MyCity » Ambulanta -> Arhiva Ambulante » vundo

vundo

Napisano na dan: 24.4.2008
1

vundo
Sledeća strana Pagination

Idi na vrh

Poslao: 24 Apr 2008 14:03
Idi na vrh
offline
  • ziga 
  • Novi MyCity građanin
  • Pridružio: 24 Apr 2008
  • Poruke: 7

pozdrav.ovako, imam virus win32.virtumonde.FP application,pokusao sam raznim nacinima ga uklonit i nikako nisam uspio.neznam sta da radim
zarazeni file-ovi su:C:\WINDIWS\SYSTEM32\awtrSKb.dll
C:\WINDOWS\SYSTEM32\ssqnnOhH.dll

MOLIM VAS POMOZITE!!!!!!



Logfile of HijackThis v1.99.1
Scan saved at 13:21:05, on 24.4.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\Documents and Settings\fekalije\Desktop\sanjasz\MsgPlus.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Documents and Settings\fekalije\Desktop\mujo\TR3.exe.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {46CF3E28-A96D-4087-85D3-8F1E8754E526} - C:\WINDOWS\system32\awtrSKbB.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
O2 - BHO: (no name) - {F50B3F5E-856E-4757-9BB1-B35D46CA7719} - C:\WINDOWS\system32\ssqnnOhH.dll
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Documents and Settings\fekalije\Desktop\sanjasz\MsgPlus.exe"
O4 - HKLM\..\Run: [58df4981] rundll32.exe "C:\WINDOWS\system32\yejrgncy.dll",b
O4 - HKLM\..\Run: [BM5bec7a1d] Rundll32.exe "C:\WINDOWS\system32\pigdgqti.dll",s
O4 - HKLM\..\Run: [winsock32] C:\WINDOWS\system32:winsock32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\fekalije\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: ssqnnOhH - C:\WINDOWS\SYSTEM32\ssqnnOhH.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe

Poslao: 24 Apr 2008 15:31
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 24 Apr 2008 21:43
Idi na vrh
offline
  • ziga 
  • Novi MyCity građanin
  • Pridružio: 24 Apr 2008
  • Poruke: 7

Dopuna: 24 Apr 2008 17:44

upss!!mislim da je ovo pravi!!!




ComboFix 08-04-22.5 - fekalije 2008-04-24 17:16:17.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.732 [GMT 2:00]
Running from: C:\Documents and Settings\fekalije\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\BbKSrtwa.ini
C:\WINDOWS\system32\BbKSrtwa.ini2
C:\WINDOWS\system32\mcrh.tmp

