MyCity » Ambulanta -> Arhiva Ambulante » Hijack this - log file, molim pomoć.

Hijack this - log file, molim pomoć.

Napisano na dan: 5.4.2009

Hijack this - log file, molim pomoć.

Sledeća strana

Pagination

Odgovori

neman1 Poslao: 05 Apr 2009 21:27 Idi na vrh
offline neman1 Novi MyCity građanin Pridružio: 05 Apr 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:23:43, on 05. 04. 09 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Cyberlink\Shared files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe D:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\User\Desktop\Nešto drugačije\Naći ću te.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) O1 - Hosts: 66.98.148.65 auto.search.msn.com O1 - Hosts: 66.98.148.65 auto.search.msn.es127.0.0.1 activate.adobe.com O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [UpdatePDRShortCut] "e:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "e:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0" O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [Spyware Cleaner Monitor] "D:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Po&šalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - pcpitstop.com/pcpitstop/PCPitStop.CAB O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 12138 bytes Stalno mi se ruše aplikacije ( hangupp) kao Firefox, WinExplorer... U zadnje vrijeme prilikom paljenja automatski radi chkdisk zbog provjere "disk consistency". Hvala unaprijed na odgovoru i ev. pomoći. Pozdrav...

Profil

dr_Bora Poslao: 06 Apr 2009 16:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show. Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings. Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

