Virus problem :: Pc Klinika ~ Doktori za vas kompjuter

Toolbar

Pravilnik foruma

Burek marketing

Najčešća pitanja

Posetite Burek Prodavnicu

Zatvori

BUREK marketing

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Virus problem (Moderatori: enaB, chelavi1)

Trenutno vreme je: 03. Avg 2025, 23:39:56

Korisnici koji su trenutno na forumu 0 članova i 0 gostiju pregledaju ovu temu.

Napomena: Za sva pitanja u vezi kupovine novog hardware-a ili procene vrednosti i preporuke koristite - ovu temu!

Spyware,sta je,kako radi,kako se zastititi? :: Kako rade mreze :: Burek Anti-virus software review :: Index tema koje ne treba propustiti

Stranice:

2 3

Tema: Virus problem (Pročitano 3507 puta)

Daisyloveless

01. Avg 2013, 17:31:09

Clan u razvoju

Zodijak
Pol
Poruke	20

Chrome 28.0.1500.72

Ljudi, imam veliki problem. Pre par dana mi je upao virus, avast ga blokirao, i mislila sam sve je ok. Ali onda sam videla da mi slike ne rade, vidim ih kada je thumbnail, ali kada ih otvorim pise no preview avaivable, ili u ACDsee isto nece, ni preko photoshopa ili bude beo ekran ili nece, ne znam sta da radim, a to su sve tatine slike koje je godinama skidao a ko zna odakle. . . molim vas pomozite bilo kako, imam windows xp. . Smile

[Edit by lightsoft: Pisanje teksta velikim slovima [ALLCAPS] zabranjeno Pravilnikom Burek Foruma. Koristite blagodeti formatiranja teksta ako zelite nesto naglasiti!]

[Edit by lightsoft: Teme sa naslovima tipa: Hitno, Pomoc, Problem, Da li i slicne, treba maksimalno izbegavati! Naslov teme mora da odgovara njenom sadrzaju i da ga barem delimicno opisuje. Konsultujte se sa Pravilnikom Burek Foruma]

« Poslednja izmena: 01. Avg 2013, 17:36:37 od Lightsoft »

IP sačuvana

Zatvori

ivicaspas

Poruka #1

03. Avg 2013, 07:59:18

Prijatelj foruma

Poznata licnost

MC- argus

Zodijak
Pol
Poruke	4467
Zastava

	Windows 7
	Mozilla Firefox 22.0
	HTC

Preuzmi program DDS sa jednog od linkova na desktop

http://download.bleepingcomputer.com/sUBs/dds.scr
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.pif

Dvoklikom pokreni DDS
Sacekaj malo, izbacice ti dva loga
Kopiraj mi log DDS.txt.

