Imam dve stetocine

skinuo sam SP2 posto ni na novom sistemu nije hteo da odradi update...


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:19:31 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\security\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Windows Host32 Server Service (WinHost32Svr) - Unknown owner - C:\WINDOWS\security\svchost.exe

--
End of file - 2673 bytes

koliko vidim jos su tu



koliko sam ja provalio za sad ovi virusi mi delimicno blokiraju izlaz na net,ne mogu da odradim update sa AVG-om,nemam pristup microsoft sajtovima i ne mogu da koristim automatic update,jos jednom da ponovim da sam instalirao nov sistem i da je problem ostao...

@izida koliko vidim malwarebytes je otkrio malware y tvom sistemu, potrebno je samo da kliknes na Remove Selected i problem ce biti resen

obicno je tako ali to kod mene nije slucaj,ja ih izbrise,racunar se restartuje ali problem ostaje...

a da probas da uradis iz safe moda ;)

Privremeno iskljuci svoj AntiVirus program

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

note: Ako vec imas ComboFix u kompjuteru,obrisi tu i skini noviju verziju sa datih linkova radi update-a


Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu.
Nediraj Mis i nediraj tastaturu dok skripta radi!
Znaci ostavi je da odradi svoje
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

*postavi ComboFix logfile

ComboFix 09-01-06.02 - Administrator 2009-01-07 18:05:01.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.667 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1296 [VPS 090106-1] *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Legacy_WINHOST32SVR
-------\Service_sysdrv32
-------\Service_WinHost32Svr


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 17:31 . 2009-01-07 17:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-07 16:56 . 2009-01-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-07 12:25 . 2009-01-07 12:25 <DIR> d-------- c:\program files\AVG
2009-01-07 12:19 . 2009-01-07 12:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 12:08 . 2009-01-07 12:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 12:07 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-07 12:06 . 2004-07-17 11:40 19,528 --a------ c:\windows\002509_.tmp
2009-01-07 12:05 . 2009-01-07 12:05 <DIR> d-------- c:\windows\EHome
2009-01-07 00:51 . 2009-01-07 00:51 <DIR> d-------- c:\program files\FreePack
2009-01-07 00:51 . 2009-01-07 00:53 94 --a------ c:\windows\Folders.ini
2009-01-07 00:46 . 2009-01-07 00:48 <DIR> d-------- c:\program files\Girder
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\program files\Foxit Software
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2009-01-07 00:42 . 2009-01-07 01:00 <DIR> d-------- C:\ProgDVB
2009-01-07 00:36 . 2009-01-07 00:36 <DIR> d-------- c:\program files\DVBViewerTE
2009-01-07 00:34 . 2009-01-07 00:34 <DIR> d-------- c:\program files\TechniSat DVB
2009-01-07 00:34 . 2004-03-10 23:37 1,045,776 --a------ c:\windows\system32\msjet35.dll
2009-01-07 00:34 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-07 00:34 . 2004-03-10 23:37 252,176 --a------ c:\windows\system32\msrd2x35.dll
2009-01-07 00:34 . 2004-03-10 23:37 123,664 --a------ c:\windows\system32\Msjint35.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll
2009-01-07 00:34 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll
2009-01-07 00:34 . 2004-03-10 23:37 24,848 --a------ c:\windows\system32\msjter35.dll
2009-01-07 00:33 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-07 00:32 . 2004-05-02 20:30 451,816 -ra------ c:\windows\system32\drivers\SkyNET.sys
2009-01-07 00:04 . 2009-01-07 00:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 00:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 23:34 . 2009-01-06 23:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 22:30 . 2009-01-07 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 22:21 . 2009-01-06 22:21 <DIR> d-------- c:\program files\Valve
2009-01-06 22:10 . 2009-01-06 22:10 <DIR> d-------- c:\windows\system32\bits
2009-01-06 22:10 . 2009-01-06 23:34 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 21:43 . 2004-08-04 00:56 438,784 --------- c:\windows\system32\xpob2res.dll
2009-01-06 21:43 . 2004-08-04 00:56 351,232 --a------ c:\windows\system32\winhttp.dll
2009-01-06 21:43 . 2004-08-04 00:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-06 21:43 . 2004-08-04 00:56 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-06 21:43 . 2004-08-04 00:56 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-06 21:34 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-06 21:34 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-06 21:34 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-06 21:34 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-06 21:34 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-01-06 21:34 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-01-06 21:34 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-06 21:31 . 2009-01-06 21:31 0 --a------ c:\windows\nsreg.dat
2009-01-06 21:28 . 2009-01-06 21:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 21:28 . 2009-01-06 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 21:18 . 2009-01-06 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-06 21:15 . 2004-08-04 00:56 1,119,744 --a------ c:\windows\system32\wmsdmoe2.dll
2009-01-06 21:07 . 2009-01-06 21:07 0 --a------ c:\windows\ativpsrm.bin
2009-01-06 21:06 . 2007-12-20 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-01-06 21:06 . 2004-08-03 22:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-06 21:06 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-06 21:06 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-06 21:05 . 2009-01-06 20:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-06 21:04 . 2009-01-07 18:05 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\program files\VID_0E8F&PID_0003
2009-01-06 21:02 . 2009-01-06 20:17 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:10 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2009-01-06 19:54 --------- d-----w c:\program files\My Company Name
2009-01-06 19:52 --------- d-----w c:\program files\ATI Technologies
2009-01-06 19:51 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-06 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 19:34 --------- d-----w c:\program files\Realtek
2009-01-06 19:20 --------- d-----w c:\program files\Intel
2009-01-06 19:15 558,142 ----a-w c:\windows\java\Packages\0FJNJ9FL.ZIP
2009-01-06 19:15 155,995 ----a-w c:\windows\java\Packages\OVRHZTND.ZIP
2009-01-06 19:15 --------- d-----w c:\program files\microsoft frontpage
2004-08-03 23:56 167,833 --sha-r c:\windows\system32\frsvyou.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2009-01-07 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\FreePack\PSU\PSU.EXE [2008-10-07 57003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-06 450560]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-01-07 430080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7253:TCP"= 7253:TCP:xkwwjmol

