MyCity » Ambulanta -> Arhiva Ambulante » virus, nešto?!

virus, nešto?!

Napisano na dan: 5.3.2009

Strana:
1
2

virus, nešto?!

Sledeća strana

Pagination

Odgovori

Strana:
1
2

bakiša Poslao: 05 Mar 2009 20:54 Idi na vrh
offline bakiša Novi MyCity građanin Pridružio: 05 Mar 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Tek vrlo malo, kratko upućeni, a opet, znamo da smo zaraženi. Upomoć! Dopuna: 05 Mar 2009 20:40 eto nisam napravila ispravno Dopuna: 05 Mar 2009 20:54 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:39:16 PM, on 3/5/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20627) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\agrsmsvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\lsass.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe C:\WINDOWS\system32\frmwrk32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll O2 - BHO: MyPlayCity Toolbar - {4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac} - C:\Program Files\MyPlayCity\tbMyP1.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll O2 - BHO: PDF-XChange Viewer IE-Plugin - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll O4 - HKLM\..\Run: [StartCCC] "c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [Framework Windows] frmwrk32.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKLM\..\Policies\Explorer\Run: [Lsass Service] C:\Documents and Settings\Admin\Application Data\Microsoft\Windows\lsass.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Shortcut to autorun.exe.lnk = D:\autorun.exe O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - Winlogon Notify: 1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll (file missing) O20 - Winlogon Notify: c00A6903 - C:\WINDOWS\SYSTEM32\c00A6903.mat O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe -- End of file - 9029 bytes

Profil

diarno Poslao: 05 Mar 2009 21:09 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Uradi sledece : Klikni desnim tasterom miša na avast! ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Stop OnAccess Protection. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.[/quote]