IP sačuvana

Zatvori

Daisyloveless

Poruka #2

03. Avg 2013, 16:07:56

Clan u razvoju

Zodijak
Pol
Poruke	20

	Windows XP
	Chrome 28.0.1500.95

DDS (Ver_2012-11-20. 01) - NTFS_x86
Internet Explorer: 8. 0. 6001. 18702 BrowserJavaVersion: 10. 21. 2
Run by Windows XP at 16:03:01 on 2013-08-03
Microsoft Windows XP Professional 5. 1. 2600. 3. 1252. 381. 1033. 18. 768. 340 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\AVAST Software\Avast\AvastSvc. exe
C:\WINDOWS\Explorer. EXE
C:\WINDOWS\system32\spoolsv. exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins. exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM. EXE
C:\Program Files\Unlocker\UnlockerAssistant. exe
C:\Program Files\AVAST Software\Avast\avastUI. exe
C:\WINDOWS\system32\wuauclt. exe
C:\WINDOWS\Samsung\PanelMgr\SSMMgr. exe
C:\WINDOWS\system32\ctfmon. exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray. exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4. 0 SE\CalCheck. exe
C:\Program Files\MUSTEK 1248UB\Driver\WATCH. exe
C:\WINDOWS\System32\alg. exe
C:\Documents and Settings\Windows XP\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
C:\Documents and Settings\Windows XP\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
C:\Documents and Settings\Windows XP\Local Settings\Application Data\Google\Chrome\Application\chrome. exe
D:\! Ne Brisi\Desktop\dds. com
C:\WINDOWS\system32\wbem\wmiprvse. exe
C:\WINDOWS\System32\svchost. exe -k netsvcs
C:\WINDOWS\system32\svchost. exe -k NetworkService
C:\WINDOWS\system32\svchost. exe -k LocalService
C:\WINDOWS\system32\svchost. exe -k LocalService
C:\WINDOWS\system32\svchost. exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www. google. com/
uInternet Connection Wizard,ShellNext = iexplore
uURLSearchHooks: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - <orphaned>
mWinlogon: SFCDisable = dword:-99
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper. dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim. dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv. dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE. dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv. dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE. dll
uRun: [ctfmon. exe] c:\windows\system32\ctfmon. exe
uRun: [Google Update] "c:\documents and settings\windows xp\local settings\application data\google\update\GoogleUpdate. exe" /c
uRun: [myweather] "c:\program files\myfreeweather\myweather. exe" /autorun
uRun: [GoodNightPC. Exe] c:\program files\goodnightpc\GoodNightPC. Exe
uRun: [FishWallpaper] c:\program files\artdocks software\fish desktop wallpaper\FishWallpaper. exe
uRun: [Facebook Update] "c:\documents and settings\windows xp\local settings\application data\facebook\update\FacebookUpdate. exe" /c /nocrashserver
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant. exe" -H
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck. exe
mRun: [avast] "c:\program files\avast software\avast\avastUI. exe" /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9. 0\reader\Reader_sl. exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1. 0\AdobeARM. exe"
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr. exe /autorun
dRun: [CTFMON. EXE] c:\windows\system32\CTFMON. EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1. lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader. exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1. lnk - c:\program files\widcomm\bluetooth software\BTTray. exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\uleadp~1. lnk - c:\program files\ulead systems\ulead photo express 4. 0 se\CalCheck. exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\watch. lnk - c:\program files\mustek 1248ub\driver\WATCH. exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL. EXE/3000
IE: Send To &Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx. htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag. exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs. exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update. microsoft. com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site. cab?1272936741812