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-07 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-01-07 451816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2009-01-06 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-07 20560]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2009-01-06 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xzyhysqm;xzyhysqm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 dztwbejgo;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 hkxbzg;hkxbzg;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 wqenk;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hkxbzg
dztwbejgo
wqenk
.
.
------- Supplementary Scan -------
.
TCP: {AACF6E13-2B55-499D-A999-253A0FB321E6} = 93.93.93.2,194.106.162.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0u3h6l59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 18:07:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xzyhysqm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dztwbejgo]
"ServiceDll"="c:\windows\System32\frsvyou.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wqenk]
"ServiceDll"="c:\windows\system32\frsvyou.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1016)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\windows\ATKKBService.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2009-01-07 18:08:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-07 17:08:53

Pre-Run: 46,348,374,016 bytes free
Post-Run: 46,285,733,888 bytes free

214 --- E O F --- 2009-01-06 21:10:44

Kazi mi da li si imao AVG8 pre avasta i da li si ga deinstalirao, posto vidim ovde ostatke istog i postavi mi novi HJT log, svezi.

imao sam ga pre avast-a ali sa da deinstalirao posto nije hteo da radi update a taj ostatak je bio prazan folder(izbrisan)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:37 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\Program Files\FreePack\PSU\PSU.EXE
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3832 bytes

Otvori Notepad i kopiraj tekst koji se nalazi ispod:
Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop





Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix automatski ,mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Posalji ComboFix log kao i svez HijackThis log



_{[Ovu poruku je menjao Goran Mijailovic dana 07.01.2009. u 20:33 GMT+1]}

nadam se da sam dobro odradio,ovo sto sam trebao da prekopiram nadam se da je trebalo samo ovo
bez ovog

ComboFix 09-01-07.01 - Administrator 2009-01-07 20:10:29.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.568 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090107-0] *On-access scanning disabled* (Updated)
* Created a new restore point

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]

FILE ::
c:\documents and settings\All Users\Application Data\Avg8
.