neman1 Poslao: 07 Apr 2009 14:19 Idi na vrh
offline neman1 Novi MyCity građanin Pridružio: 05 Apr 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! za sada ne mogu napraviti ništa s combofixom jer mi javlja da je avg antivirus uključen, mada sam ga skinuo i nemam ga više na kompu. Jel veliki problem ako ostavim combo da skenira mada javlja o za AVG?? Dopuna: 07 Apr 2009 14:19 ComboFix 09-04-04.01 - User 2009-04-07 14:10:47.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2814.2176 [GMT 2:00] Running from: c:\documents and settings\User\Desktop\ComboFix.exe AV: AVG Anti-Virus Free On-access scanning enabled (Updated) AV: Bitdefender Antivirus On-access scanning disabled (Updated) * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\User\Application Data\inst.exe c:\windows\IE4 Error Log.txt c:\windows\system32\_004810_.tmp.dll c:\windows\system32\_004811_.tmp.dll c:\windows\system32\_004812_.tmp.dll c:\windows\system32\_004813_.tmp.dll c:\windows\system32\_004820_.tmp.dll c:\windows\system32\_004821_.tmp.dll c:\windows\system32\_004822_.tmp.dll c:\windows\system32\_004823_.tmp.dll c:\windows\system32\_004825_.tmp.dll c:\windows\system32\_004826_.tmp.dll c:\windows\system32\_004829_.tmp.dll c:\windows\system32\_004830_.tmp.dll c:\windows\system32\_004832_.tmp.dll c:\windows\system32\_004833_.tmp.dll c:\windows\system32\_004834_.tmp.dll c:\windows\system32\_004836_.tmp.dll c:\windows\system32\_004839_.tmp.dll c:\windows\system32\_004840_.tmp.dll c:\windows\system32\_004844_.tmp.dll c:\windows\system32\_004845_.tmp.dll c:\windows\system32\_004847_.tmp.dll c:\windows\system32\_004850_.tmp.dll c:\windows\system32\_004852_.tmp.dll c:\windows\system32\_004853_.tmp.dll c:\windows\system32\_004854_.tmp.dll c:\windows\system32\_004855_.tmp.dll c:\windows\system32\_004856_.tmp.dll c:\windows\system32\_004859_.tmp.dll c:\windows\system32\_004860_.tmp.dll c:\windows\system32\_004861_.tmp.dll c:\windows\system32\_004862_.tmp.dll c:\windows\system32\_004863_.tmp.dll c:\windows\system32\_004868_.tmp.dll c:\windows\system32\_004870_.tmp.dll . ((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 ))))))))))))))))))))))))))))))) . 2009-04-07 14:06 . 2009-04-07 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7 2009-04-07 00:01 . 2009-04-07 00:01 0 --a------ c:\windows\system32\commonpriv.log.lock 2009-04-06 08:46 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1719.tmp 2009-04-06 08:46 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET16EB.tmp 2009-04-06 08:46 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET16E6.tmp 2009-04-06 08:46 . 2008-04-14 05:41 16,896 --a------ c:\windows\system32\SET1747.tmp 2009-04-06 08:46 . 2008-04-14 05:42 13,824 --a------ c:\windows\system32\SET16E7.tmp 2009-04-06 08:46 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET16E1.tmp 2009-04-06 08:43 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET679.tmp 2009-04-06 08:42 . 2004-08-04 14:00 2,897,920 --a------ c:\windows\system32\xpsp2res.dll 2009-04-06 08:41 . 2004-08-04 14:00 2,148,352 --a------ c:\windows\system32\ntoskrnl.exe 2009-04-05 21:37 . 2009-04-05 21:37 <DIR> d-------- c:\documents and settings\User\Application Data\Lavasoft 2009-04-05 16:44 . 2007-11-18 01:43 943,872 -ra------ c:\windows\system32\drivers\nvnrm.sys 2009-04-05 16:44 . 2007-11-07 23:31 356,352 --a------ c:\windows\system32\nvunrm.exe 2009-04-05 16:44 . 2007-11-18 01:41 197,120 -ra------ c:\windows\system32\fdco1.dll 2009-04-05 16:44 . 2007-11-18 01:43 54,016 -ra------ c:\windows\system32\drivers\NVENETFD.sys 2009-04-05 16:44 . 2007-11-07 23:32 35,328 -ra------ c:\windows\system32\nvconrm.dll 2009-04-05 16:44 . 2007-11-18 01:43 22,016 -ra------ c:\windows\system32\drivers\nvnetbus.sys 2009-04-05 16:44 . 2007-11-18 01:40 9,216 -ra------ c:\windows\system32\bdco1.dll 2009-04-05 16:44 . 2007-11-07 23:28 5,815 -ra------ c:\windows\system32\nvnrm.nvu 2009-04-05 03:19 . 2009-04-05 03:19 319,488 --a------ c:\windows\HideWin.exe 2009-04-05 02:38 . 2005-04-14 14:42 141,582 --------- c:\windows\system32\drivers\NVCAP.SYS 2009-04-05 02:38 . 2005-04-14 14:42 29,696 --------- c:\windows\system32\FILTER.AX 2009-04-05 02:38 . 2005-04-14 14:42 16,496 --------- c:\windows\system32\drivers\NVXBAR.SYS 2009-04-04 14:01 . 2009-04-04 14:01 <DIR> d-------- c:\documents and settings\User\Application Data\CD-LabelPrint 2009-03-30 23:33 . 2009-03-30 23:33 7,680 --ahs---- c:\windows\Thumbs.db 2009-03-29 01:10 . 2009-03-29 01:10 <DIR> d-------- c:\program files\City Interactive 2009-03-27 18:41 . 2009-03-27 18:41 <DIR> d-------- c:\program files\Boilsoft Video Joiner 2009-03-27 17:55 . 2009-03-27 17:55 <DIR> d--h----- c:\windows\$hf_mig$ 2009-03-27 10:03 . 2009-03-27 10:03 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax 2009-03-27 10:03 . 2009-03-27 10:03 401,408 --a------ c:\windows\system32\nvcuvid.dll 2009-03-26 17:05 . 2009-03-26 17:05 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-03-26 03:25 . 2007-10-26 20:40 353,280 --a------ c:\windows\system32\idecoi.dll 2009-03-26 02:23 . 2009-03-26 02:23 <DIR> d-------- c:\windows\Philips 2009-03-26 02:23 . 2009-03-26 02:23 <DIR> d-------- c:\program files\Common Files\SPC530NC 2009-03-26 02:13 . 2007-10-16 03:02 8,535 -ra------ c:\windows\system32\nvide.nvu 2009-03-26 02:11 . 2007-07-06 01:01 356,352 -ra------ c:\windows\system32\nvusmb.exe 2009-03-26 02:11 . 2007-04-03 04:06 1,950 -ra------ c:\windows\system32\nvsmb.nvu 2009-03-26 01:21 . 2009-03-26 01:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner 2009-03-26 01:21 . 2009-03-26 01:21 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336} 2009-03-26 01:09 . 2009-03-26 01:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7} 2009-03-26 01:05 . 2009-03-26 01:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722} 2009-03-26 00:43 . 2009-03-26 00:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628} 2009-03-26 00:43 . 2009-03-26 00:43 <DIR> dr-h----- C:\AHCache 2009-03-26 00:42 . 2009-03-26 01:21 <DIR> d-------- c:\program files\Uniblue 2009-03-26 00:01 . 2009-03-26 01:29 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue 2009-03-25 23:34 . 2009-04-07 01:21 69 --a------ c:\windows\NeroDigital.ini 2009-03-21 19:38 . 2009-03-25 23:45 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead 2009-03-21 19:38 . 