Junior Member
Self-replicating folders
Hi. I'm having some issues on my laptop, some sort of a virus, it seems like it's taking up space on my computer. I had some problems with sound on my laptop today. Everything was fine when I turned the laptop on, but soon I couldn't hear any sound nor play music, I'm not sure if this is related (when I tried to play music, there was an error message that the program was already in use, or something like that). After that I found a folder named 3590F75ABA9E485486C100C1A9D4FF06ZZZ..Z.....ZZZZZ on local disk C:, full of other folders (the number of folders increasing constantly). I cleaned up some space on my laptop, and also used CCleaner, and then the folder was replaced by a file named 3590F75ABA9E485486C100C1A9D4FF06XZRURUNVBZAFAFQC, and later it just disappeared and the sound went back to normal. Also, I had files like that a few times before, but after they disappeared, I thought I removed them with Spybot.
I would be very happy if somebody could help me when you have the time, and thank you in advance .
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.40.2
Run by Korisnik at 22:12:00 on 2013-10-16
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.385.1033.18.1935.943 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files\Realtek\Audio\HDA\AERTSrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\YouCam\YCMMirage.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\Epson Software\Event Manager\EEventManager.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\BOINC\boinc.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Korisnik\AppData\Roaming\Search Protection\SearchProtection.exe
C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
C:\Program Files\Folding@home\Folding@home-x86\Folding@home.exe
C:\Users\Korisnik\AppData\Roaming\Folding@home-x86\FahCore_a4.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Korisnik\AppData\Roaming\Mozilla\Firefox\Profiles\x1sb23sa.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\foobar2000\foobar2000.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\ProgramData\BOINC\projects\docking.cis.udel.edu\charmm34_6.23_windows_intelx86
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.hr/
uSearch Bar = about :blank
uSearch Page = about :blank
uSearchURL,(Default) = about :blank
mSearchAssistant = about :blank
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [FreeRAM XP] "c:\program files\yourware solutions\freeram xp pro\FreeRAM XP Pro.exe" -win
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [SearchProtection] "c:\users\korisnik\appdata\roaming\search protection\SearchProtection.EXE" /autostart
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtkNGUI.exe -s
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\iastoriconlaunch.exe "c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe" 60
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [boincmgr] "c:\program files\boinc\boincmgr.exe" /a /s
mRun: [boinctray] "c:\program files\boinc\boinctray.exe"
mRun: [EEventManager] "c:\program files\epson software\event manager\EEventManager.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\korisnik\appdata\roaming\micros~1\windows\startm~1\programs\startup\wipetr~1.lnk - c:\program files\wipe 2013\wipetray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\codeme~1.lnk - c:\program files\codemeter\runtime\bin\CodeMeterCC.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3D321B9E-A8C6-4146-B8E1-6E10720FA1A7} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7} : DHCPNameServer = 83.139.105.2 83.139.104.2
TCP: Interfaces\{51B6D1B9-5D8C-40A3-95A5-1B3BC0948BB7}\651434F4D40244E2F4E2F4E2 : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\30.0.1599.69\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - hxxp://amfsa.clicktodonate.org
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=512435&p=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll
FF - plugin: c:\program files\sumatrapdf\npPdfViewer.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll
FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-17 12:29; jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\jid0-RW8E9KFMTaLKkM4HqIWfidw29wo@jetpack.xpi
FF - ExtSQL: 2013-08-17 13:11; tabscope@xuldev.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\tabscope@xuldev.org.xpi
FF - ExtSQL: 2013-08-17 13:11; rainbow@colors.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\rainbow@colors.org.xpi
FF - ExtSQL: 2013-08-17 13:11; firegestures@xuldev.org ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\firegestures@xuldev.org.xpi