Profil

bakiša Poslao: 06 Mar 2009 00:10 Idi na vrh
offline bakiša Novi MyCity građanin Pridružio: 05 Mar 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! nešto..... ComboFix 09-03-04.01 - Admin 2009-03-05 21:15:24.1 - NTFSx86 Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Admin\Application Data\Microsoft\Windows\lsass.exe c:\windows\system32\ahtn.htm c:\windows\system32\drivers\265.exe c:\windows\system32\drivers\953.exe c:\windows\system32\frmwrk32.exe c:\windows\system32\init32.exe c:\windows\system32\test.ttt c:\windows\system32\uniq.tll c:\windows\system32\warning.gif c:\windows\system32\win32hlp.cnf c:\windows\system32\userinit.exe . . . is infected!! . ((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 ))))))))))))))))))))))))))))))) . 2009-03-05 19:33 . 2009-03-05 19:33 <DIR> d-------- c:\program files\Trend Micro 2009-03-05 13:34 . 2009-03-05 13:43 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-03-05 01:07 . 2009-03-05 01:07 20,992 --ahs---- c:\windows\system32\c0031261.mat 2009-03-04 19:04 . 2009-03-04 21:51 <DIR> d-------- c:\documents and settings\Admin\Application Data\Lavasoft 2009-03-04 18:52 . 2009-03-04 21:50 <DIR> d-------- c:\program files\a-squared HiJackFree 2009-03-04 18:46 . 2005-08-25 18:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL 2009-03-04 18:46 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX 2009-03-04 18:04 . 2009-03-04 18:03 104,960 --a------ c:\windows\system32\dllcache\userinit.exe 2009-03-04 15:31 . 2009-03-04 15:31 <DIR> d-------- c:\program files\Crawler 2009-03-04 15:24 . 2009-03-04 15:24 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Spyware Terminator 2009-03-04 15:04 . 2009-03-05 13:37 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-03-04 14:59 . 2009-03-04 14:59 20,992 --ahs---- c:\windows\system32\c00A6903.mat 2009-03-04 14:50 . 2009-03-05 13:46 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-04 08:58 . 2009-03-05 19:08 <DIR> d-------- c:\program files\MyPlayCity 2009-03-04 08:58 . 2009-03-04 08:58 <DIR> d-------- c:\program files\Conduit 2009-03-03 23:32 . 2009-03-04 22:22 <DIR> d-------- c:\program files\TrackMania Nations ESWC 2009-03-02 11:20 . 2009-03-02 11:20 <DIR> d-------- c:\documents and settings\Admin\Application Data\Thunderbird 2009-03-01 23:56 . 2009-03-01 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-03-01 23:54 . 2009-03-01 23:55 <DIR> d-------- c:\program files\TmNationsForever 2009-02-25 19:52 . 1994-09-21 01:00 12,800 --a------ c:\windows\system32\wing32.dll 2009-02-25 14:31 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2009-02-23 18:51 . 2009-02-23 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH 2009-02-23 18:51 . 2009-02-23 18:51 <DIR> d-------- c:\documents and settings\Admin\Application Data\GRETECH 2009-02-23 17:33 . 2009-02-23 17:33 <DIR> d-------- c:\program files\CMVideoPlugin 2009-02-23 17:09 . 2004-02-23 20:42 1,386,496 --a------ c:\windows\system32\msvbvm60.dll 2009-02-23 17:09 . 2002-05-08 06:47 164,112 --a------ c:\windows\system32\olepro32.dll 2009-02-23 17:09 . 2002-05-08 06:47 147,728 --a------ c:\windows\system32\asycfilt.dll 2009-02-23 17:09 . 2002-05-08 06:47 22,288 --a------ c:\windows\system32\comcat.dll 2009-02-23 16:32 . 2009-02-23 16:32 <DIR> d-------- c:\program files\CommitCRM 2009-02-23 16:32 . 2009-02-23 16:33 <DIR> d-------- C:\Commit 2009-02-23 15:48 . 2009-02-23 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner 2009-02-23 15:48 . 2009-02-23 16:09 <DIR> d-------- c:\documents and settings\Admin\Application Data\Uniblue 2009-02-19 21:59 . 2009-02-19 21:59 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat 2009-02-19 19:22 . 2009-03-02 19:09 <DIR> d-------- c:\documents and settings\Admin\Application Data\skypePM 2009-02-19 19:22 . 2009-02-19 19:22 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-19 19:18 . 2009-03-03 11:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> dr------- c:\program files\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-18 17:01 . 2009-02-18 17:01 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-18 14:58 . 2009-02-18 14:58 <DIR> d-------- c:\program files\Into Sudoku 2009-02-18 11:04 . 2009-02-18 13:00 2,723 --a------ c:\windows\langorig.ini 2009-02-18 09:46 . 2009-02-18 09:46 <DIR> d-------- c:\program files\Tracker Software 2009-02-18 09:02 . 2009-03-04 00:03 <DIR> d-------- c:\program files\TuneUp Utilities 2007 2009-02-18 09:02 . 2009-02-18 09:02 <DIR> d-------- c:\documents and settings\Admin\Application Data\TuneUp Software 2009-02-18 09:02 . 2007-03-29 04:42 29,704 --a------ c:\windows\system32\uxtuneup.dll 2009-02-18 09:01 . 2009-02-18 09:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-18 09:01 . 2009-02-18 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-02-18 08:55 . 2009-03-04 17:11 <DIR> d-------- c:\program files\ESET 2009-02-12 14:41 . 2009-02-12 14:46 <DIR> d-------- c:\program files\Mystery in London 2009-02-11 23:52 . 2009-02-11 23:52 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-08 17:20 . 2009-02-08 17:20 <DIR> d-------- c:\program files\The Adventure Company 2009-02-08 13:01 . 2009-02-08 13:01 <DIR> d-------- c:\documents and settings\Admin\Application Data\Media Player Classic 2009-02-07 12:19 . 2009-02-07 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFish . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-04 17:03 104,960 ----a-w c:\windows\system32\userinit.exe 2009-03-04 13:40 14,336 ----a-w c:\windows\system32\svchost.exe 2009-03-03 23:06 --------- d-----w c:\program files\Oberon Media 2009-03-03 23:06 --------- d-----w c:\program files\Cpt. Binary 2009-03-02 10:19 --------- d-----w c:\program files\Alawar 2009-02-23 16:36 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-02-23 15:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-23 15:06 --------- d-----w c:\program files\GRETECH 2009-02-19 22:50 --------- d-----w c:\documents and settings\Admin\Application Data\ForgottenRiddles2 2009-02-19 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-18 10:12 --------- d-----w c:\program files\Deep Voyage 2009-02-18 10:12 --------- d-----w c:\program files\Aztec Bricks 2009-02-18 10:12 --------- d-----w c:\program files\Azada 2009-02-18 09:45 --------- d-----w c:\program files\Windows Sidebar 2009-02-18 08:31 --------- d-----w c:\program files\Styler 2009-02-18 07:31 --------- d-----w c:\program files\Hidden Expedition Titanic 2009-02-17 17:15 --------- d-----w c:\program files\Google 2009-02-14 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-02-13 19:06 --------- d-----w c:\program files\LeeGTs Games 2009-02-13 18:24 --------- d-----w c:\documents and settings\Admin\Application Data\Big Fish Games 2009-02-13 18:22 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles 2009-02-09 12:37 --------- d-----w c:\documents and settings\Admin\Application Data\GlarySoft 2009-02-04 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-02-02 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\Friends Games 2009-02-01 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Forge of Games 2009-02-01 20:27 --------- d-----w c:\program files\Common Files\Sandlot Shared 2009-02-01 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-02-01 16:11 --------- d-----w c:\program files\Just Sudoku PE 2009-02-01 13:27 --------- d-----w c:\documents and settings\Admin\Application Data\Beep Industries 2009-01-31 13:54 --------- d-----w c:\program files\Forgotten Riddles - The Moonlight Sonatas 2009-01-31 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Media 2009-01-31 13:22 --------- d-----w c:\documents and settings\Admin\Application Data\Beep 2009-01-31 13:13 --------- d-----w c:\program files\DAEMON Tools 2009-01-31 13:11 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-30 10:26 --------- d-----w c:\program files\Mystery Chronicles - Murder Among Friends 2009-01-29 18:37 --------- d-----w c:\program files\The Three Stooges - Treasure Hunt Hijinks 2009-01-29 18:37 --------- d-----w c:\documents and settings\Admin\Application Data\BigFish 2009-01-29 17:35 --------- d-----w c:\program files\ReflexiveArcade 2009-01-28 20:38 --------- d-----w c:\program files\MyPlayCity.com 2009-01-28 00:50 --------- d-----w c:\program files\SecureW2 2009-01-27 16:19 --------- d-----w c:\documents and settings\Admin\Application Data\FastStone 2009-01-27 16:05 --------- d-----w c:\program files\FastStone Image Viewer 2009-01-27 02:56 --------- d-----w c:\documents and settings\Admin\Application Data\Talkback 2009-01-26 22:20 --------- d-----w c:\documents and settings\Admin\Application Data\Winamp 2009-01-26 22:17 --------- d-----w c:\program files\Winamp 2009-01-24 03:32 --------- d-----w c:\program files\Common Files\Adobe 2009-01-23 05:06 87,280 ----a-w c:\windows\system32\bcmwlcoi.dll 2009-01-23 05:06 1,391,104 ----a-w c:\windows\system32\drivers\BCMWL5.SYS 2009-01-23 05:06 --------- d-----w c:\program files\Broadcom 2009-01-23 05:03 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-01-23 05:03 --------- d-----w c:\documents and settings\Admin\Application Data\ATI 2009-01-23 04:59 --------- d-----w c:\program files\ATI Technologies 2009-01-23 04:56 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-23 04:55 --------- d-----w c:\program files\WIDCOMM 2009-01-23 04:51 --------- d-----w c:\program files\Analog Devices 2009-01-23 04:50 --------- d-----w c:\program files\Marvell 2009-01-23 04:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-23 04:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-01-23 04:48 --------- d-----w c:\program files\Hewlett-Packard 2009-01-23 04:47 --------- d-----w c:\program files\Common Files\SNP2UVC 2009-01-23 04:47 --------- d-----w c:\documents and settings\Admin\Application Data\InstallShield 2009-01-22 04:08 --------- d-----w c:\documents and settings\Admin\Application Data\Nero 2009-01-22 04:01 --------- d-----w c:\program files\Microsoft Works 2009-01-22 04:00 --------- d-----w c:\program files\Microsoft.NET . ------- Sigcheck ------- 2007-10-13 13:04 2182144 a09c144d8d5a460b8ebfa56f913715d2 c:\windows\system32\ntkrnlpa.exe 2007-10-13 13:04 2302464 465e3e1178812be755634457f4a778bf c:\windows\system32\ntoskrnl.exe 2007-10-13 13:03 1224192 3fe7b5db9e412bcffaef9359cae82fc8 c:\windows\explorer.exe 2007-10-13 13:03 1224192 3fe7b5db9e412bcffaef9359cae82fc8 c:\windows\icon_TMP\explorer.exe 2007-10-13 13:03 1033216 42d32722b805d7df42d30487a0bcbd78 c:\windows\system_backup\explorer.exe 2007-10-13 13:05 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\icon_TMP\wuauclt.exe 2007-10-13 13:05 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\system32\wuauclt.exe 2007-10-13 13:05 53080 3a83a45e7dd5276315aa20245e7c32bf c:\windows\system_backup\wuauclt.exe 2009-03-04 18:03 104960 36503a3904f87a085bb3877e3d16564f c:\windows\system32\userinit.exe 2009-03-04 18:03 104960 36503a3904f87a085bb3877e3d16564f c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-03-05 1883672] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2009-03-05 19:09 1883672 --a------ c:\program files\MyPlayCity\tbMyP1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-13 15360] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-04 177456] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-13 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\explorer.exe," [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00A6903] 2009-03-04 14:59 20992 c:\windows\system32\c00A6903.mat [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to autorun.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to autorun.exe.lnk backup=c:\windows\pss\Shortcut to autorun.exe.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe "SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "WinampAgent"="c:\program files\Winamp\winampa.exe" "AdVantage Setup"=c:\program files\DAEMON Tools\AdVantageSetup.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2383:TCP"= 2383:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1097:TCP"= 1097:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1047:TCP"= 1047:TCP:Akamai NetSession Interface "1052:TCP"= 1052:TCP:Akamai NetSession Interface "1042:TCP"= 1042:TCP:Akamai NetSession Interface S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] --- Other Services/Drivers In Memory --- Deregistered - Aavmker4 Deregistered - AFD Deregistered - AgereModemAudio Deregistered - ALG Deregistered - aswFsBlk Deregistered - aswMon2 Deregistered - aswRdr Deregistered - aswSP Deregistered - aswTdi Deregistered - aswUpdSv Deregistered - Ati HotKey Poller Deregistered - AudioSrv Deregistered - audstub Deregistered - avast! Antivirus Deregistered - avast! Mail Scanner Deregistered - avast! Web Scanner Deregistered - Beep Deregistered - BITS Deregistered - Browser Deregistered - BTKRNL Deregistered - btwdins Deregistered - Cdfs Deregistered - Com4QLBEx Deregistered - Compbatt Deregistered - CryptSvc Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - ERSvc Deregistered - EventSystem Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - gusvc Deregistered - helpsvc Deregistered - hpqwmiex Deregistered - HTTP Deregistered - ImapiService Deregistered - IpNat Deregistered - IPSec Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LmHosts Deregistered - MDM Deregistered - mnmdd Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - rspndr Deregistered - SamSs Deregistered - Schedule Deregistered - Secdrv Deregistered - seclogon Deregistered - SENS Deregistered - SFAUDIO Deregistered - sfdrv01 Deregistered - sfhlp02 Deregistered - sfvfs02 Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - Spooler Deregistered - sptd Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - stisvc Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - TrkWks Deregistered - Update Deregistered - UxTuneUp Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - Wdf01000 Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - wuauserv Deregistered - WZCSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\BugDVD.exe \Shell\Install\command - D:\BugDVD.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68a85a0a-fdb8-11dd-9b43-00210065420b}] \Shell\AutoRun\command - F:\ \Shell\open\Command - rundll32.exe .\\wmpcwre.dll,InstallM . Contents of the 'Scheduled Tasks' folder 2009-02-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51] 2009-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-17 22:16] . - - - - ORPHANS REMOVED - - - - HKLM-RunOnce-<NO NAME> - (no file) HKLM-Explorer_Run-Lsass Service - c:\documents and settings\Admin\Application Data\Microsoft\Windows\lsass.exe Notify-1235904601_m7d_opf_260209 - 1235904601_m7d_opf_260209.dll . ------- Supplementary Scan ------- . IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\efcuy4p1.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-05 21:16:42 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run Lsass Service = c:\documents and settings\Admin\Application Data\Microsoft\Windows\lsass.exe??????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\LocalServer32] @DACL=(02 0000) @="c:\\PROGRA~1\\SPYWAR~1\\SPYWAR~1.EXE" "ThreadingModel"="Free" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\ProgID] @DACL=(02 0000) @="CSTerminator.CoCSTerminator" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\TypeLib] @DACL=(02 0000) @="{27FBDC7C-30AF-4EDB-9108-0AF6EE3FC89D}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\Version] @DACL=(02 0000) @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CSTerminator.CoCSTerminator\Clsid] @DACL=(02 0000) @="{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(932) c:\windows\system32\Ati2evxx.dll c:\windows\system32\c00A6903.mat c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll . Completion time: 2009-03-05 21:18:03 ComboFix-quarantined-files.txt 2009-03-05 20:18:01 Pre-Run: 196,535,152,640 bytes free Post-Run: 196,553,838,592 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 434 Dopuna: 05 Mar 2009 22:41 Izgleda mi, ovako kako ja vidim, sve u redu. Hvala Dopuna: 06 Mar 2009 0:10 Šta sam napravila da mi se pojavilo, to što se pojavilo? Pitam informativno da mi se problem ne pojavi ponovo. Hvala