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java. sun. com/update/1. 7. 0/jinstall-1_7_0_21-windows-i586. cab
DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} - hxxp://java. sun. com/update/1. 7. 0/jinstall-1_7_0_21-windows-i586. cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java. sun. com/update/1. 7. 0/jinstall-1_7_0_21-windows-i586. cab
TCP: NameServer = 212. 62. 32. 1 212. 62. 32. 5
TCP: Interfaces\{08777B6A-99DD-4935-8F3F-091268A5410A} : DHCPNameServer = 212. 62. 32. 1 212. 62. 32. 5
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj. dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\windows xp\application data\mozilla\firefox\profiles\5oi0jpov. default\
FF - prefs. js: browser. search. selectedEngine - Yahoo
FF - prefs. js: keyword. URL - hxxp://search. yahoo. com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs. js: network. proxy. type - 4
FF - plugin: c:\documents and settings\windows xp\local settings\application data\facebook\video\skype\npFacebookVideoCalling. dll
FF - plugin: c:\documents and settings\windows xp\local settings\application data\google\update\1. 3. 21. 145\npGoogleUpdate3. dll
FF - plugin: c:\documents and settings\windows xp\local settings\application data\unity\webplayer\loader\npUnity3D32. dll
FF - plugin: c:\program files\adobe\reader 9. 0\reader\air\nppdf32. dll
FF - plugin: c:\program files\google\update\1. 3. 21. 145\npGoogleUpdate3. dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2. dll
FF - plugin: c:\program files\microsoft silverlight\npctrl. 1. 0. 20926. 0. dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1202122. dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171. dll
FF - plugin: c:\windows\system32\npDeployJava1. dll
FF - plugin: c:\windows\system32\npptools. dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt. sys [2013-5-31 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm. sys [2013-5-31 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx. sys [2013-5-31 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP. sys [2013-5-31 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk. sys [2013-5-31 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt. sys [2013-5-31 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc. exe [2013-5-31 46808]
S2 clr_optimization_v4. 0. 30319_32;Microsoft . NET Framework NGEN v4. 0. 30319_X86;c:\windows\microsoft. net\framework\v4. 0. 30319\mscorsvw. exe [2010-3-18 130384]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport. sys --> c:\windows\system32\drivers\SSPORT. sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4. 0. 0. 0;c:\windows\microsoft. net\framework\v4. 0. 30319\wpf\WPFFontCache_v0400. exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-06-29 17:24:06   770344   ----a-w-   c:\windows\system32\drivers\aswSnx. sys
2013-06-29 17:24:06   175176   ----a-w-   c:\windows\system32\drivers\aswVmm. sys
2013-06-12 17:35:30   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp. cpl
2013-06-12 17:35:30   692104   ----a-w-   c:\windows\system32\FlashPlayerApp. exe
2013-06-07 21:56:06   920064   ----a-w-   c:\windows\system32\wininet. dll
2013-06-07 21:56:06   43520   ----a-w-   c:\windows\system32\licmgr10. dll
2013-06-07 21:56:05   1469440   ----a-w-   c:\windows\system32\inetcpl. cpl
2013-06-07 21:55:44   385024   ----a-w-   c:\windows\system32\html. iec
2013-06-04 07:23:02   562688   ----a-w-   c:\windows\system32\qedit. dll
2013-06-04 01:40:45   1876736   ----a-w-   c:\windows\system32\win32k. sys
2013-05-16 16:12:22   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge. dll
2013-05-16 16:12:21   866720   ----a-w-   c:\windows\system32\npDeployJava1. dll
2013-05-16 16:12:21   788896   ----a-w-   c:\windows\system32\deployJava1. dll
2013-05-16 16:12:21   144896   ----a-w-   c:\windows\system32\javacpl. cpl
2013-05-09 08:59:10   49376   ----a-w-   c:\windows\system32\drivers\aswRvrt. sys
2013-05-09 08:59:09   66336   ----a-w-   c:\windows\system32\drivers\aswMonFlt. sys
2013-05-09 08:58:37   41664   ----a-w-   c:\windows\avastSS. scr
2013-05-08 22:28:02   1543680   ----a-w-   c:\windows\system32\wmvdecod. dll
.
============= FINISH: 16:03:44,44 ===============