FF - ExtSQL: 2013-08-24 23:42; {DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}; c:\programdata\realnetworks\realdownloader\browserplugins\firefox\Ext
FF - ExtSQL: 2013-09-28 21:17; notreal.ccoptions@environmentalchemistry.com ; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\notreal.ccoptions@environmentalchemistry.com.xpi
FF - ExtSQL: 2013-10-02 18:42; {1280606b-2510-4fe0-97ef-9b5a22eafe30}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi
FF - ExtSQL: 2013-10-02 19:27; {24cea704-946d-11da-a72b-0800200c9a66}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{24cea704-946d-11da-a72b-0800200c9a66}.xpi
FF - ExtSQL: 2013-10-02 19:27; {03B08592-E5B4-45ff-A0BE-C1D975458688}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{03B08592-E5B4-45ff-A0BE-C1D975458688}
FF - ExtSQL: 2013-10-05 15:06; {158d7cb3-7039-4a75-8e0b-3bd0a464edd2}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{158d7cb3-7039-4a75-8e0b-3bd0a464edd2}.xpi
FF - ExtSQL: 2013-10-05 15:16; {139a120b-c2ea-41d2-bf70-542d9f063dfd}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}.xpi
FF - ExtSQL: 2013-10-05 15:25; {54BB9F3F-07E5-486c-9B39-C7398B99391C}; c:\users\korisnik\appdata\roaming\mozilla\firefox\profiles\x1sb23sa.default\extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.webcake.installId - 4c25f721-dde9-4592-8c09-c5e91446a22b
FF - user.js: extentions.webcake.defaultEnableAppsList - layers/banner,layers/inline,layers/search,layers/shopping,newOffers/wc
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-5-21 49376]
R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-5-21 177864]
R0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-9-1 532536]
R0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-9-1 25656]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-5-21 770344]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-5-21 369584]
R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\common files\abbyy\finereadersprint\9.00\licensing\NetworkLicenseServer.exe [2009-5-14 759048]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\realtek\audio\hda\AERTSrv.exe [2013-5-21 87968]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-5-21 29816]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-5-21 66336]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-9-11 46808]
R2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\codemeter\runtime\bin\CodeMeter.exe [2012-11-21 2571704]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\intel\intel(r) rapid storage technology\IAStorDataMgrSvc.exe [2013-5-21 14904]
R2 IconMan_R;IconMan_R;c:\program files\realtek\realtek pcie card reader\RIconMan.exe [2013-5-21 1830544]
R3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\drivers\HECI.sys [2012-7-17 55104]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\drivers\RtsP2Stor.sys [2013-5-21 209552]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2013-3-14 552080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2013-2-28 110408]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2013-2-28 331080]
S3 b06diag;Broadcom NetXtreme II Diag Driver;c:\windows\system32\drivers\bxdiagx.sys [2013-3-14 75816]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BFN7x86;Bigfoot Networks Killer Gaming Service;c:\windows\system32\drivers\Xeno7x86.sys [2013-3-14 130152]
S3 bxfcoe;bxfcoe;c:\windows\system32\drivers\bxfcoe.sys [2013-3-14 150568]
S3 bxois;bxois;c:\windows\system32\drivers\bxois.sys [2013-3-14 435240]
S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2011-4-12 62464]
S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\drivers\EtronHub3.sys [2013-2-27 65152]
S3 EtronSTOR;Etron Enhance USB BOT/UASP Mass Storage Driver;c:\windows\system32\drivers\EtronSTOR.sys [2013-2-27 32512]
S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\drivers\EtronXHCI.sys [2013-2-27 88832]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\drivers\iusb3hub.sys [2013-2-27 351288]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\drivers\iusb3xhc.sys [2013-2-27 796216]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2013-2-27 73984]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2013-2-27 165120]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-3-23 14848]
S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2011-4-12 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2013-3-23 24064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-3-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-3-23 27136]
S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-4-12 112640]
.
=============== Created Last 30 ================
.