2009-03-21 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2009-03-21 19:36 . 2009-03-21 19:36 <DIR> d-------- c:\program files\Nero 2009-03-21 19:36 . 2009-03-21 19:37 <DIR> d-------- c:\program files\Common Files\Ahead 2009-03-21 19:36 . 2009-03-21 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-03-21 17:52 . 2009-03-21 17:52 685,816 --a------ c:\windows\system32\drivers\sptd.sys 2009-03-21 17:31 . 2004-08-04 01:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll 2009-03-21 17:31 . 2001-08-17 23:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe 2009-03-21 17:31 . 2001-08-17 23:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe 2009-03-21 17:31 . 2001-08-17 23:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll 2009-03-21 17:31 . 2004-08-03 23:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys 2009-03-21 17:31 . 2001-08-17 23:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll 2009-03-21 17:31 . 2001-08-17 13:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys 2009-03-21 17:31 . 2004-08-03 23:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys 2009-03-21 17:31 . 2004-08-04 01:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll 2009-03-21 17:31 . 2001-08-17 23:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe 2009-03-21 17:29 . 2001-08-17 14:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys 2009-03-21 17:28 . 2001-08-17 23:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll 2009-03-21 17:27 . 2001-08-17 15:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll 2009-03-21 17:26 . 2001-08-17 13:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys 2009-03-21 17:25 . 2004-08-03 23:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys 2009-03-21 17:24 . 2001-08-17 23:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll 2009-03-21 17:23 . 2001-08-17 14:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys 2009-03-21 17:22 . 2004-08-04 01:56 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll 2009-03-21 17:21 . 2004-08-03 23:59 2,056,832 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe 2009-03-21 17:20 . 2004-08-03 23:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys 2009-03-21 17:19 . 2004-08-04 01:56 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll 2009-03-21 17:18 . 2001-08-17 14:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys 2009-03-21 17:17 . 2001-08-17 23:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll 2009-03-21 17:16 . 2004-08-03 23:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys 2009-03-21 17:15 . 2001-08-17 15:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll 2009-03-21 17:14 . 2001-08-17 14:28 595,647 --a--c--- c:\windows\system32\dllcache\es56cvmp.sys 2009-03-21 17:13 . 2001-08-17 13:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys 2009-03-21 17:12 . 2001-08-17 23:36 419,357 --a--c--- c:\windows\system32\dllcache\dgconfig.dll 2009-03-21 17:11 . 2001-08-17 13:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys 2009-03-21 17:10 . 2004-08-04 01:56 516,768 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll 2009-03-21 11:45 . 2004-08-04 01:56 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll 2009-03-21 11:44 . 2004-08-04 00:20 2,180,992 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe 2009-03-21 11:40 . 2009-04-05 21:15 1,175,388 --a------ c:\windows\setupapi.log.0.old 2009-03-21 03:15 . 2009-03-21 03:15 <DIR> d-------- c:\documents and settings\User\Application Data\Desktopicon 2009-03-16 02:27 . 2009-03-16 02:27 <DIR> d-------- c:\program files\SafeNet Sentinel 2009-03-16 02:27 . 2009-03-16 02:27 <DIR> d-------- c:\program files\Common Files\SafeNet Sentinel 2009-03-16 02:04 . 2009-03-16 02:04 438,976 --a------ c:\windows\system32\mshflxgd.ocx 2009-03-16 02:00 . 2009-03-16 02:00 1,044,480 --a------ c:\windows\system32\Roboex32.dll 2009-03-16 01:58 . 2009-03-16 01:58 118,848 --a------ c:\windows\system32\SHW32.DLL 2009-03-16 01:49 . 2009-03-16 01:49 48,640 --a------ c:\windows\system32\Inetwh32.dll 2009-03-10 12:15 . 2009-03-10 12:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Saitek . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-04-07 12:15 81,984 ----a-w c:\windows\system32\bdod.bin 2009-04-06 21:27 --------- d-----w c:\documents and settings\User\Application Data\Azureus 2009-04-05 22:35 --------- d-----w c:\documents and settings\User\Application Data\Vso 2009-04-05 17:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-04-05 17:07 --------- d-----w c:\program files\Vuze 2009-04-05 17:05 --------- d--h--w c:\program files\InstallShield Installation Information 2009-04-05 00:38 --------- d-----w c:\program files\Common Files\InstallShield 2009-04-05 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles 2009-04-04 18:50 --------- d-----w c:\documents and settings\User\Application Data\LimeWire 2009-04-04 18:50 --------- d-----w c:\documents and settings\User\Application Data\FrostWire 2009-04-03 20:26 --------- d-----w c:\program files\Windows Live 2009-04-03 14:03 --------- d-----w c:\program files\Nokia 2009-04-03 14:03 --------- d-----w c:\program files\Common Files\Nokia 2009-04-03 14:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2009-03-27 21:19 --------- d---a-w c:\documents and settings\All Users\Application Data\Temp 2009-03-27 06:14 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2009-03-24 06:09 --------- d-----w c:\documents and settings\User\Application Data\ICAClient 2009-03-21 14:37 --------- d-----w c:\program files\Philips_VLounge 2009-03-21 01:25 --------- d-----w c:\program files\Saitek Dual Analog Rumble Pad 2009-03-21 01:25 --------- d-----w c:\program files\LimeWire 2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller 2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\espionServerData 2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-03-10 10:23 --------- d-----w c:\program files\Common Files\Logitech 2009-03-10 10:22 --------- d-----w c:\program files\Logitech 2009-03-03 07:37 45,984 ----a-w c:\windows\system32\ins2.exe 2009-02-27 22:28 --------- d-----w c:\documents and settings\User\Application Data\Nokia 2009-02-27 21:54 --------- d-----w c:\program files\Common Files\Common Share 2009-02-24 22:39 --------- d-----w c:\documents and settings\User\Application Data\GARMIN 2009-02-13 16:47 