IP sačuvana

Zatvori

ivicaspas

Poruka #3

03. Avg 2013, 16:48:21

Prijatelj foruma

Poznata licnost

MC- argus

Zodijak
Pol
Poruke	4467
Zastava

	Windows 7
	Mozilla Firefox 22.0
	HTC

Iz ove "lake" dijagnostike nisam mogao nista da zakljucim osim jednoga.

mWinlogon: SFCDisable = dword:-99

Ova linija mi kaze da Windows nije u stanju da brani svoje fajlove, razlog nije naveden Smile

Preuzmi ComboFix sa sledece adrese na Desktop:

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Iskljuci AV

Pokreni Combofix iskljucivo sa desktopa (I Agree)
Na svaki popup prozor klikci Yes \ Ok

Kad zavrsi skeniranje izbacice ti log na desktop

Kopiraj mi log ovde

IP sačuvana

Zatvori

Daisyloveless

Poruka #4

03. Avg 2013, 17:57:29

Clan u razvoju

Zodijak
Pol
Poruke	20

	Windows XP
	Chrome 28.0.1500.95

ComboFix 13-08-02.01 - Windows XP 03.08.2013 17:40:03.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.381.1033.18.768.497 [GMT 2:00]
Running from: d:\! ne brisi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\HBLiteSA
c:\documents and settings\All Users\Application Data\HBLiteSA\HBLiteSA_kyf_update.dat
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Start Menu\Programs\Startup\Ulead Photo Express 4.0 SE Calendar Checker .lnk
c:\documents and settings\Windows XP\Application Data\Desktopicon
c:\documents and settings\Windows XP\System
c:\documents and settings\Windows XP\System\win_qs8.jqx
c:\documents and settings\Windows XP\WINDOWS
c:\windows\system32\SET2D.tmp
c:\windows\system32\SETE4.tmp
.
c:\windows\system32\midimap.dll . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2013-07-03 to 2013-08-03 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-29 17:24 . 2013-05-31 14:21   369584   ----a-w-   c:\windows\system32\drivers\aswSP.sys
2013-06-29 17:24 . 2013-05-31 14:21   770344   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2013-06-29 17:24 . 2013-05-31 14:21   175176   ----a-w-   c:\windows\system32\drivers\aswVmm.sys
2013-06-12 17:35 . 2013-03-01 17:14   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-12 17:35 . 2013-03-01 17:14   692104   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2013-06-07 21:56 . 2009-04-23 09:04   920064   ----a-w-   c:\windows\system32\wininet.dll
2013-06-07 21:56 . 2009-04-23 09:04   43520   ----a-w-   c:\windows\system32\licmgr10.dll
2013-06-07 21:56 . 2009-04-23 09:04   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
2013-06-07 21:55 . 2009-04-23 09:04   385024   ----a-w-   c:\windows\system32\html.iec
2013-06-04 07:23 . 2008-04-14 19:00   562688   ----a-w-   c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2008-04-14 19:00   1876736   ----a-w-   c:\windows\system32\win32k.sys
2013-05-16 16:12 . 2013-05-16 16:12   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-05-16 16:12 . 2012-07-24 18:46   866720   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-05-16 16:12 . 2012-04-06 21:24   144896   ----a-w-   c:\windows\system32\javacpl.cpl
2013-05-16 16:12 . 2012-01-22 19:36   788896   ----a-w-   c:\windows\system32\deployJava1.dll
2013-05-09 08:59 . 2013-05-31 14:21   56080   ----a-w-   c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-05-31 14:21   49376   ----a-w-   c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-05-31 14:21   49760   ----a-w-   c:\windows\system32\drivers\aswRdr.sys
2013-05-09 08:59 . 2013-05-31 14:21   66336   ----a-w-   c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:59 . 2013-05-31 14:21   29816   ----a-w-   c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:58 . 2013-05-31 14:20   41664   ----a-w-   c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-05-31 14:21   229648   ----a-w-   c:\windows\system32\aswBoot.exe
2013-05-08 22:28 . 2009-04-23 09:06   1543680   ----a-w-   c:\windows\system32\wmvdecod.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys
.
[-] 2008-04-14 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys
.
[-] 2008-04-14 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys
.
[-] 2008-04-14 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys
.
[-] 2008-04-14 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
.
[-] 2008-04-14 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys
.
[-] 2008-04-14 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys
.
[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe
.
[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll
.
[-] 2008-04-14 19:00 . 61316C2223110E9ADB7F6384B261067A . 1739264 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll
.
[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll
.
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
.
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
.
[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe
[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2347290$\spoolsv.exe
.
[-] 2008-04-14 . 7DD9CE78DD441EEA2BBAFF6D3EEAAD08 . 557056 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll
[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll
[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
[-] 2008-04-14 . 5A2565DF3F1EFCCE231A340064D09485 . 673280 . . [5.82] . . c:\windows\$NtUninstallKB2296011$\comctl32.dll
[-] 2008-04-14 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-04-14 . 5C692EA11E5FDC05BE8B7C6FB37B02E0 . 1041408 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
.
[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll
.
[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
.
[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll
.
[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll
.
[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll
.
[-] 2008-04-14 . 355EDBB4D412B01F1740C17E3F50FA00 . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[-] 2008-04-14 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
[-] 2008-04-14 . D7075E95AA599EE77B7A89D39296BD3D . 343040 . . [7.0.2600.5512] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.5512_x-ww_3fd60d63\msvcrt.dll
.
[-] 2008-04-14 . 1B7F071C51B77C272875C3A23E1E4550 . 407040 . . [5.1.2600.5512] . . c:\windows\system32\netlogon.dll
.
[-] 2008-04-14 . 50A166237A0FA771261275A405646CC0 . 17408 . . [6.00.2900.5512] . . c:\windows\system32\powrprof.dll
.
[-] 2008-04-14 . A86BB5E61BF3E39B62AB4C7E7085A084 . 181248 . . [5.1.2600.5512] . . c:\windows\system32\scecli.dll
.
[-] 2008-04-14 . 96E1C926F22EE1BFBAE82901A35F6BF3 . 5120 . . [5.1.2600.5512] . . c:\windows\system32\sfc.dll
.
[-] 2008-04-14 . 27C6D03BCDB8CFEB96B716F3D8BE3E18 . 14336 . . [5.1.2600.5512] . . c:\windows\system32\svchost.exe
.
[-] 2008-04-14 . 3CB78C17BB664637787C9A1C98F79C38 . 249856 . . [5.1.2600.5512] . . c:\windows\system32\tapisrv.dll
.
[-] 2008-04-14 . 882A4C8388B19A66462AC8E7C4DC674A . 524288 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
.
[-] 2008-04-14 . A93AEE1928A9D7CE3E16D24EC7380F89 . 26112 . . [5.1.2600.5512] . . c:\windows\system32\userinit.exe
.
[-] 2008-04-14 . 2CCC474EB85CEAA3E1FA1726580A3E5A . 82432 . . [5.1.2600.5512] . . c:\windows\system32\ws2_32.dll
.
[-] 2008-04-14 . 9789E95E1D88EEB4B922BF3EA7779C28 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\ws2help.dll
.
[-] 2008-04-14 . 54174BFE93482062D8849430CC9B87B6 . 1533952 . . [6.00.2900.5512] . . c:\windows\explorer.exe
.
[-] 2008-04-14 . E6962E24D52E4C02CAF29EFFDC718277 . 354304 . . [5.1.2600.5512] . . c:\windows\regedit.exe
.
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\usp10.dll
[-] 2010-04-16 . 9E03DC5AB51CFD0190541CE2038D819D . 406016 . . [1.0420.2600.5969] . . c:\windows\system32\dllcache\usp10.dll
[-] 2010-04-16 . F8894BCC961D461674002B4BAE7AECC1 . 406016 . . [1.0420.2600.5969] . . c:\windows\$hf_mig$\KB981322\SP3QFE\usp10.dll
[-] 2008-04-14 . 7D7D8501F3CB45D0408CDEFA08CDAEFF . 406016 . . [1.0420.2600.5512] . . c:\windows\$NtUninstallKB981322$\usp10.dll
.
[-] 2008-04-14 . 9B9F1C38D559047B8AC0DBA2D5FEBDE9 . 4096 . . [5.3.2600.5512] . . c:\windows\system32\ksuser.dll
.
[-] 2008-04-14 . C1D50243355A290CB3AA684FD8B38170 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
.
[-] 2008-04-14 . AFFC87E2501FCE8F09D4C10BA6421CCF . 4608 . . [5.1.2600.5512] . . c:\windows\system32\msimg32.dll