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 15:38 . 2008-04-24 15:38 <DIR> d-------- C:\Program Files\Avira
2008-04-24 15:11 . 2008-04-24 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-24 15:07 . 2008-04-24 15:36 19,697,272 --a------ C:\WINDOWS\prem_sec_winnt_de_hp.exe
2008-04-24 14:31 . 2008-04-24 14:31 1,432 --a------ C:\DelDomains.inf
2008-04-24 13:17 . 2008-04-24 14:30 <DIR> d-------- C:\New Folder
2008-04-24 12:58 . 2008-04-24 12:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 12:58 . 2008-04-24 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 17:24 . 2008-04-23 17:24 <DIR> d-------- C:\Program Files\AVG
2008-04-23 17:24 . 2008-04-23 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-23 17:24 . 2008-04-23 17:24 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-04-23 17:24 . 2008-04-23 17:24 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-04-23 17:02 . 2008-04-23 17:02 <DIR> d-------- C:\VundoFix Backups
2008-04-23 14:51 . 2008-04-23 14:54 <DIR> d-------- C:\Program Files\Spyware & Adware Removal
2008-04-23 12:16 . 2008-04-23 14:40 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-04-22 20:53 . 2008-04-22 20:56 <DIR> d-------- C:\Program Files\RegCure
2008-04-22 12:28 . 2008-04-24 12:55 1,542,041 --ahs---- C:\WINDOWS\system32\ycngrjey.ini
2008-04-22 12:27 . 2008-04-24 12:51 109,687 --a------ C:\WINDOWS\BM5bec7a1d.xml
2008-04-22 00:24 . 2008-04-22 00:24 272,896 --a------ C:\WINDOWS\system32\awtrSKbB.dll
2008-04-22 00:19 . 2008-04-22 00:19 39,936 --a------ C:\WINDOWS\system32\ssqnnOhH.dll
2008-04-19 18:48 . 2008-04-19 18:48 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Fever Frenzy
2008-04-18 11:26 . 2008-04-18 11:27 <DIR> d-------- C:\Program Files\Fashion Rush
2008-04-18 11:19 . 2008-04-23 12:42 <DIR> d-------- C:\Program Files\Fashion Fits!
2008-04-18 11:07 . 2008-04-18 11:07 <DIR> d-------- C:\Program Files\Plantasia
2008-04-18 11:01 . 2008-04-23 12:39 <DIR> d-------- C:\Program Files\Roller Rush
2008-04-18 10:54 . 2008-04-19 19:50 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\Program Files\Deep Quest
2008-04-18 10:30 . 2008-04-18 10:30 <DIR> d-------- C:\Program Files\Doggie Dash
2008-04-18 10:09 . 2008-04-18 10:09 <DIR> d-------- C:\Program Files\Recyclorama
2008-04-18 10:05 . 2008-04-18 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-16 16:01 . 2008-04-18 13:59 <DIR> d-------- C:\Games
2008-04-13 17:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 17:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 17:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-13 02:52 . 2008-04-13 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 02:34 . 2008-04-13 02:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 02:33 . 2008-04-13 02:33 <DIR> d-------- C:\Program Files\Windows Live
2008-04-13 02:33 . 2008-04-13 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 15:24 . 2008-04-10 15:24 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Jane s Hotel Family Hero
2008-04-10 14:24 . 2008-04-23 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-07 20:05 . 2008-04-07 20:05 <DIR> d-------- C:\Logs
2008-04-07 19:23 . 2008-04-11 18:10 <DIR> dr------- C:\World of Warcraft
2008-04-07 19:15 . 2008-04-07 19:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-05 22:01 . 2008-04-05 22:05 1,001 --a------ C:\WINDOWS\system\CmcnfgU.ini
2008-04-05 22:00 . 2006-03-03 16:16 5,464,064 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-04-05 22:00 . 2006-02-10 15:51 1,391,040 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2008-04-05 22:00 . 2002-04-29 19:04 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-04-05 22:00 . 2001-11-23 16:08 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-04-05 22:00 . 2001-11-23 16:08 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-04-05 22:00 . 2004-04-14 15:28 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2008-04-05 22:00 . 2004-02-13 19:39 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-04-05 22:00 . 2006-01-03 16:07 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-04-05 22:00 . 2004-02-18 18:19 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-04-05 21:59 . 2005-12-07 20:20 258,048 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2008-04-05 21:59 . 2004-06-15 18:06 129,654 -r------- C:\WINDOWS\USB.bmp
2008-04-05 21:59 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 21:59 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 21:59 . 2007-06-26 16:22 5,648 -r------- C:\WINDOWS\Cmudau.ini
2008-04-05 21:59 . 2006-03-06 17:51 4,096 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-05 21:59 . 2006-01-17 18:55 766 -r------- C:\WINDOWS\trust_headset.ico
2008-04-04 21:58 . 2008-04-04 21:58 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Teggo
2008-04-04 21:35 . 2008-04-04 21:35 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Gamelab
2008-04-03 23:10 . 2008-04-14 15:59 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\MysteryStudio
2008-04-03 21:04 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\PlayFirst
2008-04-03 21:04 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-02 23:22 . 2008-04-08 21:14 <DIR> d-------- C:\Program Files\Teddy Factory
2008-04-02 21:53 . 2008-04-02 21:53 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\iWin
2008-04-02 21:53 . 2008-04-02 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin
2008-04-02 20:54 . 2008-04-13 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-01 18:10 . 2008-04-01 18:10 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-01 17:09 . 2008-04-01 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Aliasworlds
2008-04-01 15:55 . 2008-04-01 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-04-01 15:48 . 2008-04-23 12:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 15:36 . 2008-04-11 21:50 <DIR> d-------- C:\Program Files\bfgclient
2008-04-01 15:36 . 2008-04-01 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-01 12:41 . 2008-04-01 12:41 <DIR> d-------- C:\Program Files\ImTOO
2008-03-31 21:20 . 2008-03-31 21:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-31 16:32 . 2008-03-31 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-31 16:00 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-31 16:00 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-31 16:00 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-31 16:00 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-31 16:00 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-31 16:00 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-31 16:00 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-31 16:00 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-31 16:00 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-31 15:56 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-31 08:43 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-31 08:32 . 2006-12-07 07:29 2,374,472 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-03-30 22:31 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 20:24 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-30 15:04 . 2008-04-10 03:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Program Files\VisualTooltip
2008-03-29 15:11 . 2008-03-29 15:18 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Stardock
2008-03-29 15:11 . 2006-12-11 02:29 8,439,808 --a------ C:\WINDOWS\system32\vistaui.exe
2008-03-29 15:11 . 2006-12-26 04:25 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2008-03-29 15:09 . 2008-03-29 15:11 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-03-29 15:09 . 2008-03-29 15:14 <DIR> d-------- C:\VTPFiles
2008-03-29 15:09 . 2006-12-03 18:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-03-29 15:09 . 2006-12-03 18:10 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-03-29 15:09 . 2008-03-29 15:09 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-03-29 15:09 . 2006-12-03 18:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-03-29 15:09 . 2006-12-03 18:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-03-29 15:09 . 2006-12-03 18:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-03-29 15:03 . 2004-09-04 00:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-03-29 15:03 . 2006-05-26 23:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-03-29 14:51 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-29 14:46 . 2008-03-29 14:46 <DIR> d-------- C:\CNYSELPHYCP
2008-03-29 14:46 . 2008-03-29 14:46 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-29 14:44 . 2008-03-29 14:44 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-03-29 14:43 . 2008-03-29 14:44 <DIR> d-------- C:\Program Files\Canon
2008-03-29 12:18 . 2008-04-05 22:06 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2008-03-29 12:18 . 2008-04-23 10:20 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-29 12:07 . 2008-03-29 12:07 <DIR> d-------- C:\WINDOWS\Sun
2008-03-29 11:27 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-29 11:26 . 2008-03-29 11:26 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-29 11:24 . 2008-03-29 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-29 11:22 . 2008-03-29 11:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-29 11:20 . 2008-03-29 11:25 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-03-29 11:19 . 2008-03-29 11:19 <DIR> dr-h----- C:\MSOCache
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_73735.LOG
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_58823.LOG
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\fekalije\NTUSER.DAT_TU_44974.LOG