((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 19:41 . 2009-01-07 19:46 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\~0
2009-01-07 19:41 . 2009-01-07 19:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Uniblue
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg8
2009-01-07 17:31 . 2009-01-07 17:31 <DIR> d-------- c:\program files\Alwil Software
2009-01-07 16:56 . 2009-01-07 16:56 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-07 16:55 . 2009-01-07 16:55 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-01-07 12:19 . 2009-01-07 12:19 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 12:08 . 2009-01-07 12:08 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-07 12:07 . 2004-08-04 00:56 2,897,920 --------- c:\windows\system32\xpsp2res.dll
2009-01-07 12:06 . 2004-07-17 11:40 19,528 --a------ c:\windows\002509_.tmp
2009-01-07 12:05 . 2009-01-07 12:05 <DIR> d-------- c:\windows\EHome
2009-01-07 00:51 . 2009-01-07 00:51 <DIR> d-------- c:\program files\FreePack
2009-01-07 00:51 . 2009-01-07 00:53 94 --a------ c:\windows\Folders.ini
2009-01-07 00:46 . 2009-01-07 00:48 <DIR> d-------- c:\program files\Girder
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\program files\Foxit Software
2009-01-07 00:45 . 2009-01-07 00:45 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Foxit
2009-01-07 00:42 . 2009-01-07 01:00 <DIR> d-------- C:\ProgDVB
2009-01-07 00:36 . 2009-01-07 00:36 <DIR> d-------- c:\program files\DVBViewerTE
2009-01-07 00:34 . 2009-01-07 00:34 <DIR> d-------- c:\program files\TechniSat DVB
2009-01-07 00:34 . 2004-03-10 23:37 1,045,776 --a------ c:\windows\system32\msjet35.dll
2009-01-07 00:34 . 2004-03-10 23:37 368,912 --a------ c:\windows\system32\vbar332.dll
2009-01-07 00:34 . 2004-03-10 23:37 252,176 --a------ c:\windows\system32\msrd2x35.dll
2009-01-07 00:34 . 2004-03-10 23:37 123,664 --a------ c:\windows\system32\Msjint35.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\SkyDll.dll
2009-01-07 00:34 . 2004-05-02 20:30 118,784 --a------ c:\windows\system32\Sky2PCUI.dll
2009-01-07 00:34 . 2004-04-13 13:15 102,400 --a------ c:\windows\system32\libbz2.dll
2009-01-07 00:34 . 2004-03-10 23:37 24,848 --a------ c:\windows\system32\msjter35.dll
2009-01-07 00:33 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe
2009-01-07 00:32 . 2004-05-02 20:30 451,816 -ra------ c:\windows\system32\drivers\SkyNET.sys
2009-01-07 00:04 . 2009-01-07 00:05 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-07 00:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-01-07 00:04 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-07 00:04 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-06 23:34 . 2009-01-06 23:34 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\Common Files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\program files\ACD Systems
2009-01-06 23:33 . 2009-01-06 23:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\program files\Lavasoft
2009-01-06 22:31 . 2009-01-06 22:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-06 22:30 . 2009-01-07 16:55 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-06 22:21 . 2009-01-06 22:21 <DIR> d-------- c:\program files\Valve
2009-01-06 22:10 . 2009-01-06 22:10 <DIR> d-------- c:\windows\system32\bits
2009-01-06 22:10 . 2009-01-06 23:34 <DIR> d--h----- c:\windows\$hf_mig$
2009-01-06 21:43 . 2004-08-04 00:56 438,784 --------- c:\windows\system32\xpob2res.dll
2009-01-06 21:43 . 2004-08-04 00:56 351,232 --a------ c:\windows\system32\winhttp.dll
2009-01-06 21:43 . 2004-08-04 00:56 18,944 --a------ c:\windows\system32\qmgrprxy.dll
2009-01-06 21:43 . 2004-08-04 00:56 8,192 --------- c:\windows\system32\bitsprx2.dll
2009-01-06 21:43 . 2004-08-04 00:56 7,168 --------- c:\windows\system32\bitsprx3.dll
2009-01-06 21:37 . 2009-01-06 21:37 <DIR> d---s---- c:\documents and settings\Administrator\UserData
2009-01-06 21:34 . 2008-10-16 14:12 561,688 --a------ c:\windows\system32\wuapi.dll
2009-01-06 21:34 . 2008-10-16 14:12 323,608 --a------ c:\windows\system32\wucltui.dll
2009-01-06 21:34 . 2008-10-16 14:12 213,528 --a------ c:\windows\system32\wuaucpl.cpl
2009-01-06 21:34 . 2008-10-16 14:13 202,776 --a------ c:\windows\system32\wuweb.dll
2009-01-06 21:34 . 2004-08-03 14:03 186,136 --a------ c:\windows\system32\wuaueng1.dll
2009-01-06 21:34 . 2004-08-03 14:01 167,704 --a------ c:\windows\system32\wuauclt1.exe
2009-01-06 21:34 . 2008-10-16 14:08 34,328 --a------ c:\windows\system32\wups.dll
2009-01-06 21:31 . 2009-01-06 21:31 0 --a------ c:\windows\nsreg.dat
2009-01-06 21:28 . 2009-01-06 21:28 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-06 21:28 . 2009-01-06 21:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-06 21:18 . 2009-01-06 21:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Logitech
2009-01-06 21:15 . 2009-01-06 21:15 <DIR> d-------- c:\program files\Common Files\Logitech
2009-01-06 21:15 . 2005-01-28 13:44 1,119,744 --a------ c:\windows\system32\wmsdmoe2.dll
2009-01-06 21:07 . 2009-01-06 21:07 0 --a------ c:\windows\ativpsrm.bin
2009-01-06 21:06 . 2007-12-20 21:05 593,920 --------- c:\windows\system32\ati2sgag.exe
2009-01-06 21:06 . 2004-08-03 22:59 57,472 --a------ c:\windows\system32\drivers\redbook.sys
2009-01-06 21:06 . 2001-08-17 14:46 6,400 --a------ c:\windows\system32\drivers\enum1394.sys
2009-01-06 21:06 . 2001-08-17 14:59 3,072 --a------ c:\windows\system32\drivers\audstub.sys
2009-01-06 21:05 . 2009-01-06 20:13 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-06 21:04 . 2009-01-07 20:10 <DIR> d-------- c:\windows\system32\CatRoot2
2009-01-06 21:04 . 2009-01-06 21:04 <DIR> d-------- c:\program files\VID_0E8F&PID_0003
2009-01-06 21:02 . 2009-01-06 20:17 261 --a------ c:\windows\system32\$winnt$.inf