720,896 ----a-w c:\windows\iun6002ev.exe 2009-02-07 20:59 --------- d-----w c:\program files\Combined Community Codec Pack 2009-02-07 20:53 --------- d-----w c:\program files\TimeAdjuster 2009-02-07 20:18 --------- d-----w c:\program files\URUSoft 2009-02-07 19:46 --------- d-----w c:\program files\inKline Global 2009-02-07 19:41 --------- d-----w c:\program files\Subtitle Workshop 2009-01-13 18:13 244,232 ----a-w c:\windows\system32\WmJoyFrc.dll 2009-01-11 10:34 410,984 ----a-w c:\windows\system32\deploytk.dll 2008-11-07 23:51 47,360 ----a-w c:\documents and settings\User\Application Data\pcouffin.sys 2005-11-29 15:17 24,848 ----a-w c:\program files\opera\program\plugins\cgpcfg.dll 2005-11-29 15:17 74,000 ----a-w c:\program files\opera\program\plugins\cgpcore.dll 2005-11-29 15:17 45,328 ----a-w c:\program files\opera\program\plugins\icalogon.dll 2005-11-29 15:17 28,944 ----a-w c:\program files\opera\program\plugins\pscript.dll 2005-11-29 15:17 69,904 ----a-w c:\program files\opera\program\plugins\sslsdk_b.dll 2005-11-29 15:17 24,848 ----a-w c:\program files\opera\program\plugins\tcppserv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spyware Cleaner Monitor"="d:\program files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" [2008-05-21 2186752] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] "Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-29 2019624] "PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440] "BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-11-03 368640] "UpdatePDRShortCut"="e:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-14 185872] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168] "Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-10-05 2680104] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736] "CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2007-09-29 122880] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016] "UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872] "nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.mjpg"= pvmjpg30.dll "msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk] [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk] HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] --a------ 2008-08-14 08:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 18:05 81920 d:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox] --------- 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] --------- 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 16:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Vuze\\Azureus.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"= "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"= "e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"= "e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"= "e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"= "e:\\Program Files\\CyberLink\\PowerDirector\\PowerDirector\\PDR.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "d:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"= "d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"= "d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"= "c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 208896] R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656] R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2008-10-29 1290240] R3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2008-12-17 88704] R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [2008-12-17 486912] R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [2008-12-17 7680] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-19 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-19 8320] S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2008-11-24 137600] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contents of the 'Scheduled Tasks' folder 2009-04-07 c:\windows\Tasks\RegCure Program Check.job - d:\program files\RegCure\RegCure.exe [2009-03-23 15:02] 2009-04-05 c:\windows\Tasks\RegCure.job - d:\program files\RegCure\RegCure.exe [2009-03-23 15:02] . - - - - ORPHANS REMOVED - - - - HKCU-Run-Memory Optimizer - (no file) Notify-avgrsstarter - avgrsstx.dll . ------- Supplementary Scan ------- . uStart Page = about:blank uInternet Settings,ProxyOverride = .local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html Trusted Zone: rba.hr\nfuse FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9tqxatni.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q= FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - component: d:\program files\browserrecord\components\nprpbrowserrecordplugin.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Opera\program\plugins\npican.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: d:\program files\Netscape6\nppl3260.dll FF - plugin: d:\program files\Netscape6\nprjplug.dll FF - plugin: d:\program files\Netscape6\nprpjplug.dll . *********************************************************************** catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-04-07 14:15:15 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,91,a2,39,9f,aa, bd,37,4e,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,6a,83,7d,f4,1c, e1,78,11,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a2,3a,e3,ee,6e, 31,cc,e6,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,70,cb,84,86,68, 51,af,05,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,d5,91,c3,fd,23, b2,3a,72,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d5,7a,f8,be,a7, ed,2a,e6,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,95,69,32,57,f3, 2f,db,53,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6d,90,e6,b4,3b, d7,79,f8,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6c,61,12,8f,15, 05,0d,78,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,45,36,f6,33,cf, c4,b1,97,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,0f,6c,21,f5,fc, c1,b1,6a,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4f,a6,85,3a,66, f5,0f,48,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\ . Completion time: 2009-04-07 14:16:38 ComboFix-quarantined-files.txt 2009-04-07 12:16:20 Pre-Run: 11.682.152.448 bytes free Post-Run: 13,944,705,024 bytes free 401 ...evo, bez obzira na sve, pokrenuo sam Combo na vlastitu odgovornost. Hvala na pomoći!!! Pozdrav

