOWS\system32\675873
2008-10-18 02:34 . 2008-10-18 02:49 <DIR> d-------- C:\Program Files\WAV
2008-10-18 02:28 . 2008-10-18 09:20 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-10-18 02:24 . 2008-10-18 02:24 20,992 --a------ C:\WINDOWS\system32\algg.exe
2008-10-18 02:23 . 2008-10-18 10:19 <DIR> d-------- C:\Program Files\Applications
2008-10-15 16:30 . 2008-08-14 12:11 2,189,184 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
2008-10-15 16:30 . 2008-08-14 12:09 2,145,280 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
2008-10-15 16:30 . 2008-08-14 11:33 2,066,048 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
2008-10-15 16:30 . 2008-08-14 11:33 2,023,936 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
2008-09-25 09:16 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\Hum\Application Data\BitDefender
2008-09-25 09:15 . 2008-09-25 09:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-09-25 09:12 . 2008-09-25 09:14 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-09-24 20:58 . 2008-09-24 20:58 <DIR> d-------- C:\Program Files\Alwil Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-18 09:21 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-10-18 06:58 --------- d-----w C:\Documents and Settings\Hum\Application Data\Skype
2008-10-18 06:57 --------- d-----w C:\Documents and Settings\Hum\Application Data\skypePM
2008-10-09 11:08 --------- d-----w C:\Documents and Settings\Hum\Application Data\BSplayer PRO
2008-09-25 07:15 --------- d-----w C:\Program Files\BitDefender
2008-09-19 15:34 --------- d-----w C:\Program Files\Google
2008-09-17 22:29 --------- d-----w C:\Documents and Settings\Hum\Application Data\Ahead
2008-09-15 12:12 1,846,400 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-08 10:41 333,824 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-31 23:03 --------- d-----w C:\Program Files\Ares
2008-08-31 23:00 --------- d-----w C:\Program Files\Ares Vista
2008-08-29 08:58 --------- d-----w C:\Program Files\Virtual Earth 3D
2008-08-23 10:31 --------- d-----w C:\Program Files\EA SPORTS
2008-08-20 05:30 666,112 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:09 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:33 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-07-25 08:00 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-07-19 12:07 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\WINDOWS\system32\675873 ----



((((((((((((((((((((((((((((( snapshot_2008-10-18_10.23.33.98 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-10-18 07:01:33 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-10-18 08:24:05 66,710 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-10-18 07:01:33 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-18 08:24:05 427,926 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-10-18 09:22:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-07-26 2321600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\Hum\Start Menu\Programs\Startup\
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3fhg"= mp3fhg.acm
"msacm.divxa32"= divxa32.acm
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\VoipCheapCom\\VoipCheapCom.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\BIHPL.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Program Files\\Ares Vista\\Ares.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 iastor78;iastor78;C:\WINDOWS\system32\drivers\iastor78.sys [2008-06-08 308248]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2008-06-02 86792]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-10-18 11:22:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-10-18 11:26:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-18 09:26:16
ComboFix2.txt 2008-10-18 08:24:01

Pre-Run: 16.814.813.184 bytes free
Post-Run: 16,802,967,552 bytes free

144 --- E O F --- 2008-10-18 07:02:44

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deepy, izvini, ali naisli mi gosti.

Ono sto je bilo kriticno smo otklonili.
Javljam ti se kasnije poslepodne da ti kazem sta sam saznao u vezi fajlova koje si mi poslao. Oni u svakom slucaju nisu aktivni na kompu, tako da ne predstavljaju direktnu pretnju.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Puno hvala Bobby!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Deepy, poslao si mi jedna pogresan fajl. Fajl koji mi treba ima dva slova G u imenu:
C:\WINDOWS\system32\algg.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, poslat ću ti ponovo!

Dopuna: 18 Okt 2008 23:04

Ovo mi piše kad ga pokušam spakovati:


! C:\Documents and Settings\Hum\Desktop\Za Ambulantu.rar: Cannot open C:\WINDOWS\system32\algg.exe
Access is denied.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Udri onda po njemu ovako:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\algg.exe


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.