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-06 21:21 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-06 20:10 --------- d-----w c:\documents and settings\Administrator\Application Data\ATI
2009-01-06 19:54 --------- d-----w c:\program files\My Company Name
2009-01-06 19:52 --------- d-----w c:\program files\ATI Technologies
2009-01-06 19:51 --------- d-----w c:\program files\Common Files\ATI Technologies
2009-01-06 19:44 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-06 19:34 --------- d-----w c:\program files\Realtek
2009-01-06 19:20 --------- d-----w c:\program files\Intel
2009-01-06 19:15 558,142 ----a-w c:\windows\java\Packages\0FJNJ9FL.ZIP
2009-01-06 19:15 155,995 ----a-w c:\windows\java\Packages\OVRHZTND.ZIP
2009-01-06 19:15 --------- d-----w c:\program files\microsoft frontpage
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2004-08-03 23:56 167,833 --sha-r c:\windows\system32\frsvyou.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-07_18.08.21.75 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-03 23:56:58 208,896 ----a-w c:\windows\inf\unregmp2.exe
+ 2005-01-28 12:44:28 192,512 ----a-w c:\windows\inf\unregmp2.exe
+ 2004-08-03 23:56:42 159,232 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\cewmdm.dll
+ 2004-08-03 23:56:44 52,224 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
+ 2004-08-03 23:56:44 201,728 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSP.dll
+ 2004-08-03 23:57:02 356,352 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSSCP.dll
+ 2004-08-03 23:56:46 245,760 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MSWMDM.dll
+ 2004-08-03 23:56:48 27,136 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMLOG.dll
+ 2004-08-03 23:56:48 23,552 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\WMDMPS.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\cewmdm.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSP.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSSCP.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MSWMDM.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMLOG.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\WMDMPS.dll
+ 2004-08-03 23:56:58 774,144 ----a-w c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}$BACKUP$\System\setup_wm.exe
+ 2005-01-28 12:44:28 819,200 ----a-w c:\windows\RegisteredPackages\{3FDF25EE-E592-4495-8391-6E9C504DAC2B}\setup_wm.exe
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpcore.dll
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}$BACKUP$\System\wmpui.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpcore.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{60204BB3-7078-4F70-8F69-68297621941C}\wmpui.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdtrace.dll
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wpdusb.sys
+ 2004-08-03 23:56:48 408,064 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmadmod.dll
+ 2004-08-03 23:56:48 759,296 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmsdmod.dll
+ 2004-08-03 23:56:48 484,864 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmspdmod.dll
+ 2004-08-03 23:56:48 809,984 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}$BACKUP$\System\wmvdmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmadmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmsdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmspdmod.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvadvd.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\RegisteredPackages\{A47B3654-48EE-48A5-B629-97D70175E58F}\wmvdmod.dll
+ 2004-08-03 23:56:44 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\laprxy.dll
+ 2004-08-03 23:56:52 103,936 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe
+ 2004-08-03 23:56:46 237,568 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\qasf.dll
+ 2004-08-03 23:56:48 670,720 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmadmoe.dll
+ 2004-08-03 23:56:48 230,400 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmasf.dll
+ 2004-08-03 23:56:48 151,552 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmidx.dll
+ 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmnetmgr.dll
+ 2004-08-03 23:56:48 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmsdmoe2.dll
+ 2004-08-03 23:56:48 896,512 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmspdmoe.dll
+ 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvcore.dll
+ 2004-08-03 23:56:48 1,001,472 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\wmvdmoe2.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\laprxy.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\logagent.exe
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\qasf.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmadmoe.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmasf.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMDRMNet.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,119,744 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmsdmoe2.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\WMVADVE.DLL
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvcore.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}\wmvdmoe2.dll
+ 2004-08-03 23:56:42 286,208 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\blackbox.dll
+ 2004-08-03 23:57:06 299,520 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmclien.dll
+ 2004-08-03 23:56:44 87,040 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmstor.dll
+ 2004-08-03 23:57:04 695,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\drmv2clt.dll
+ 2004-08-03 23:57:02 259,072 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}$BACKUP$\System\msnetobj.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\blackbox.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmclien.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmstor.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\drmv2clt.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\RegisteredPackages\{C5B8FBE9-645E-4484-A7AA-E8DA9A70DD77}\msnetobj.dll
+ 2004-08-03 23:56:48 20,480 ----a-w c:\windows\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}$BACKUP$\System\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\RegisteredPackages\{CFB4B314-0328-45E1-94AF-45A3F5F48E0B}\wmpcd.dll
+ 2004-08-03 23:56:00 8,192 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\asferror.dll