Profil

diarno Poslao: 06 Mar 2009 00:18 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nazalost, nismo jos zavrsili.. jos uvek ima infekcije i moracemo sutra da nastavimo

Profil

bakiša Poslao: 06 Mar 2009 00:27 Idi na vrh
offline bakiša Novi MyCity građanin Pridružio: 05 Mar 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! :-( do sutra

Profil

diarno Poslao: 06 Mar 2009 14:13 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Skini ovaj zip i raspakuj ga na desktop. https://www.mycity.rs/must-login.png Zatim uradi sledece : Otvoriti Notepad i iskopirati sledeci tekst: `FCOPY:: c:\documents and settings\Admin\Desktop\userinit.exe\|c:\windows\system32\userinit.exe c:\documents and settings\Admin\Desktop\userinit.exe\|c:\windows\system32\dllcache\userinit.exe File:: c:\windows\system32\c0031261.mat c:\windows\system32\c00A6903.mat Registry:: [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\c00A6903] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{68a85a0a-fdb8-11dd-9b43-00210065420b}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

bakiša Poslao: 06 Mar 2009 18:07 Idi na vrh
offline bakiša Novi MyCity građanin Pridružio: 05 Mar 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-03-04.01 - Admin 2009-03-06 17:48:28.2 - NTFSx86 Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Admin\Desktop\CFScript.txt * Created a new restore point FILE :: c:\windows\system32\c0031261.mat c:\windows\system32\c00A6903.mat . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\c0031261.mat c:\windows\system32\c00A6903.mat . --------------- FCopy --------------- c:\documents and settings\Admin\Desktop\userinit.exe --> c:\windows\system32\userinit.exe c:\documents and settings\Admin\Desktop\userinit.exe --> c:\windows\system32\dllcache\userinit.exe . ((((((((((((((((((((((((( Files Created from 2009-02-06 to 2009-03-06 ))))))))))))))))))))))))))))))) . 2009-03-06 17:48 . 2009-03-06 14:02 24,576 --a------ c:\windows\system32\userinit.exe 2009-03-06 17:48 . 2009-03-06 14:02 24,576 --a------ c:\windows\system32\dllcache\userinit.exe 2009-03-05 22:51 . 2009-03-05 23:01 <DIR> d-------- c:\program files\DesktopEarth 2009-03-05 21:30 . 2009-03-05 21:30 <DIR> d-------- c:\windows\system32\xircom 2009-03-05 21:30 . 2009-03-05 21:30 <DIR> d-------- c:\program files\microsoft frontpage 2009-03-05 19:33 . 2009-03-05 19:33 <DIR> d-------- c:\program files\Trend Micro 2009-03-04 19:04 . 2009-03-04 21:51 <DIR> d-------- c:\documents and settings\Admin\Application Data\Lavasoft 2009-03-04 18:52 . 2009-03-04 21:50 <DIR> d-------- c:\program files\a-squared HiJackFree 2009-03-04 18:46 . 2005-08-25 18:18 118,784 --a------ c:\windows\system32\MSSTDFMT.DLL 2009-03-04 18:46 . 2005-08-25 18:19 115,920 --a------ c:\windows\system32\MSINET.OCX 2009-03-04 15:31 . 2009-03-04 15:31 <DIR> d-------- c:\program files\Crawler 2009-03-04 15:24 . 2009-03-04 15:24 <DIR> d-------- c:\documents and settings\NetworkService\Application Data\Spyware Terminator 2009-03-04 15:04 . 2009-03-05 13:37 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2009-03-04 15:04 . 2009-03-04 15:04 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2009-03-04 14:50 . 2009-03-05 21:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-03-04 08:58 . 2009-03-05 19:08 <DIR> d-------- c:\program files\MyPlayCity 2009-03-04 08:58 . 2009-03-04 08:58 <DIR> d-------- c:\program files\Conduit 2009-03-03 23:32 . 2009-03-04 22:22 <DIR> d-------- c:\program files\TrackMania Nations ESWC 2009-03-02 11:20 . 2009-03-02 11:20 <DIR> d-------- c:\documents and settings\Admin\Application Data\Thunderbird 2009-03-01 23:56 . 2009-03-01 23:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\TrackMania 2009-03-01 23:54 . 2009-03-01 23:55 <DIR> d-------- c:\program files\TmNationsForever 2009-02-25 19:52 . 1994-09-21 01:00 12,800 --a------ c:\windows\system32\wing32.dll 2009-02-25 14:31 . 2001-08-17 13:56 7,552 --a------ c:\windows\system32\drivers\SONYPVU1.SYS 2009-02-23 18:51 . 2009-02-23 18:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\GRETECH 2009-02-23 18:51 . 2009-02-23 18:51 <DIR> d-------- c:\documents and settings\Admin\Application Data\GRETECH 2009-02-23 17:33 . 2009-02-23 17:33 <DIR> d-------- c:\program files\CMVideoPlugin 2009-02-23 17:09 . 2004-02-23 20:42 1,386,496 --a------ c:\windows\system32\msvbvm60.dll 2009-02-23 17:09 . 2002-05-08 06:47 164,112 --a------ c:\windows\system32\olepro32.dll 2009-02-23 17:09 . 2002-05-08 06:47 147,728 --a------ c:\windows\system32\asycfilt.dll 2009-02-23 17:09 . 2002-05-08 06:47 22,288 --a------ c:\windows\system32\comcat.dll 2009-02-23 16:32 . 2009-02-23 16:32 <DIR> d-------- c:\program files\CommitCRM 2009-02-23 16:32 . 2009-02-23 16:33 <DIR> d-------- C:\Commit 2009-02-23 15:48 . 2009-02-23 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner 2009-02-23 15:48 . 2009-02-23 16:09 <DIR> d-------- c:\documents and settings\Admin\Application Data\Uniblue 2009-02-19 21:59 . 2009-02-19 21:59 32 --a------ c:\documents and settings\All Users\Application Data\ezsid.dat 2009-02-19 19:22 . 2009-03-02 19:09 <DIR> d-------- c:\documents and settings\Admin\Application Data\skypePM 2009-02-19 19:22 . 2009-02-19 19:22 48 --ah----- c:\windows\system32\ezsidmv.dat 2009-02-19 19:18 . 