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 13:36 0 ----a-w C:\Program Files\temp01
2008-03-29 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 21:56 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-03-28 21:56 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-03-28 21:56 --------- d-----w C:\Program Files\CyberLink
2008-03-28 21:54 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 21:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 21:52 --------- d-----w C:\Program Files\Ahead
2008-03-28 21:51 --------- d-----w C:\Program Files\Foxit Software
2008-03-28 21:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Program Files\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Documents and Settings\fekalije\Application Data\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-28 21:48 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-03-28 21:45 --------- d-----w C:\Documents and Settings\fekalije\Application Data\Talkback
2008-03-28 21:43 --------- d-----w C:\Program Files\CONEXANT
2008-03-28 21:37 --------- d-----w C:\Program Files\Realtek
2008-03-28 21:08 --------- d-----w C:\Program Files\WIDCOMM
2008-03-28 21:05 --------- d-----w C:\Documents and Settings\fekalije\Application Data\ATI
2008-03-28 21:04 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-03-28 21:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-28 21:02 --------- d-----w C:\Program Files\ATI Technologies
2008-03-28 20:39 --------- d-----w C:\Program Files\microsoft frontpage
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{650AEA53-9CC2-4D06-8B06-081E39B8D4D9}]
2008-04-22 00:24 272896 --a------ C:\WINDOWS\system32\awtrSKbB.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
2008-04-22 00:19 39936 --a------ C:\WINDOWS\system32\ssqnnOhH.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 13:35 53248]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 01:31 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"MessengerPlus3"="C:\Documents and Settings\fekalije\Desktop\sanjasz\MsgPlus.exe" [2008-04-13 02:49 190024]
"58df4981"="C:\WINDOWS\system32\yejrgncy.dll" [ ]
"BM5bec7a1d"="C:\WINDOWS\system32\pigdgqti.dll" [ ]
"winsock32"="C:\WINDOWS\system32:winsock32.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"= C:\WINDOWS\system32\ssqnnOhH.dll [2008-04-22 00:19 39936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnOhH]
ssqnnOhH.dll 2008-04-22 00:19 39936 C:\WINDOWS\system32\ssqnnOhH.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^fekalije^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
--a------ 2006-07-30 20:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2007-11-20 16:02 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2006-12-25 09:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 10:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Games\\Football Challenge 2008 (24SATA)\\Game.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-23 17:24]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-23 17:24]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-02-10 15:51]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 09:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 09:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-29 02:30]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]
C:\WINDOWS\system32:winsock32.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 15:24:48 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-24 12:35:10 C:\WINDOWS\Tasks\At1.job"
- C:\DOCUME~1\fekalije\Desktop\Look2Me-Destroyer.exe
"2008-04-24 15:24:48 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-24 09:44:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-24 17:25:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\ssqnnOhH.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
C:\WINDOWS\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2008-04-24 17:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 15:29:53