+ 2004-08-03 23:56:42 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\custsat.dll
+ 2004-08-03 23:56:52 786,432 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe
+ 2004-08-03 23:56:44 368,640 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\mpvis.dll
+ 2004-08-03 23:56:58 208,896 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe
+ 2004-08-03 23:56:36 168,448 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmerror.dll
+ 2004-08-03 23:56:48 4,874,240 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmp.dll
+ 2004-08-03 23:56:48 114,688 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpasf.dll
+ 2004-08-03 23:56:48 98,304 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpband.dll
+ 2004-08-03 23:56:48 233,472 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpdxm.dll
+ 2004-08-03 23:56:58 73,728 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
+ 2004-08-03 23:56:38 2,940,928 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmploc.dll
+ 2004-08-03 23:56:48 102,400 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmpshell.dll
+ 2005-01-28 12:44:28 8,192 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\asferror.dll
+ 2005-01-28 12:44:28 484,352 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\Audiodev.dll
+ 2005-01-28 12:44:28 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\custsat.dll
+ 2005-01-28 12:44:28 991,232 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe
+ 2005-01-28 12:44:28 352,256 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\mpvis.dll
+ 2005-01-28 12:44:28 192,512 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe
+ 2005-01-28 12:44:28 189,440 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmerror.dll
+ 2005-01-28 12:44:28 122,880 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe
+ 2005-01-28 12:44:28 5,525,504 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmp.dll
+ 2005-01-28 12:44:28 135,168 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpasf.dll
+ 2005-01-28 12:44:28 77,824 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpband.dll
+ 2005-01-28 12:44:28 282,624 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpdxm.dll
+ 2005-01-28 12:44:28 28,672 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpenc.exe
+ 2005-01-28 12:44:28 1,594,880 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpencen.dll
+ 2005-01-28 12:44:28 73,728 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmplayer.exe
+ 2005-01-28 12:44:28 3,371,008 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmploc.dll
+ 2005-01-28 12:44:28 86,016 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpshell.dll
+ 2005-01-28 12:44:28 175,104 ----a-w c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmpsrcwp.dll
- 2004-08-03 23:56:00 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2005-01-28 12:44:28 8,192 ----a-w c:\windows\system32\asferror.dll
+ 2005-01-28 12:44:28 484,352 ----a-w c:\windows\system32\Audiodev.dll
- 2004-08-03 23:56:42 286,208 ----a-w c:\windows\system32\blackbox.dll
+ 2005-01-28 12:44:28 294,912 ----a-w c:\windows\system32\blackbox.dll
- 2004-08-03 23:56:42 159,232 ----a-w c:\windows\system32\cewmdm.dll
+ 2005-01-28 12:44:28 164,864 ----a-w c:\windows\system32\cewmdm.dll
+ 2005-01-28 12:44:28 8,192 -c--a-w c:\windows\system32\dllcache\asferror.dll
+ 2005-01-28 12:44:28 294,912 -c--a-w c:\windows\system32\dllcache\blackbox.dll
+ 2005-01-28 12:44:28 164,864 -c--a-w c:\windows\system32\dllcache\cewmdm.dll
+ 2005-01-28 12:44:28 28,672 -c--a-w c:\windows\system32\dllcache\custsat.dll
+ 2005-01-28 12:44:28 258,296 -c--a-w c:\windows\system32\dllcache\drmclien.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\drmstor.dll
+ 2005-01-28 12:44:28 502,272 -c--a-w c:\windows\system32\dllcache\drmv2clt.dll
+ 2005-01-28 12:44:28 6,656 -c--a-w c:\windows\system32\dllcache\laprxy.dll
+ 2005-01-28 12:44:28 96,768 -c--a-w c:\windows\system32\dllcache\logagent.exe
+ 2005-01-28 12:44:28 991,232 -c--a-w c:\windows\system32\dllcache\migrate.exe
+ 2005-01-28 12:44:28 352,256 -c--a-w c:\windows\system32\dllcache\mpvis.dll
+ 2005-01-28 12:44:28 142,336 -c--a-w c:\windows\system32\dllcache\msnetobj.dll
+ 2005-01-28 12:44:28 25,088 -c--a-w c:\windows\system32\dllcache\mspmsnsv.dll
+ 2005-01-28 12:44:28 173,568 -c--a-w c:\windows\system32\dllcache\mspmsp.dll
+ 2005-01-28 12:44:28 364,784 -c--a-w c:\windows\system32\dllcache\msscp.dll
+ 2005-01-28 12:44:28 315,904 -c--a-w c:\windows\system32\dllcache\mswmdm.dll
+ 2005-01-28 12:44:28 221,184 -c--a-w c:\windows\system32\dllcache\qasf.dll
+ 2005-01-28 12:44:28 819,200 -c--a-w c:\windows\system32\dllcache\setup_wm.exe
+ 2005-01-28 12:44:28 192,512 -c--a-w c:\windows\system32\dllcache\unregmp2.exe
+ 2005-01-28 12:44:28 396,528 -c--a-w c:\windows\system32\dllcache\wmadmod.dll
+ 2005-01-28 12:44:28 716,288 -c--a-w c:\windows\system32\dllcache\wmadmoe.dll
+ 2005-01-28 12:44:28 224,768 -c--a-w c:\windows\system32\dllcache\wmasf.dll
+ 2005-01-28 12:44:28 28,160 -c--a-w c:\windows\system32\dllcache\wmdmlog.dll
+ 2005-01-28 12:44:28 33,792 -c--a-w c:\windows\system32\dllcache\wmdmps.dll
+ 2005-01-28 12:44:28 189,440 -c--a-w c:\windows\system32\dllcache\wmerror.dll
+ 2005-01-28 12:44:28 150,016 -c--a-w c:\windows\system32\dllcache\wmidx.dll
+ 2005-01-28 12:44:28 1,027,072 -c--a-w c:\windows\system32\dllcache\wmnetmgr.dll
+ 2005-01-28 12:44:28 5,525,504 -c--a-w c:\windows\system32\dllcache\wmp.dll
+ 2005-01-28 12:44:28 135,168 -c--a-w c:\windows\system32\dllcache\wmpasf.dll
+ 2005-01-28 12:44:28 77,824 -c--a-w c:\windows\system32\dllcache\wmpband.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpcore.dll
+ 2005-01-28 12:44:28 282,624 -c--a-w c:\windows\system32\dllcache\wmpdxm.dll
+ 2005-01-28 12:44:28 73,728 -c--a-w c:\windows\system32\dllcache\wmplayer.exe
+ 2005-01-28 12:44:28 3,371,008 -c--a-w c:\windows\system32\dllcache\wmploc.dll
+ 2005-01-28 12:44:28 86,016 -c--a-w c:\windows\system32\dllcache\wmpshell.dll
+ 2005-01-28 12:44:28 20,480 -c--a-w c:\windows\system32\dllcache\wmpui.dll
+ 2005-01-28 12:44:28 774,904 -c--a-w c:\windows\system32\dllcache\wmsdmod.dll
+ 2005-01-28 12:44:28 1,119,744 -c--a-w c:\windows\system32\dllcache\wmsdmoe2.dll
+ 2005-01-28 12:44:28 413,944 -c--a-w c:\windows\system32\dllcache\wmspdmod.dll
+ 2005-01-28 12:44:28 940,544 -c--a-w c:\windows\system32\dllcache\wmspdmoe.dll
+ 2005-01-28 12:44:28 2,370,296 -c--a-w c:\windows\system32\dllcache\wmvcore.dll
+ 2005-01-28 12:44:28 895,736 -c--a-w c:\windows\system32\dllcache\wmvdmod.dll