2009-03-03 11:54 <DIR> d-------- c:\documents and settings\Admin\Application Data\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> dr------- c:\program files\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> d-------- c:\program files\Common Files\Skype 2009-02-19 19:16 . 2009-02-19 19:16 <DIR> d-------- c:\documents and settings\All Users\Application Data\Skype 2009-02-18 17:01 . 2009-02-18 17:01 <DIR> d-------- c:\program files\YouTube Downloader 2009-02-18 14:58 . 2009-02-18 14:58 <DIR> d-------- c:\program files\Into Sudoku 2009-02-18 11:04 . 2009-02-18 13:00 2,723 --a------ c:\windows\langorig.ini 2009-02-18 09:46 . 2009-02-18 09:46 <DIR> d-------- c:\program files\Tracker Software 2009-02-18 09:02 . 2009-03-04 00:03 <DIR> d-------- c:\program files\TuneUp Utilities 2007 2009-02-18 09:02 . 2009-02-18 09:02 <DIR> d-------- c:\documents and settings\Admin\Application Data\TuneUp Software 2009-02-18 09:02 . 2007-03-29 04:42 29,704 --a------ c:\windows\system32\uxtuneup.dll 2009-02-18 09:01 . 2009-02-18 09:01 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-18 09:01 . 2009-02-18 09:01 <DIR> d-------- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-02-18 08:55 . 2009-03-04 17:11 <DIR> d-------- c:\program files\ESET 2009-02-12 14:41 . 2009-02-12 14:46 <DIR> d-------- c:\program files\Mystery in London 2009-02-11 23:52 . 2009-02-11 23:52 <DIR> d-------- c:\windows\system32\NtmsData 2009-02-08 17:20 . 2009-02-08 17:20 <DIR> d-------- c:\program files\The Adventure Company 2009-02-08 13:01 . 2009-02-08 13:01 <DIR> d-------- c:\documents and settings\Admin\Application Data\Media Player Classic 2009-02-07 12:19 . 2009-02-07 12:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\BigFish . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-03-06 09:07 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP 2009-03-03 23:06 --------- d-----w c:\program files\Oberon Media 2009-03-03 23:06 --------- d-----w c:\program files\Cpt. Binary 2009-03-02 10:19 --------- d-----w c:\program files\Alawar 2009-02-23 15:47 --------- d--h--w c:\program files\InstallShield Installation Information 2009-02-23 15:06 --------- d-----w c:\program files\GRETECH 2009-02-19 22:50 --------- d-----w c:\documents and settings\Admin\Application Data\ForgottenRiddles2 2009-02-19 19:46 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-02-18 10:12 --------- d-----w c:\program files\Deep Voyage 2009-02-18 10:12 --------- d-----w c:\program files\Aztec Bricks 2009-02-18 10:12 --------- d-----w c:\program files\Azada 2009-02-18 09:45 --------- d-----w c:\program files\Windows Sidebar 2009-02-18 08:31 --------- d-----w c:\program files\Styler 2009-02-18 07:31 --------- d-----w c:\program files\Hidden Expedition Titanic 2009-02-17 17:15 --------- d-----w c:\program files\Google 2009-02-14 14:58 --------- d-----w c:\documents and settings\All Users\Application Data\AlawarWrapper 2009-02-13 19:06 --------- d-----w c:\program files\LeeGTs Games 2009-02-13 18:24 --------- d-----w c:\documents and settings\Admin\Application Data\Big Fish Games 2009-02-13 18:22 --------- d-----w c:\documents and settings\All Users\Application Data\MysteryChronicles 2009-02-09 12:37 --------- d-----w c:\documents and settings\Admin\Application Data\GlarySoft 2009-02-04 08:47 --------- d-----w c:\documents and settings\All Users\Application Data\MumboJumbo 2009-02-02 14:41 --------- d-----w c:\documents and settings\All Users\Application Data\Friends Games 2009-02-01 20:28 --------- d-----w c:\documents and settings\All Users\Application Data\Forge of Games 2009-02-01 20:27 --------- d-----w c:\program files\Common Files\Sandlot Shared 2009-02-01 20:26 --------- d-----w c:\documents and settings\All Users\Application Data\Sandlot Games 2009-02-01 16:11 --------- d-----w c:\program files\Just Sudoku PE 2009-02-01 13:27 --------- d-----w c:\documents and settings\Admin\Application Data\Beep Industries 2009-01-31 13:54 --------- d-----w c:\program files\Forgotten Riddles - The Moonlight Sonatas 2009-01-31 13:30 --------- d-----w c:\documents and settings\All Users\Application Data\Oberon Media 2009-01-31 13:22 --------- d-----w c:\documents and settings\Admin\Application Data\Beep 2009-01-31 13:13 --------- d-----w c:\program files\DAEMON Tools 2009-01-31 13:11 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-30 10:26 --------- d-----w c:\program files\Mystery Chronicles - Murder Among Friends 2009-01-29 18:37 --------- d-----w c:\program files\The Three Stooges - Treasure Hunt Hijinks 2009-01-29 18:37 --------- d-----w c:\documents and settings\Admin\Application Data\BigFish 2009-01-29 17:35 --------- d-----w c:\program files\ReflexiveArcade 2009-01-28 20:38 --------- d-----w c:\program files\MyPlayCity.com 2009-01-28 00:50 --------- d-----w c:\program files\SecureW2 2009-01-27 16:19 --------- d-----w c:\documents and settings\Admin\Application Data\FastStone 2009-01-27 16:05 --------- d-----w c:\program files\FastStone Image Viewer 2009-01-27 02:56 --------- d-----w c:\documents and settings\Admin\Application Data\Talkback 2009-01-26 22:20 --------- d-----w c:\documents and settings\Admin\Application Data\Winamp 2009-01-26 22:17 --------- d-----w c:\program files\Winamp 2009-01-24 