2013-10-15 06:52:46 -------- d-----w- c:\users\korisnik\appdata\roaming\WIPE2013
2013-10-15 06:52:39 609824 ----a-w- c:\windows\system32\Comctl32.ocx
2013-10-15 06:52:39 163840 ----a-w- c:\windows\system32\temp.000
2013-10-15 06:52:39 1386496 ----a-w- c:\windows\system32\temp.001
2013-10-15 06:52:38 340992 ----a-w- c:\windows\system32\sqlite36_engine.dll
2013-10-15 06:52:34 501248 ----a-w- c:\windows\system32\dhRichClient3.dll
2013-10-15 06:52:34 340992 ----a-w- c:\windows\sqlite36_engine.dll
2013-10-15 06:52:34 -------- d-----w- c:\program files\Wipe 2013
2013-10-15 06:39:18 -------- d-----w- c:\program files\SpeedFan
2013-10-15 06:34:43 -------- d-----w- c:\program files\Free Driver Backup
2013-10-13 21:46:31 -------- d-----w- c:\users\korisnik\appdata\roaming\IrfanView
2013-10-13 21:46:26 -------- d-----w- c:\program files\IrfanView
2013-10-04 06:28:28 -------- d-----w- c:\program files\iPod
2013-10-04 06:28:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-04 06:28:23 -------- d-----w- c:\program files\iTunes
2013-09-21 22:45:54 -------- d-----w- c:\programdata\Oracle
2013-09-21 22:18:04 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2013-10-08 21:33:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-08 21:33:46 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-09-21 22:17:42 868264 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-09-21 22:17:42 790440 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr
2013-08-24 21:41:42 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-08-24 21:41:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-07-23 23:09:32 0 ----a-w- c:\windows\system32\FAP92BD.tmp
2013-07-23 22:40:28 0 ----a-w- c:\windows\system32\FAPF718.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF4E4.tmp
2013-07-23 22:40:27 0 ----a-w- c:\windows\system32\FAPF188.tmp
2013-07-23 22:40:26 0 ----a-w- c:\windows\system32\FAPEFC2.tmp
2013-07-23 22:40:07 0 ----a-w- c:\windows\system32\FAPA46E.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPDB54.tmp
2013-07-23 22:39:15 0 ----a-w- c:\windows\system32\FAPD9EB.tmp
2013-07-23 22:39:14 0 ----a-w- c:\windows\system32\FAPD72B.tmp
2013-07-23 22:39:09 0 ----a-w- c:\windows\system32\FAPC399.tmp
2013-07-23 22:38:52 0 ----a-w- c:\windows\system32\FAP8080.tmp
2013-07-23 22:38:51 0 ----a-w- c:\windows\system32\FAP7DEE.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5D91.tmp
2013-07-23 22:38:43 0 ----a-w- c:\windows\system32\FAP5B6D.tmp
2013-07-23 22:38:42 0 ----a-w- c:\windows\system32\FAP5A14.tmp
2013-07-23 22:36:42 0 ----a-w- c:\windows\system32\FAP8362.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8238.tmp
2013-07-23 22:36:41 0 ----a-w- c:\windows\system32\FAP8052.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPF15.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAPDCC.tmp
2013-07-23 22:36:12 0 ----a-w- c:\windows\system32\FAP108E.tmp
2013-07-23 22:35:54 0 ----a-w- c:\windows\system32\FAPC7A6.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC66C.tmp
2013-07-23 22:35:53 0 ----a-w- c:\windows\system32\FAPC532.tmp
2013-07-23 22:32:22 0 ----a-w- c:\windows\system32\FAP8CE2.tmp
2013-07-23 22:32:21 0 ----a-w- c:\windows\system32\FAP8957.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPCB15.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC9DB.tmp
2013-07-23 22:31:32 0 ----a-w- c:\windows\system32\FAPC8C0.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAPCF.tmp
2013-07-23 22:30:41 0 ----a-w- c:\windows\system32\FAP50.tmp
2013-07-23 22:30:40 0 ----a-w- c:\windows\system32\FAPFEA9.tmp
2013-07-23 22:30:33 0 ----a-w- c:\windows\system32\FAPE35A.tmp
2013-07-23 22:30:32 0 ----a-w- c:\windows\system32\FAPE0E8.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC184.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPC01B.tmp
2013-07-23 22:30:24 0 ----a-w- c:\windows\system32\FAPBEF0.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCE4A.tmp
2013-07-23 22:29:22 0 ----a-w- c:\windows\system32\FAPCDAC.tmp
2013-07-23 22:29:21 0 ----a-w- c:\windows\system32\FAPCB49.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP223D.tmp
2013-07-23 22:28:38 0 ----a-w- c:\windows\system32\FAP20B5.tmp
2013-07-23 22:28:37 0 ----a-w- c:\windows\system32\FAP1EEE.tmp
2013-07-23 22:27:42 0 ----a-w- c:\windows\system32\FAP486C.tmp
2013-07-23 22:27:41 0 ----a-w- c:\windows\system32\FAP4493.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE301.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPE16A.tmp
2013-07-23 22:27:16 0 ----a-w- c:\windows\system32\FAPDF55.tmp
2013-07-23 22:18:39 0 ----a-w- c:\windows\system32\FAPFC07.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPFAAE.tmp
2013-07-23 22:18:38 0 ----a-w- c:\windows\system32\FAPF84B.tmp
2013-07-23 22:17:47 0 ----a-w- c:\windows\system32\FAP3182.tmp
2013-07-23 22:17:46 0 ----a-w- c:\windows\system32\FAP2E26.tmp
2013-07-23 22:17:45 0 ----a-w- c:\windows\system32\FAP2B46.tmp
.