+ 2005-01-28 12:44:28 1,003,008 -c--a-w c:\windows\system32\dllcache\wmvdmoe2.dll
+ 2005-01-28 12:44:28 18,944 ----a-w c:\windows\system32\drivers\wpdusb.sys
- 2004-08-03 23:57:06 299,520 ----a-w c:\windows\system32\drmclien.dll
+ 2005-01-28 12:44:28 258,296 ----a-w c:\windows\system32\drmclien.dll
- 2004-08-03 23:56:44 87,040 ----a-w c:\windows\system32\drmstor.dll
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\drmstor.dll
- 2004-08-03 23:57:04 695,296 ----a-w c:\windows\system32\drmv2clt.dll
+ 2005-01-28 12:44:28 502,272 ----a-w c:\windows\system32\drmv2clt.dll
- 2004-08-03 23:56:44 6,656 ----a-w c:\windows\system32\laprxy.dll
+ 2005-01-28 12:44:28 6,656 ----a-w c:\windows\system32\laprxy.dll
- 2004-08-03 23:56:52 103,936 ----a-w c:\windows\system32\logagent.exe
+ 2005-01-28 12:44:28 96,768 ----a-w c:\windows\system32\logagent.exe
- 2004-08-03 23:57:02 259,072 ----a-w c:\windows\system32\msnetobj.dll
+ 2005-01-28 12:44:28 142,336 ----a-w c:\windows\system32\msnetobj.dll
- 2004-08-03 23:56:44 52,224 ----a-w c:\windows\system32\mspmsnsv.dll
+ 2005-01-28 12:44:28 25,088 ----a-w c:\windows\system32\MsPMSNSv.dll
- 2004-08-03 23:56:44 201,728 ----a-w c:\windows\system32\mspmsp.dll
+ 2005-01-28 12:44:28 173,568 ----a-w c:\windows\system32\MsPMSP.dll
- 2004-08-03 23:57:02 356,352 ----a-w c:\windows\system32\msscp.dll
+ 2005-01-28 12:44:28 364,784 ----a-w c:\windows\system32\MSSCP.dll
- 2004-08-03 23:56:46 245,760 ----a-w c:\windows\system32\mswmdm.dll
+ 2005-01-28 12:44:28 315,904 ----a-w c:\windows\system32\MSWMDM.dll
- 2004-08-03 23:56:46 237,568 ----a-w c:\windows\system32\qasf.dll
+ 2005-01-28 12:44:28 221,184 ----a-w c:\windows\system32\qasf.dll
+ 2005-01-28 12:44:28 47,104 ----a-w c:\windows\system32\uwdf.exe
+ 2005-01-28 12:44:28 15,872 ----a-w c:\windows\system32\wdfapi.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wdfmgr.exe
- 2004-08-03 23:56:48 408,064 ----a-w c:\windows\system32\wmadmod.dll
+ 2005-01-28 12:44:28 396,528 ----a-w c:\windows\system32\wmadmod.dll
- 2004-08-03 23:56:48 670,720 ----a-w c:\windows\system32\wmadmoe.dll
+ 2005-01-28 12:44:28 716,288 ----a-w c:\windows\system32\wmadmoe.dll
- 2004-08-03 23:56:48 230,400 ----a-w c:\windows\system32\wmasf.dll
+ 2005-01-28 12:44:28 224,768 ----a-w c:\windows\system32\wmasf.dll
- 2004-08-03 23:56:48 27,136 ----a-w c:\windows\system32\wmdmlog.dll
+ 2005-01-28 12:44:28 28,160 ----a-w c:\windows\system32\WMDMLOG.dll
- 2004-08-03 23:56:48 23,552 ----a-w c:\windows\system32\wmdmps.dll
+ 2005-01-28 12:44:28 33,792 ----a-w c:\windows\system32\WMDMPS.dll
+ 2005-01-28 12:44:28 335,872 ----a-w c:\windows\system32\WMDRMdev.dll
+ 2005-01-28 12:44:28 290,816 ----a-w c:\windows\system32\WMDRMNet.dll
- 2004-08-03 23:56:36 168,448 ----a-w c:\windows\system32\wmerror.dll
+ 2005-01-28 12:44:28 189,440 ----a-w c:\windows\system32\wmerror.dll
- 2004-08-03 23:56:48 151,552 ----a-w c:\windows\system32\wmidx.dll
+ 2005-01-28 12:44:28 150,016 ----a-w c:\windows\system32\wmidx.dll
- 2004-08-03 23:56:48 1,050,624 ----a-w c:\windows\system32\wmnetmgr.dll
+ 2005-01-28 12:44:28 1,027,072 ----a-w c:\windows\system32\wmnetmgr.dll
- 2004-08-03 23:56:48 4,874,240 ----a-w c:\windows\system32\wmp.dll
+ 2005-01-28 12:44:28 5,525,504 ----a-w c:\windows\system32\wmp.dll
- 2004-08-03 23:56:48 114,688 ----a-w c:\windows\system32\wmpasf.dll
+ 2005-01-28 12:44:28 135,168 ----a-w c:\windows\system32\wmpasf.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpcd.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpcd.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpcore.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpcore.dll
- 2004-08-03 23:56:48 233,472 ----a-w c:\windows\system32\wmpdxm.dll
+ 2005-01-28 12:44:28 282,624 ----a-w c:\windows\system32\wmpdxm.dll
+ 2005-01-28 12:44:28 1,594,880 ----a-w c:\windows\system32\wmpencen.dll
- 2004-08-03 23:56:38 2,940,928 ----a-w c:\windows\system32\wmploc.dll
+ 2005-01-28 12:44:28 3,371,008 ----a-w c:\windows\system32\wmploc.dll
- 2004-08-03 23:56:48 102,400 ----a-w c:\windows\system32\wmpshell.dll
+ 2005-01-28 12:44:28 86,016 ----a-w c:\windows\system32\wmpshell.dll
+ 2005-01-28 12:44:28 175,104 ----a-w c:\windows\system32\wmpsrcwp.dll
- 2004-08-03 23:56:48 20,480 ----a-w c:\windows\system32\wmpui.dll
+ 2005-01-28 12:44:28 20,480 ----a-w c:\windows\system32\wmpui.dll
- 2004-08-03 23:56:48 759,296 ----a-w c:\windows\system32\wmsdmod.dll
+ 2005-01-28 12:44:28 774,904 ----a-w c:\windows\system32\wmsdmod.dll
- 2004-08-03 23:56:48 484,864 ----a-w c:\windows\system32\wmspdmod.dll
+ 2005-01-28 12:44:28 413,944 ----a-w c:\windows\system32\wmspdmod.dll
- 2004-08-03 23:56:48 896,512 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 940,544 ----a-w c:\windows\system32\wmspdmoe.dll
+ 2005-01-28 12:44:28 1,218,808 ----a-w c:\windows\system32\wmvadvd.dll
+ 2005-01-28 12:44:28 1,512,448 ----a-w c:\windows\system32\WMVADVE.DLL
- 2004-08-03 23:57:04 2,105,344 ----a-w c:\windows\system32\wmvcore.dll
+ 2005-01-28 12:44:28 2,370,296 ----a-w c:\windows\system32\wmvcore.dll
- 2004-08-03 23:56:48 809,984 ----a-w c:\windows\system32\wmvdmod.dll
+ 2005-01-28 12:44:28 895,736 ----a-w c:\windows\system32\wmvdmod.dll
- 2004-08-03 23:56:48 1,001,472 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 1,003,008 ----a-w c:\windows\system32\wmvdmoe2.dll
+ 2005-01-28 12:44:28 38,912 ----a-w c:\windows\system32\wpd_ci.dll
+ 2005-01-28 12:44:28 61,952 ----a-w c:\windows\system32\wpdconns.dll
+ 2005-01-28 12:44:28 114,176 ----a-w c:\windows\system32\wpdmtp.dll
+ 2005-01-28 12:44:28 331,776 ----a-w c:\windows\system32\wpdmtpdr.dll
+ 2005-01-28 12:44:28 66,560 ----a-w c:\windows\system32\wpdmtpus.dll
+ 2005-01-28 12:44:28 331,264 ----a-w c:\windows\system32\wpdsp.dll
+ 2005-01-28 12:44:28 10,752 ----a-w c:\windows\system32\wpdtrace.dll
+ 2009-01-07 18:45:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_f0.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Girder3.lnk - c:\program files\Girder\Girder.exe [2009-01-07 1830912]
PowerInstall Softcam Updater.lnk - c:\program files\FreePack\PSU\PSU.EXE [2008-10-07 57003]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-06 450560]
Server4PC.lnk - c:\program files\TechniSat DVB\bin\Server4PC.exe [2009-01-07 430080]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TechniSat DVB\\bin\\Server4PC.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7253:TCP"= 7253:TCP:xkwwjmol