03:32 --------- d-----w c:\program files\Common Files\Adobe 2009-01-23 05:06 1,391,104 ----a-w c:\windows\system32\drivers\BCMWL5.SYS 2009-01-23 05:06 --------- d-----w c:\program files\Broadcom 2009-01-23 05:03 --------- d-----w c:\documents and settings\All Users\Application Data\ATI 2009-01-23 05:03 --------- d-----w c:\documents and settings\Admin\Application Data\ATI 2009-01-23 04:59 --------- d-----w c:\program files\ATI Technologies 2009-01-23 04:56 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-23 04:55 --------- d-----w c:\program files\WIDCOMM 2009-01-23 04:51 --------- d-----w c:\program files\Analog Devices 2009-01-23 04:50 --------- d-----w c:\program files\Marvell 2009-01-23 04:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-01-23 04:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_HpqKbFiltr_01005.Wdf 2009-01-23 04:48 --------- d-----w c:\program files\Hewlett-Packard 2009-01-23 04:47 --------- d-----w c:\program files\Common Files\SNP2UVC 2009-01-23 04:47 --------- d-----w c:\documents and settings\Admin\Application Data\InstallShield 2009-01-22 04:08 --------- d-----w c:\documents and settings\Admin\Application Data\Nero 2009-01-22 04:01 --------- d-----w c:\program files\Microsoft Works 2009-01-22 04:00 --------- d-----w c:\program files\Microsoft.NET . ------- Sigcheck ------- 2007-10-13 13:04 2182144 a09c144d8d5a460b8ebfa56f913715d2 c:\windows\system32\ntkrnlpa.exe 2007-10-13 13:04 2302464 465e3e1178812be755634457f4a778bf c:\windows\system32\ntoskrnl.exe 2007-10-13 13:03 1224192 3fe7b5db9e412bcffaef9359cae82fc8 c:\windows\explorer.exe 2007-10-13 13:03 1224192 3fe7b5db9e412bcffaef9359cae82fc8 c:\windows\icon_TMP\explorer.exe 2007-10-13 13:03 1033216 42d32722b805d7df42d30487a0bcbd78 c:\windows\system_backup\explorer.exe 2007-10-13 13:05 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\icon_TMP\wuauclt.exe 2007-10-13 13:05 80216 c7bcea1533be5c9e15884d6c39b667f1 c:\windows\system32\wuauclt.exe 2007-10-13 13:05 53080 3a83a45e7dd5276315aa20245e7c32bf c:\windows\system_backup\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot@2009-03-05_21.17.00.98 ))))))))))))))))))))))))))))))))))))))))) . + 2009-03-05 22:01:37 29,926 ----a-r c:\windows\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_6FEFF9B68218417F98F549.exe + 2009-03-05 22:01:37 29,926 ----a-r c:\windows\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_C1A9BF9D98647632ED5172.exe + 2009-03-05 22:01:37 29,926 ----a-r c:\windows\Installer\{DBA5E973-660D-4CBE-A469-F5C37FBF0CE4}\_CE4FFA1DD37E7C505AED29.exe - 2009-03-05 17:59:16 71,108 ----a-w c:\windows\system32\perfc009.dat + 2009-03-06 07:36:45 71,108 ----a-w c:\windows\system32\perfc009.dat - 2009-03-05 17:59:16 439,062 ----a-w c:\windows\system32\perfh009.dat + 2009-03-06 07:36:45 439,062 ----a-w c:\windows\system32\perfh009.dat + 2009-03-06 16:52:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_79c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}"= "c:\program files\MyPlayCity\tbMyP1.dll" [2009-03-05 1883672] [HKEY_CLASSES_ROOT\clsid\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4724c5d8-dfa7-417a-a2f5-1eabfee9b4ac}] 2009-03-05 19:09 1883672 --a------ c:\program files\MyPlayCity\tbMyP1.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2007-10-13 15360] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-17 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-06-04 177456] "avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2007-10-13 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "nltide_3"="advpack.dll" [2007-10-13 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2005-12-21 07:57 176128 c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to autorun.exe.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to autorun.exe.lnk backup=c:\windows\pss\Shortcut to autorun.exe.lnkCommon Startup [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe "Google Update"="c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" "hpWirelessAssistant"=c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe "SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe "SoundMAX"=c:\program files\Analog Devices\SoundMAX\Smax4.exe /tray [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled] "WinampAgent"="c:\program files\Winamp\winampa.exe" "AdVantage Setup"=c:\program files\DAEMON Tools\AdVantageSetup.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"= "c:\\Documents and Settings\\Admin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\TmNationsForever\\TmForever.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\TrackMania Nations ESWC\\TmNationsESWC.