Profil

dr_Bora Poslao: 07 Apr 2009 16:57 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovde ne bi trebalo biti malware-a. Preporučio bih da ukloniš ostatke AVG-a: http://www.avg.com/download-tools Deinstalacija ComboFix-a: Klikni START a zatim RUN. U liniju za unos teksta ukucaj (iskopiraj) sledeće: Combofix /u a zatim klikni OK. Sačekaj da se proces deinstalacije završi. Za preostale probleme možeš potražiti savete u forumu Windows.

Profil

neman1 Poslao: 07 Apr 2009 17:06 Idi na vrh
offline neman1 Novi MyCity građanin Pridružio: 05 Apr 2009 Poruke: 3	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! doktore HVALA!!!!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Hijack this - log file, molim pomoć.

Ko je trenutno na forumu

Ukupno su 1026 korisnika na forumu :: 27 registrovanih, 3 sakrivenih i 996 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: _Rade, amaterSRB, Ben Roj, Boris Bosiljčić, cenejac111, cifra, darkangel, draganl, dragoljub11987, gorican, goxin, ILGromovnik, Istman, Ivica1102, Joja, JOntra, kinez88, kybonacci, m0nstrum_, mile23, milenko crazy north, Mixelotti, Miškić, nenad81, radionica1, Valter071, Vatreni Zmaj

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by