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
.
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
.
[-] 2008-04-14 . 5733177BCF16EE78B99543C9B0AB81EA . 177152 . . [5.1.2600.5512] . . c:\windows\system32\MSCTFIME.IME
.
[-] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\system32\eventlog.dll
.
[-] 2010-05-02 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
[-] 2008-04-14 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys
.
[-] 2008-04-14 . 5B19B557B0C188210A56A6B699D90B8F . 59904 . . [5.1.2600.5512] . . c:\windows\system32\regsvc.dll
.
[-] 2008-04-14 . 0A9A7365A1CA4319AA7C1D6CD8E4EAFA . 192512 . . [5.1.2600.5512] . . c:\windows\system32\schedsvc.dll
.
[-] 2008-04-14 . 0A5679B3714EDAB99E357057EE88FCA6 . 71680 . . [5.1.2600.5512] . . c:\windows\system32\ssdpsrv.dll
.
[-] 2008-04-14 . FF3477C03BE7201C294C35F684B3479F . 295424 . . [5.1.2600.5512] . . c:\windows\system32\termsrv.dll
.
[-] 2008-04-14 . 3617EF41875C69AE11D6A128B9D22AFC . 393216 . . [5.1.2600.5512] . . c:\windows\system32\hnetcfg.dll
.
[-] 2008-04-14 . D8849F77C0B66226335A59D26CB4EDC6 . 167936 . . [5.1.2600.5512] . . c:\windows\system32\appmgmts.dll
.
[-] 2001-08-17 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\dllcache\acpiec.sys
[-] 2001-08-17 . 9859C0F6936E723E4892D7141B1327D5 . 11648 . . [5.1.2600.0] . . c:\windows\system32\drivers\acpiec.sys
.
[-] 2008-04-13 22:09 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\system32\drivers\aec.sys
.
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\agp440.sys
[-] 2008-04-13 . 08FD04AA961BDC77FB983F328334E3D7 . 42368 . . [5.1.2600.5512] . . c:\windows\system32\drivers\agp440.sys
.
[-] 2008-04-14 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
.
[-] 2010-09-18 07:18 . 842900DEDBC8E3E8DBCCCB298FD88F65 . 953856 . . [4.1.6151] . . c:\windows\$hf_mig$\KB2387149\SP3QFE\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\mfc40u.dll
[-] 2010-09-18 06:53 . E76A5C202E68AF5A322D16B5A78F48B9 . 953856 . . [4.1.6151] . . c:\windows\system32\dllcache\mfc40u.dll
[-] 2008-04-14 19:00 . CDDD4416B2B4C7295FE3FDB6DDE57E4E . 927504 . . [4.1.0.61] . . c:\windows\$NtUninstallKB2387149$\mfc40u.dll
.
[-] 2008-04-14 . 986B1FF5814366D71E0AC5755C88F2D3 . 33792 . . [5.1.2600.5512] . . c:\windows\system32\msgsvc.dll
.
[-] 2009-04-23 09:06 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
.
[-] 2008-04-14 19:00 . 156F64A3345BD23C600655FB4D10BC08 . 435200 . . [5.1.2400.5512] . . c:\windows\system32\ntmssvc.dll
.
[-] 2008-04-14 . 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 . 185856 . . [5.1.2600.5512] . . c:\windows\system32\upnphost.dll
.
[-] 2008-04-14 . 4D83ED8BDDEC431FC8AD907B47CFB6E3 . 367616 . . [5.3.2600.5512] . . c:\windows\system32\dsound.dll
.
[-] 2008-04-14 . 0607CBC6FA20114CB491EFE4B2F9EFAD . 1689088 . . [5.03.2600.5512] . . c:\windows\system32\d3d9.dll
.
[-] 2008-04-14 . A340CD71EB535A3DD751B5F28723E50C . 279552 . . [5.03.2600.5512] . . c:\windows\system32\ddraw.dll
.
[-] 2008-04-14 19:00 . 5652F6CE1D9E9D8068B9D29BC21B5409 . 84992 . . [5.1.2600.5512] . . c:\windows\system32\olepro32.dll
.
[-] 2008-04-14 . DBE2B62353660ECCA0D75EA307A717E9 . 39936 . . [5.1.2600.5512] . . c:\windows\system32\perfctrs.dll
.
[-] 2008-04-14 . C7CE131408739B0B3A318BE2D0032719 . 18944 . . [5.1.2600.5512] . . c:\windows\system32\version.dll
.
.
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
[-] 2008-04-14 . 54AF4B1D5459500EF0937F6D33B1914F . 175104 . . [5.1.2600.5512] . . c:\windows\system32\w32time.dll
.
[-] 2008-04-14 . 8BAD69CBAC032D4BBACFCE0306174C30 . 333824 . . [5.1.2600.5512] . . c:\windows\system32\wiaservc.dll
.
[-] 2008-04-14 . 448937CF6D5D4A4009532DF67B205F92 . 32256 . . [5.1.2600.5512] . . c:\windows\system32\midimap.dll
.
[-] 2008-04-14 . 6F9BEF24C578D5D6740E080BEDD6A448 . 7680 . . [5.1.2600.5512] . . c:\windows\system32\rasadhlp.dll
.