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "2383:TCP"= 2383:TCP:Akamai NetSession Interface "5000:UDP"= 5000:UDP:Akamai NetSession Interface "1097:TCP"= 1097:TCP:Akamai NetSession Interface "1050:TCP"= 1050:TCP:Akamai NetSession Interface "1057:TCP"= 1057:TCP:Akamai NetSession Interface "1047:TCP"= 1047:TCP:Akamai NetSession Interface "1052:TCP"= 1052:TCP:Akamai NetSession Interface "1042:TCP"= 1042:TCP:Akamai NetSession Interface S0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [2008-03-28 24064] S1 aswSP;avast! Self Protection; [x] S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-02-05 20560] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840] --- Other Services/Drivers In Memory --- Deregistered - Aavmker4 Deregistered - AFD Deregistered - AgereModemAudio Deregistered - ALG Deregistered - aswFsBlk Deregistered - aswMon2 Deregistered - aswRdr Deregistered - aswSP Deregistered - aswTdi Deregistered - aswUpdSv Deregistered - Ati HotKey Poller Deregistered - AudioSrv Deregistered - audstub Deregistered - avast! Antivirus Deregistered - avast! Mail Scanner Deregistered - avast! Web Scanner Deregistered - Beep Deregistered - Browser Deregistered - BTKRNL Deregistered - btwdins Deregistered - Cdfs Deregistered - Com4QLBEx Deregistered - Compbatt Deregistered - CryptSvc Deregistered - DcomLaunch Deregistered - Dhcp Deregistered - dmio Deregistered - dmload Deregistered - dmserver Deregistered - Dnscache Deregistered - ERSvc Deregistered - EventSystem Deregistered - FastUserSwitchingCompatibility Deregistered - Fips Deregistered - FltMgr Deregistered - Ftdisk Deregistered - Gpc Deregistered - helpsvc Deregistered - hpqwmiex Deregistered - HTTP Deregistered - ImapiService Deregistered - IpNat Deregistered - IPSec Deregistered - KSecDD Deregistered - lanmanserver Deregistered - lanmanworkstation Deregistered - LmHosts Deregistered - MDM Deregistered - mnmdd Deregistered - MountMgr Deregistered - MRxDAV Deregistered - MRxSmb Deregistered - Msfs Deregistered - mssmbios Deregistered - Mup Deregistered - NDIS Deregistered - NdisTapi Deregistered - Ndisuio Deregistered - NdisWan Deregistered - NDProxy Deregistered - NetBIOS Deregistered - NetBT Deregistered - Netman Deregistered - Nla Deregistered - Npfs Deregistered - Ntfs Deregistered - Null Deregistered - PartMgr Deregistered - PolicyAgent Deregistered - PptpMiniport Deregistered - ProtectedStorage Deregistered - PSched Deregistered - RasAcd Deregistered - Rasl2tp Deregistered - RasMan Deregistered - RasPppoe Deregistered - Raspti Deregistered - Rdbss Deregistered - RDPCDD Deregistered - rdpdr Deregistered - RemoteRegistry Deregistered - RpcSs Deregistered - rspndr Deregistered - SamSs Deregistered - Schedule Deregistered - Secdrv Deregistered - seclogon Deregistered - SENS Deregistered - SFAUDIO Deregistered - sfdrv01 Deregistered - sfhlp02 Deregistered - sfvfs02 Deregistered - SharedAccess Deregistered - ShellHWDetection Deregistered - Spooler Deregistered - sptd Deregistered - sr Deregistered - srservice Deregistered - Srv Deregistered - SSDPSRV Deregistered - stisvc Deregistered - swenum Deregistered - TapiSrv Deregistered - Tcpip Deregistered - TermDD Deregistered - TermService Deregistered - Themes Deregistered - TrkWks Deregistered - Update Deregistered - UxTuneUp Deregistered - VgaSave Deregistered - VolSnap Deregistered - W32Time Deregistered - Wanarp Deregistered - Wdf01000 Deregistered - WebClient Deregistered - winmgmt Deregistered - wscsvc Deregistered - wuauserv Deregistered - WZCSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\BugDVD.exe \Shell\Install\command - D:\BugDVD.exe . Contents of the 'Scheduled Tasks' folder 2009-02-27 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2007\SystemOptimizer.exe [2007-04-27 06:51] 2009-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-854245398-1580436667-682003330-1003.job - c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-17 22:16] . . ------- Supplementary Scan ------- . IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\efcuy4p1.default\ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll FF - plugin: c:\documents and settings\Admin\Application Data\Mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\Admin\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-03-06 17:52:40 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\LocalServer32] @DACL=(02 0000) @="c:\\PROGRA~1\\SPYWAR~1\\SPYWAR~1.EXE" "ThreadingModel"="Free" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\ProgID] @DACL=(02 0000) @="CSTerminator.CoCSTerminator" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\TypeLib] @DACL=(02 0000) @="{27FBDC7C-30AF-4EDB-9108-0AF6EE3FC89D}" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}\Version] @DACL=(02 0000) @="1.0" [HKEY_LOCAL_MACHINE\software\Classes\CSTerminator.CoCSTerminator\Clsid] @DACL=(02 0000) @="{A4FD1254-DE42-4A46-9B3D-B9167686B8BF}" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(940) c:\windows\system32\Ati2evxx.dll c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe c:\windows\system32\ati2evxx.exe c:\program files\Alwil Software\Avast4\aswUpdSv.exe c:\program files\Alwil Software\Avast4\ashServ.exe c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe c:\program files\DesktopEarth\DesktopEarth.exe c:\program files\WIDCOMM\Bluetooth Software\BTStackServer.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\Alwil Software\Avast4\ashMaiSv.exe c:\program files\Alwil Software\Avast4\ashWebSv.exe c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\progra~1\COMMON~1\MICROS~1\DW\DW20.EXE . ************************************************************************ . Completion time: 2009-03-06 17:55:11 - machine was rebooted [Admin] ComboFix-quarantined-files.txt 2009-03-06 16:55:08 ComboFix2.txt 2009-03-05 20:18:04 Pre-Run: 193,712,398,336 bytes free Post-Run: 193,707,253,760 bytes free 436