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-07 111184]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R3 SKYNET;B2C2 Broadband Receiver PCI Adapter;c:\windows\system32\drivers\SkyNET.sys [2009-01-07 451816]
R3 Video3D;ASUS Video3D Service;c:\windows\system32\drivers\Video3D32.sys [2009-01-06 10752]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-07 20560]
R4 atidgllk;atidgllk;c:\windows\atidgllk.sys [2009-01-06 5376]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 xzyhysqm;xzyhysqm;\??\c:\windows\system32\01.tmp --> c:\windows\system32\01.tmp [?]
S4 dztwbejgo;Microsoft Security;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 hkxbzg;hkxbzg;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]
S4 wqenk;Task Windows;c:\windows\system32\svchost.exe -k netsvcs [2001-08-23 14336]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - UMWDF

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
hkxbzg
dztwbejgo
wqenk
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe


.
------- Supplementary Scan -------
.
TCP: {AACF6E13-2B55-499D-A999-253A0FB321E6} = 93.93.93.2,194.106.162.3

O16 -: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
c:\windows\Downloaded Program Files\DirectAnimation Java Classes.osd

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\0u3h6l59.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.elitesecurity.org/f101-PC-DVB-kartice
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 20:11:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xzyhysqm]
"ImagePath"="\??\c:\windows\system32\01.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dztwbejgo]
"ServiceDll"="c:\windows\System32\frsvyou.dll"
--

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wqenk]
"ServiceDll"="c:\windows\system32\frsvyou.dll"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1012)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-07 20:11:52
ComboFix-quarantined-files.txt 2009-01-07 19:11:50
ComboFix2.txt 2009-01-07 17:08:57