Pre-Run: 4,323,557,376 bytes free
Post-Run: 4,397,047,808 bytes free

314 --- E O F --- 2008-04-14 01:03:01

Dopuna: 24 Apr 2008 21:43

ljudi molim vas pomozite sto prije!!!!

Poslao: 24 Apr 2008 22:05
Idi na vrh
offline
  • helen1  Male
  • Anti Malware Fighter
    Rank 2
  • Master učitelj
  • Pridružio: 27 Avg 2005
  • Poruke: 8617
  • Gde živiš: Novi Beograd

Nisam u mogucnosti da ti napisem dalja uputstva pa cu zamoliti nekog od kolega da preuzme ovaj slucaj.

Poslao: 24 Apr 2008 22:29
Idi na vrh
offline
  • ziga 
  • Novi MyCity građanin
  • Pridružio: 24 Apr 2008
  • Poruke: 7

zahvaljujem!samo ako je moguce sto prije.hvala

Poslao: 24 Apr 2008 22:39
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Razumem tvoju brigu što ti je sistem inficiran ali strpljenje je vrlina. Svima nama se za nešto žuri ili nam je hitno Wink Polako samo.. rešiće se.

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\WINDOWS\system32\ycngrjey.ini
C:\WINDOWS\BM5bec7a1d.xml
C:\WINDOWS\system32\awtrSKbB.dll
C:\WINDOWS\system32\ssqnnOhH.dll
C:\WINDOWS\system32\pigdgqti.dll
C:\WINDOWS\system32\yejrgncy.dll
C:\WINDOWS\system32\winsock32.exe
C:\WINDOWS\Tasks\At1.job

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{650AEA53-9CC2-4D06-8B06-081E39B8D4D9}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F50B3F5E-856E-4757-9BB1-B35D46CA7719}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MessengerPlus3"=-
"58df4981"=-
"BM5bec7a1d"=-
"winsock32"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{F50B3F5E-856E-4757-9BB1-B35D46CA7719}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqnnOhH]
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{0DA3B9B7-3DB5-97A1-DA31-969D6950BB42}]




Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

btw. Pod hitno da deinstaliraš taj Messenger Plus. On dolazi sa pojedinim malicioznim komponentama. To uradi čim ComboFix obavi posao i nanovo podigneš sistem.

Poslao: 24 Apr 2008 23:22
Idi na vrh
offline
  • ziga 
  • Novi MyCity građanin
  • Pridružio: 24 Apr 2008
  • Poruke: 7

hvala puno i ispricavam se zbog nestrpljivosti
ovo je taj log.





ComboFix 08-04-22.5 - fekalije 2008-04-24 23:04:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.636 [GMT 2:00]
Running from: C:\Documents and Settings\fekalije\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\fekalije\Desktop\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM5bec7a1d.xml
C:\WINDOWS\system32\awtrSKbB.dll
C:\WINDOWS\system32\pigdgqti.dll
C:\WINDOWS\system32\ssqnnOhH.dll
C:\WINDOWS\system32\winsock32.exe
C:\WINDOWS\system32\ycngrjey.ini
C:\WINDOWS\system32\yejrgncy.dll
C:\WINDOWS\Tasks\At1.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BM5bec7a1d.xml
C:\WINDOWS\SHELLNEW
C:\WINDOWS\SHELLNEW\EXCEL12.XLSX
C:\WINDOWS\SHELLNEW\MSPUB.PUB
C:\WINDOWS\SHELLNEW\PWRPNT12.PPTX
C:\WINDOWS\system32\awtrSKbB.dll
C:\WINDOWS\system32\ssqnnOhH.dll
C:\WINDOWS\system32\ycngrjey.ini
C:\WINDOWS\Tasks\At1.job

.
((((((((((((((((((((((((( Files Created from 2008-03-24 to 2008-04-24 )))))))))))))))))))))))))))))))
.