Profil

diarno Poslao: 06 Mar 2009 18:13 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako ti se sad cini stanje sistema?

Profil

bakiša Poslao: 06 Mar 2009 18:23 Idi na vrh
offline bakiša Novi MyCity građanin Pridružio: 05 Mar 2009 Poruke: 6	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Danas je sistem puno brži nego jučer, hvala. Ali kao totalni laik i dalje neznam šta mi se događalo. Možda nešto kao kako spriječiti da se ne ponovi? Zahvalna sam šta sam naletila na ovu stranicu i na Vas Ivana

Profil

diarno Poslao: 06 Mar 2009 19:10 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa imala si malware koji je inficirao sistemske fajlove pa smo to sredili... E sad.. kako spreciti da se to ne ponovi.. to je tesko pitanje... samo redovno update-uj zastitni softver, kloni se krekovanih programa i to je ono sto je do tebe... Ono sto se nikad ne zna je to koji sajt sadrzi malware( to je vise stvar srece )... Uradi jos ovo : Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » virus, nešto?!

Ko je trenutno na forumu

Ukupno su 649 korisnika na forumu :: 29 registrovanih, 8 sakrivenih i 612 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Andrija357, babaroga, Bobrock1, cinoeye, DejanSt, djboj, esx66, FileFinder, Georgius, goxin, havoc995, HrcAk47, ladro, laki_bb, Lazarus, Lieutenant, Mi lao shu, Milos82, nikoladim, nuke92, repac, Ripanjac, Srle993, Tragač, Trpe Grozni, Vlada1389, vladetije, vlajkox, 125

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by