Pre-Run: 46,055,989,248 bytes free
Post-Run: 46,048,854,016 bytes free

450 --- E O F --- 2009-01-06 21:10:44

i nije se restartovao....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:13 PM, on 1/7/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\TechniSat DVB\bin\Server4PC.exe
C:\Program Files\Girder\Girder.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Girder3.lnk = C:\Program Files\Girder\Girder.exe
O4 - Startup: PowerInstall Softcam Updater.lnk = C:\Program Files\FreePack\PSU\PSU.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Server4PC.lnk = C:\Program Files\TechniSat DVB\bin\Server4PC.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

--
End of file - 3772 bytes

Start > Run > Combofix /u enter i sacekaj da se combofix deinstalira

Restartuj kompjuter i pritiskaj F8 taster.
Pojavice se menu
U boot menu-iju izaberi Safe Mode


* Pokreni HijackThis
* Izaberi opciju "Do a system scan only"
* Stikliraj sledece linije:



Javi kakva je situacija

koliko vidim nista se nije promenilo...

Combofix je obrisao virus koji nije mogao malwarebytes, HJT log je cist osim ove linije koju ti kazes kad fixas izgubis net.

O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
93.93.93.2 - ova IP adresa je uljez, nikako ne moze da pripada tvom provajderu http://samspade.org/whois/93.93.93.2
194.106.162.3 - Ova IP adresa pripada Beotel .net http://samspade.org/whois/194.106.162.3

Ti u prethodnom postu kazes



Ja mislim da je tu problem, a mozes se i sam uveriti ako kliknes na gornje linkove. Pogledaj na tvom ruteru da li je DNS podesen na automatski.

kad ubacim log fajl na http://www.hijackthis.de/en za tu adresu kaze da je safe


ja imam bezicni net sa javnom IP adresom,nemam ruter imam ovu kantu http://www.planet.com.tw/news/productnews/WAP-4033.htm
pre par dana sam zvao provajdera i oni su mi govorili sta da kucam pod internet protocol,a gledam bas sad na njihovom sajtu http://isp-optikom.net/podesavanje.php gde pisu neke druge dns adrese,nemam pojma zbog cega su meni rekli da kucam ove...mozda zbog javne ip,to su nazvali staticki natovana ili nesto slicno...
uglavno,zovem ih sutra pa cu da vidim sta ce reci.
hvala za ovo cimanje,javljam sutra sta sam uradio.

Ove adrese na sajtu su njihove

inetnum: 93.93.192.0 - 93.93.199.255
netname: RS-OPTIKOMNET-20080226

A ove sto su kod tebe nemaju blage veze sa njima, jedna je cak iz Rusije

otprilike ja sam imao i virus i pogresnu dns adresu koja je blokirarala pristup odredjenim sajtovima ili mislis da je i ovo neki viris O17 - HKLM\System\CCS\Services\Tcpip\..\{AACF6E13-2B55-499D-A999-253A0FB321E6}: NameServer = 93.93.93.2,194.106.162.3
93.93.93.2

brza pomoc, da ne gubite vreme

par stvatri sa kojima resavate sve probleme :

nadjes i skines :

- CA Antivirus 2009
- CA AntiSpyware

instaliras antivirus, restart, instaliras anti spyware,
skeniras pc, ocistice ti sve.

reboot

nadjes i skines Trojan Remover (trial, moze da ocisti sve)
pokrenes, ocistis sve, reboot, ponovis sken posle,
ako treba ocisti ponovo

nadjes i skines, pokrenes WinSock Registry Fix,
on ce da ti sredi mrezu.


kraj

poz.
Brka.

Ili jos brze : Formatiras disk ,nadjes drugu instalaciju sa XP sp3, instaliras i Bog da te vidi !

P.S. Sa kakvim se glupostima smarate , ionako je sveza instalacija !

_{[Ovu poruku je menjao stonex dana 08.01.2009. u 15:12 GMT+1]}

prva IP adresa nema veze sa telekomom to je ta iz rusije ,a druga ip adresa je telekomova

aj za sad odradi samo ovo:

Privremeno iskljuci svoj Anti Virus

Otvori Notepad i kopiraj tekst koji se nalazi ispod:
Klikni na File\Save as i sacuvaj tekst kao CFScript na Desktop





Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix automatski ,mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)
Sacuvaj taj CF log
......................

Skini program JavaRa
http://sourceforge.net/project...JavaRa.zip&use_mirror=osdn


klikni na Remove older versions
kad se zavrsi izbaci log,ti onda klikni na
Search for updates
onda odabrati donju opciju pa kliknuti na Search
To ce te odvesti na sajt sa koga skines i instaliras zadnju verziju Jave

.....................
onda skini ovaj program
http://us.trendmicro.com/us/products/personal/CWShredder/

ovde imas uputstvo ako ti treba
http://www.bleepingcomputer.com/tutorials/tutorial47.html

mislim da nista nece naci ali nije na odmet da ga pokrenes ako si voljan,
mozda nadje neke ostatke

................

imas li neku flesku?
da?
ili je formatiraj ,a ako neces onda bolje preuzmi ovaj program

http://www.techsupportforum.co...ols/sUBs/Flash_Disinfector.exe

pokreni ga,kad ti se pojavi poruka prikaci usb flash
za to vreme drzi shift taster (da bi izbegao autoplay)

.......................


postavi samo svez HijackThis log


_{[Ovu poruku je menjao magna86 dana 08.01.2009. u 03:32 GMT+1]}

---