2008-04-24 15:38 . 2008-04-24 15:38 <DIR> d-------- C:\Program Files\Avira
2008-04-24 15:11 . 2008-04-24 15:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-04-24 15:07 . 2008-04-24 15:36 19,697,272 --a------ C:\WINDOWS\prem_sec_winnt_de_hp.exe
2008-04-24 14:31 . 2008-04-24 14:31 1,432 --a------ C:\DelDomains.inf
2008-04-24 13:17 . 2008-04-24 14:30 <DIR> d-------- C:\New Folder
2008-04-24 12:58 . 2008-04-24 12:58 <DIR> d-------- C:\Program Files\Lavasoft
2008-04-24 12:58 . 2008-04-24 12:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-23 17:24 . 2008-04-23 17:24 <DIR> d-------- C:\Program Files\AVG
2008-04-23 17:24 . 2008-04-23 17:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-04-23 17:24 . 2008-04-23 17:24 45,568 --a------ C:\WINDOWS\system32\avgfwdx.dll
2008-04-23 17:24 . 2008-04-23 17:24 22,528 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2008-04-23 17:02 . 2008-04-23 17:02 <DIR> d-------- C:\VundoFix Backups
2008-04-23 14:51 . 2008-04-23 14:54 <DIR> d-------- C:\Program Files\Spyware & Adware Removal
2008-04-23 12:16 . 2008-04-23 14:40 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-04-22 20:53 . 2008-04-22 20:56 <DIR> d-------- C:\Program Files\RegCure
2008-04-19 18:48 . 2008-04-19 18:48 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Fever Frenzy
2008-04-18 11:26 . 2008-04-18 11:27 <DIR> d-------- C:\Program Files\Fashion Rush
2008-04-18 11:19 . 2008-04-23 12:42 <DIR> d-------- C:\Program Files\Fashion Fits!
2008-04-18 11:07 . 2008-04-18 11:07 <DIR> d-------- C:\Program Files\Plantasia
2008-04-18 11:01 . 2008-04-23 12:39 <DIR> d-------- C:\Program Files\Roller Rush
2008-04-18 10:54 . 2008-04-19 19:50 <DIR> d-------- C:\Program Files\SpongeBob SquarePants Diner Dash
2008-04-18 10:43 . 2008-04-18 10:43 <DIR> d-------- C:\Program Files\Deep Quest
2008-04-18 10:30 . 2008-04-18 10:30 <DIR> d-------- C:\Program Files\Doggie Dash
2008-04-18 10:09 . 2008-04-18 10:09 <DIR> d-------- C:\Program Files\Recyclorama
2008-04-18 10:05 . 2008-04-18 10:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HipSoft
2008-04-16 16:01 . 2008-04-18 13:59 <DIR> d-------- C:\Games
2008-04-13 17:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-13 17:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-13 17:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-13 02:52 . 2008-04-13 02:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Messenger Plus!
2008-04-13 02:34 . 2008-04-13 02:39 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-13 02:33 . 2008-04-13 02:33 <DIR> d-------- C:\Program Files\Windows Live
2008-04-13 02:33 . 2008-04-13 02:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-10 15:24 . 2008-04-10 15:24 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Jane s Hotel Family Hero
2008-04-10 14:24 . 2008-04-23 12:42 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Fugazo
2008-04-07 20:05 . 2008-04-07 20:05 <DIR> d-------- C:\Logs
2008-04-07 19:23 . 2008-04-11 18:10 <DIR> dr------- C:\World of Warcraft
2008-04-07 19:15 . 2008-04-07 19:15 <DIR> d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-04-05 22:01 . 2008-04-05 22:05 1,001 --a------ C:\WINDOWS\system\CmcnfgU.ini
2008-04-05 22:00 . 2006-03-03 16:16 5,464,064 -ra------ C:\WINDOWS\system\cmcnfgu.cpl
2008-04-05 22:00 . 2006-02-10 15:51 1,391,040 -ra------ C:\WINDOWS\system32\drivers\cmudaxu.sys
2008-04-05 22:00 . 2002-04-29 19:04 917,504 -ra------ C:\WINDOWS\system\cmds3du.dll
2008-04-05 22:00 . 2001-11-23 16:08 712,704 -ra------ C:\WINDOWS\system32\a3dpropu.dll
2008-04-05 22:00 . 2001-11-23 16:08 712,704 -ra------ C:\WINDOWS\system32\a3d.dll
2008-04-05 22:00 . 2004-04-14 15:28 315,392 -ra------ C:\WINDOWS\system\cmifltr.dll
2008-04-05 22:00 . 2004-02-13 19:39 98,304 -ra------ C:\WINDOWS\system32\cmudau.dll
2008-04-05 22:00 . 2006-01-03 16:07 61,440 -ra------ C:\WINDOWS\system\cmsnxeye.exe
2008-04-05 22:00 . 2004-02-18 18:19 16,384 -ra------ C:\WINDOWS\system32\cmpropu.dll
2008-04-05 21:59 . 2005-12-07 20:20 258,048 -r------- C:\WINDOWS\CmiUSB2Uninstall.exe
2008-04-05 21:59 . 2004-06-15 18:06 129,654 -r------- C:\WINDOWS\USB.bmp
2008-04-05 21:59 . 2004-08-04 00:56 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2008-04-05 21:59 . 2004-08-04 00:56 21,504 --a--c--- C:\WINDOWS\system32\dllcache\hidserv.dll
2008-04-05 21:59 . 2007-06-26 16:22 5,648 -r------- C:\WINDOWS\Cmudau.ini
2008-04-05 21:59 . 2006-03-06 17:51 4,096 --ahs---- C:\WINDOWS\Thumbs.db
2008-04-05 21:59 . 2006-01-17 18:55 766 -r------- C:\WINDOWS\trust_headset.ico