============= FINISH: 22:13:53,56 ===============
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-10-16 22:59:41
-----------------------------
22:59:41.214 OS Version: Windows 6.1.7601 Service Pack 1
22:59:41.214 Number of processors: 2 586 0x2A07
22:59:41.216 ComputerName: KORISNIK-PC UserName: Korisnik
22:59:43.373 Initialize success
22:59:45.982 AVAST engine defs: 13101600
23:00:07.133 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000069
23:00:07.135 Disk 0 Vendor: ATA_____ A60W Size: 305245MB BusType: 11
23:00:07.253 Disk 0 MBR read successfully
23:00:07.256 Disk 0 MBR scan
23:00:07.261 Disk 0 Windows 7 default MBR code
23:00:07.274 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
23:00:07.291 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 154900 MB offset 206848
23:00:07.315 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 150243 MB offset 317442048
23:00:07.321 Disk 0 scanning sectors +625139712
23:00:07.544 Disk 0 scanning C:\Windows\system32\drivers
23:00:28.037 Service scanning
23:01:07.740 Modules scanning
23:01:20.279 Disk 0 trace - called modules:
23:01:20.302 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStorF.sys storport.sys halmacpi.dll iaStorA.sys
23:01:20.308 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d7a030]
23:01:20.315 3 CLASSPNP.SYS[891ba59e] -> nt!IofCallDriver -> [0x87d79260]
23:01:20.321 5 iaStorF.sys[89211138] -> nt!IofCallDriver -> \Device\00000069[0x86154520]
23:01:22.201 AVAST engine scan C:\Windows
23:01:24.590 AVAST engine scan C:\Windows\system32
23:04:47.816 AVAST engine scan C:\Windows\system32\drivers
23:05:08.873 AVAST engine scan C:\Users\Korisnik
23:08:35.423 Disk 0 MBR has been saved successfully to "C:\Users\Korisnik\Desktop\MBR.dat"
23:08:35.434 The log file has been saved successfully to "C:\Users\Korisnik\Desktop\aswMBR.txt"
Čestitke!: Nisu nađeni spybotovi. (Status)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2013-07-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2013-04-11 Includes\Adware.sbi (*)
2013-10-08 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2013-04-11 Includes\DialerC.sbi (*)
2013-04-11 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2013-04-11 Includes\HijackersC.sbi (*)
2013-10-16 Includes\iPhone.sbi (*)
2013-06-25 Includes\Keyloggers.sbi (*)
2013-04-11 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2013-05-29 Includes\Malware.sbi (*)
2013-10-01 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2013-10-08 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2013-04-11 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2013-05-22 Includes\Spyware.sbi (*)
2013-08-06 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2013-01-16 Includes\Trojans.sbi (*)
2013-08-13 Includes\TrojansC-02.sbi (*)
2013-10-07 Includes\TrojansC-03.sbi (*)
2013-10-16 Includes\TrojansC-04.sbi (*)
2013-06-13 Includes\TrojansC-05.sbi (*)
2013-08-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Attached Files
Posting Permissions
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
Forum Rules