[-] 2008-04-14 . 4E3D06D6E68EEDB52565080F55B460D3 . 19456 . . [5.1.2600.5512] . . c:\windows\system32\wshtcpip.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58   121968   ----a-w-   c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-06 21:57   578512   ----a-w-   c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\documents and settings\Windows XP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" [2013-01-25 138096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2013-05-08 41056]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-08-14 614400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2013-8-1 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693]
Watch.lnk - c:\program files\MUSTEK 1248UB\Driver\WATCH.exe [2012-5-29 364544]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\aTube Catcher\\yct.exe"=
"c:\\Documents and Settings\\Windows XP\\Local Settings\\Application Data\\Facebook\\Video\\Skype\\FacebookVideoCalling.exe"=
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [31.5.2013 16:21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [31.5.2013 16:21 175176]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [31.5.2013 16:21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.5.2013 16:21 369584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.5.2013 16:21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [31.5.2013 16:21 66336]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-01 17:35]
.
2013-08-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-05-31 08:58]
.
2013-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1425521274-1644491937-1003Core.job
- c:\documents and settings\Windows XP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-25 16:49]
.
2013-08-03 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1715567821-1425521274-1644491937-1003UA.job
- c:\documents and settings\Windows XP\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe [2013-01-25 16:49]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 14:21]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-05-31 14:21]
.
2013-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1425521274-1644491937-1003Core1ce517a67c83340.job
- c:\documents and settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 20:16]
.
2013-08-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1715567821-1425521274-1644491937-1003UA.job
- c:\documents and settings\Windows XP\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-21 20:16]
.
2013-08-01 c:\windows\Tasks\PhotoPadReminder.job
- c:\program files\NCH Software\PhotoPad\photopad.exe [2012-12-08 09:57]
.
2013-08-01 c:\windows\Tasks\PixillionReminder.job
- c:\program files\NCH Software\Pixillion\pixillion.exe [2012-12-08 11:36]
.
2012-12-18 c:\windows\Tasks\prismShakeIcon.job
- c:\program files\NCH Software\Prism\prism.exe [2012-12-08 20:37]
.
2013-08-03 c:\windows\Tasks\User_Feed_Synchronization-{15AE23ED-96D5-4B78-8167-F665EF6318F4}.job
- c:\windows\system32\msfeedssync.exe [2009-04-23 09:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 212.62.32.1 212.62.32.5
FF - ProfilePath - c:\documents and settings\Windows XP\Application Data\Mozilla\Firefox\Profiles\5oi0jpov.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=937811&p=
FF - prefs.js: network.proxy.type - 4
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-myweather - c:\program files\MyFreeWeather\myweather.exe
HKCU-Run-GoodNightPC.Exe - c:\program files\GoodNightPC\GoodNightPC.Exe
HKCU-Run-FishWallpaper - c:\program files\Artdocks Software\Fish Desktop Wallpaper\FishWallpaper.exe
AddRemove-UnityWebPlayer - c:\documents and settings\Windows XP\Local Settings\Application Data\Unity\WebPlayer\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-03 17:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(564)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\COMRes.dll
c:\windows\system32\cscui.dll
.
- - - - - - - > 'lsass.exe'(620)
c:\windows\system32\SETUPAPI.dll
.
Completion time: 2013-08-03 17:55:52
ComboFix-quarantined-files.txt 2013-08-03 15:55
.
Pre-Run: 4.445.470.720 bytes free
Post-Run: 5.246.992.384 bytes free
.
- - End Of File - - 89E57469B62C4EB899CAF26D75E437FC
8F558EB6672622401DA993E1E865C861