2008-04-04 21:58 . 2008-04-04 21:58 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Teggo
2008-04-04 21:35 . 2008-04-04 21:35 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Gamelab
2008-04-03 23:10 . 2008-04-14 15:59 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\MysteryStudio
2008-04-03 21:04 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\PlayFirst
2008-04-03 21:04 . 2008-04-18 11:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-04-02 23:22 . 2008-04-08 21:14 <DIR> d-------- C:\Program Files\Teddy Factory
2008-04-02 21:53 . 2008-04-02 21:53 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\iWin
2008-04-02 21:53 . 2008-04-02 21:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iWin
2008-04-02 20:54 . 2008-04-13 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-04-01 18:10 . 2008-04-01 18:10 4,096 --a------ C:\WINDOWS\d3dx.dat
2008-04-01 17:09 . 2008-04-01 17:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Aliasworlds
2008-04-01 15:55 . 2008-04-01 15:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Astar Games
2008-04-01 15:48 . 2008-04-23 12:55 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-01 15:36 . 2008-04-11 21:50 <DIR> d-------- C:\Program Files\bfgclient
2008-04-01 15:36 . 2008-04-01 15:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2008-04-01 12:41 . 2008-04-01 12:41 <DIR> d-------- C:\Program Files\ImTOO
2008-03-31 21:20 . 2008-03-31 21:21 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-03-31 16:32 . 2008-03-31 16:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
2008-03-31 16:00 . 2008-03-01 15:06 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-03-31 16:00 . 2007-07-01 05:31 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-03-31 16:00 . 2007-07-01 05:36 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-03-31 16:00 . 2008-03-01 15:06 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-03-31 16:00 . 2008-03-01 15:06 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-03-31 16:00 . 2008-03-01 15:06 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-03-31 16:00 . 2008-03-01 15:06 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-03-31 16:00 . 2008-03-01 15:06 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-03-31 16:00 . 2008-02-22 12:00 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-03-31 15:56 . 2007-08-13 18:54 33,792 --a--c--- C:\WINDOWS\system32\dllcache\custsat.dll
2008-03-31 08:43 . 2007-07-09 15:09 584,192 -----c--- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-03-31 08:32 . 2006-12-07 07:29 2,374,472 -----c--- C:\WINDOWS\system32\dllcache\wmvcore.dll
2008-03-30 22:31 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-03-30 20:24 . 2004-08-04 00:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-03-30 15:04 . 2008-04-10 03:04 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Program Files\VisualTooltip
2008-03-29 15:11 . 2008-03-29 15:18 <DIR> d-------- C:\Program Files\Vista Sidebar
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Program Files\Blaero Start Orb
2008-03-29 15:11 . 2008-03-29 15:11 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\Stardock
2008-03-29 15:11 . 2006-12-11 02:29 8,439,808 --a------ C:\WINDOWS\system32\vistaui.exe
2008-03-29 15:11 . 2006-12-26 04:25 414,223 --a------ C:\WINDOWS\system32\vimc.exe
2008-03-29 15:09 . 2008-03-29 15:11 <DIR> d-------- C:\WINDOWS\system32\VITrans
2008-03-29 15:09 . 2008-03-29 15:14 <DIR> d-------- C:\VTPFiles
2008-03-29 15:09 . 2006-12-03 18:15 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2008-03-29 15:09 . 2006-12-03 18:10 81,920 --a------ C:\WINDOWS\system32\closeapp.exe
2008-03-29 15:09 . 2008-03-29 15:09 78,942 --a------ C:\WINDOWS\Icon_1.ico
2008-03-29 15:09 . 2006-12-03 18:15 69,632 --a------ C:\WINDOWS\system32\moveex.exe
2008-03-29 15:09 . 2006-12-03 18:15 19,968 --a------ C:\WINDOWS\system32\reico.exe
2008-03-29 15:09 . 2006-12-03 18:14 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2008-03-29 15:03 . 2004-09-04 00:43 199 --a------ C:\WINDOWS\system32\paypal.url
2008-03-29 15:03 . 2006-05-26 23:54 83 --a------ C:\WINDOWS\system32\winx.url
2008-03-29 14:51 . 2004-08-04 00:01 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2008-03-29 14:46 . 2008-03-29 14:46 <DIR> d-------- C:\CNYSELPHYCP
2008-03-29 14:46 . 2008-03-29 14:46 10 --a------ C:\WINDOWS\WININIT.INI
2008-03-29 14:44 . 2008-03-29 14:44 0 --a------ C:\WINDOWS\OpPrintServer.INI
2008-03-29 14:43 . 2008-03-29 14:44 <DIR> d-------- C:\Program Files\Canon
2008-03-29 12:18 . 2008-04-05 22:06 <DIR> d-------- C:\Program Files\vanBasco's Karaoke Player
2008-03-29 12:18 . 2008-04-24 18:53 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-03-29 12:07 . 2008-03-29 12:07 <DIR> d-------- C:\WINDOWS\Sun
2008-03-29 11:27 . 2006-10-26 20:56 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2008-03-29 11:26 . 2008-03-29 11:26 <DIR> d-------- C:\Program Files\Microsoft Works
2008-03-29 11:24 . 2008-03-29 11:24 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-03-29 11:22 . 2008-03-29 11:22 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-03-29 11:19 . 2008-03-29 11:19 <DIR> dr-h----- C:\MSOCache
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\NetworkService\NTUSER.DAT_TU_73735.LOG
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\LocalService\NTUSER.DAT_TU_58823.LOG
2008-03-29 04:24 . 2008-03-29 04:24 0 --ah----- C:\Documents and Settings\fekalije\NTUSER.DAT_TU_44974.LOG
2008-03-29 02:31 . 2008-03-29 02:31 <DIR> d-------- C:\Program Files\PowerISO
2008-03-29 02:30 . 2008-03-29 02:30 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-03-29 02:30 . 2008-04-24 12:56 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-29 02:30 . 2008-03-29 02:30 <DIR> d-------- C:\Documents and Settings\fekalije\Application Data\TuneUp Software
2008-03-29 02:30 . 2008-03-29 02:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-01 13:36 0 ----a-w C:\Program Files\temp01
2008-03-29 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-28 21:56 --------- d-----w C:\Program Files\CyberLink
2008-03-28 21:54 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-03-28 21:52 --------- d-----w C:\Program Files\Common Files\Ahead
2008-03-28 21:52 --------- d-----w C:\Program Files\Ahead
2008-03-28 21:51 --------- d-----w C:\Program Files\Foxit Software
2008-03-28 21:49 --------- d-----w C:\Program Files\Common Files\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Program Files\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Documents and Settings\fekalije\Application Data\ACD Systems
2008-03-28 21:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-03-28 21:48 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys
2008-03-28 21:45 --------- d-----w C:\Documents and Settings\fekalije\Application Data\Talkback
2008-03-28 21:43 --------- d-----w C:\Program Files\CONEXANT
2008-03-28 21:37 --------- d-----w C:\Program Files\Realtek
2008-03-28 21:08 --------- d-----w C:\Program Files\WIDCOMM
2008-03-28 21:05 --------- d-----w C:\Documents and Settings\fekalije\Application Data\ATI
2008-03-28 21:04 --------- d-----w C:\Program Files\Common Files\ATI Technologies
2008-03-28 21:02 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-03-28 21:02 --------- d-----w C:\Program Files\ATI Technologies
2008-03-28 20:39 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2008-04-24_17.29.02.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-24 15:24:37 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-24 21:10:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-04-24 14:13:47 68,602 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-04-24 17:07:57 68,602 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-24 14:13:47 435,958 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-04-24 17:07:57 435,958 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 18:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2006-04-15 13:35 53248]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-03-29 01:31 949376]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"msacm.divxa32"= msaud32_divx.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^fekalije^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Blaero Start Orb]
--a------ 2006-07-30 20:32 575488 C:\Program Files\Blaero Start Orb\Blaero Start Orb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2006-05-18 14:27 16207872 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
--a------ 2007-11-20 16:02 356352 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Sidebar]
--a------ 2006-12-25 09:14 6083072 C:\Program Files\Vista Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VisualTooltip]
--a------ 2006-10-06 10:21 942080 C:\Program Files\VisualTooltip\VisualToolTip.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\World of Warcraft\\Repair.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Games\\Football Challenge 2008 (24SATA)\\Game.exe"=
"C:\\WINDOWS\\system32\\ftp.exe"=