IP sačuvana

Zatvori

ivicaspas

Poruka #5

03. Avg 2013, 18:59:11

Prijatelj foruma

Poznata licnost

MC- argus

Zodijak
Pol
Poruke	4467
Zastava

	Windows 7
	Mozilla Firefox 22.0
	HTC

Preuzmi program SystemLook sa ovog ili ovog linka na Desktop;

Dvoklikom pokreni SystemLook;

- U beli okvir prozora iskopirati sledeći tekst:
Kod:

:filefind
midimap.dll
Klikni taster Look;

Po završetku rada programa priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktop-u korišćenjem opcije Prikači Fajl.

IP sačuvana

Zatvori

Daisyloveless

Poruka #6

03. Avg 2013, 19:30:57

Clan u razvoju

Zodijak
Pol
Poruke	20

	Windows XP
	Chrome 28.0.1500.95

Evo fajla

Fajlovi prikačeni uz poruku (kliknite na slike za punu veličinu)

SystemLook.txt (0.63 KB)

IP sačuvana

Zatvori

ivicaspas

Poruka #7

03. Avg 2013, 19:49:43

Prijatelj foruma

Poznata licnost

MC- argus

Zodijak
Pol
Poruke	4467
Zastava

	Windows 7
	Mozilla Firefox 22.0
	HTC

Windows ne pokazuje znakove infekcije, ali dosta je ostecenih fajlova.

Da li si probala neku od tih slika da prekopiras i otvoris na drugom racunaru?

IP sačuvana

Zatvori

Daisyloveless

Poruka #8

03. Avg 2013, 19:52:39

Clan u razvoju

Zodijak
Pol
Poruke	20

	Windows XP
	Chrome 28.0.1500.95

Jesam ali nece nikako.. Smile

IP sačuvana

Zatvori

ivicaspas

Poruka #9

03. Avg 2013, 19:56:42

Prijatelj foruma

Poznata licnost

MC- argus

Zodijak
Pol
Poruke	4467
Zastava

	Windows 7
	Mozilla Firefox 22.0
	HTC

Mozes li da mi kazes koji je virus bio u pitanju (secas li se), i kako si ga obrisala?

IP sačuvana

Zatvori

Stranice:

2 3

Burek :: Forumi :: > Tehnicki deo foruma > Pc Klinika ~ Doktori za vas kompjuter

Tema: Virus problem (Moderatori: enaB, chelavi1)

Trenutno vreme je: 03. Avg 2025, 23:39:56

Prebaci se na:

Oznake: POMOC exe

Poslednji odgovor u temi napisan je pre više od 6 meseci.

Temu ne bi trebalo "iskopavati" osim u slučaju da imate nešto važno da dodate. Ako ipak želite napisati komentar, kliknite na dugme "Odgovori" u meniju iznad ove poruke. Postoje teme kod kojih su odgovori dobrodošli bez obzira na to koliko je vremena od prošlog prošlo. Npr. teme o određenom piscu, knjizi, muzičaru, glumcu i sl. Nemojte da vas ovaj spisak ograničava, ali nemojte ni pisati na teme koje su završena priča.

Forum Info: Banneri Foruma :: Burek Toolbar :: Burek Prodavnica :: Burek Quiz :: Najcesca pitanja :: Tim Foruma :: Prijava zloupotrebe

Izvori vesti: Blic :: Wikipedia :: Mondo :: Press :: Naša mreža :: Sportska Centrala :: Glas Javnosti :: Kurir :: Mikro :: B92 Sport :: RTS :: Danas

Prijatelji foruma: Triviador :: Nova godina Beograd :: nova godina restorani :: FTW.rs :: MojaPijaca :: Pojacalo :: 011info :: Burgos :: Sudski tumač Novi Beograd

Pravne Informacije: Pravilnik Foruma :: Politika privatnosti :: Uslovi koriscenja :: O nama :: Marketing :: Kontakt :: Sitemap

All content on this website is property of "Burek.com" and, as such, they may not be used on other websites without written permission.