R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 00:56]
R3 Avgfwdx;Avgfwdx;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-23 17:24]
S3 Avgfwfd;AVG network filter service;C:\WINDOWS\system32\DRIVERS\avgfwdx.sys [2008-04-23 17:24]
S3 cmudau32;C-Media USB UDA Sound Interface;C:\WINDOWS\system32\drivers\cmudaxu.sys [2006-02-10 15:51]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 09:33]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 09:33]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 09:33]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 09:33]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-03-29 02:30]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

.
Contents of the 'Scheduled Tasks' folder
"2008-04-24 21:10:35 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe
"2008-04-24 21:10:35 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-04-24 09:44:29 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-04-24 23:11:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\nod32krn.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiadap.exe
.
**************************************************************************
.
Completion time: 2008-04-24 23:14:45 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-24 21:14:38
ComboFix2.txt 2008-04-24 15:30:15

Pre-Run: 4,191,936,512 bytes free
Post-Run: 4,177,772,544 bytes free

312 --- E O F --- 2008-04-14 01:03:01

Poslao: 24 Apr 2008 23:38
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Pokreni HijackThis i izaberi opciju 'Open the Misc Tools Section'.
Zatim izaberi opciju 'Open ADS Spy..'.
Klikni na 'Scan'.

Kada se skeniranje završi - (bude li išta pronađeno) izaberi pored opciju 'Save log'. Sačuvaj log kao txt dokument i postuj mi kompletan njegov sadržaj u sledećoj poruci.

Poslao: 24 Apr 2008 23:58
Idi na vrh
offline
  • ziga 
  • Novi MyCity građanin
  • Pridružio: 24 Apr 2008
  • Poruke: 7

kad idem na scan, da li da maknem kvačicu sa qiuck scan, ignore safe system info streams ili ne?

Poslao: 25 Apr 2008 00:02
Idi na vrh
offline
  • DEMIAN  Male
  • Legendarni građanin
  • IT Manager
  • Pridružio: 25 Mar 2005
  • Poruke: 3706
  • Gde živiš: The darkest place on earth..

Možeš da je skloniš sa Quick Scan - ništa sporno. Ostalo ne diraj.

MyCity » Ambulanta -> Arhiva Ambulante » vundo

Ko je trenutno na forumu
 

Ukupno su 1557 korisnika na forumu :: 54 registrovanih, 8 sakrivenih i 1495 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., AC-DC, Apok, Areal84, babaroga, Bobrock1, Boris90, Brana01, ccoogg123, cinoeye, darcaud, DejanSt, dekan.m, Denaya, DENIRO, djboj, dragoljub11987, Dukelander, elenemste, flash12, Georgius, gomago, GORDI, h8propaganda, HrcAk47, Istman, Ivica1102, kikisp, Koridor, Krvava Devetka, Kubovac, kunktator, ljuba, LUDI, Marko Marković, Mercury, milenko crazy north, Milometer, milutin134, nemkea71, novator, oganj123, pein, raso7, Ripanjac, Romibrat, ruso, S2M, Sirius, SlaKoj, vathra, Wrangler, šumar bk2