| |
Problem!!Nije Hitno Ali Je Pozeljna Pomoc...
|
|
|
|
 Poslao: 06 Feb 2010 12:04 |
|
|
|
|
Ovako...
Kada upalim racunar iskoci mi ova slika:
A nakon toga...par minuti iskoci ovo...
Trazio sam po netu...ali nisam nasao nista korisno...
Pa reko da pitam profesionalce...pa se sjetio vas...
[/img]
I Izvinjavam se sto su slike...sto imaju ovo bijelo...ali u zurbi sam radio... |
|
|
|
|
|
| Poslao: 06 Feb 2010 12:46 |
|
|
|
|
|
| Poslao: 06 Feb 2010 14:48 |
|
|
|
|
Izvinjavam se zbog NEprofesionalnog odnosa prema AMF Timu...
Prije jedno 2 dana su odjednom poceli da iskacu prozori koje cete vidjeti u nastavku...
Tada nisam instalirao/brisao nikakve programe ili neke druge fajlove.
Koristim Avast5,updade-ujem ga redovno...
Prije par min sam uradio Full System Scan i nije bilo nikakvih infektovanih datoteka...
Koristim Windows XP SP2 32-bitni...
Evo Log fajla...
| Kod: |
DDS (Ver_09-12-01.01) - NTFSx86
Run by x-Death-x at 14:38:10,48 on sub 06.02.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.945 [GMT 1:00]
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\PowerDVD\PDVDServ.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\x-Death-x\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: ShowBarObjMp3 Class: {cf59ae24-5796-44fc-9575-8d4f383c65f8} - c:\program files\youtubemp3downloader\MinBHOMp3.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: YouTube MP3 Downloader: {f27a9a1d-6f23-442d-88c0-5dc40fd13dcd} - c:\program files\youtubemp3downloader\YouTubeMP3.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [sysinfo] c:\windows\system32\rundll32.exe c:\docume~1\x-deat~1\locals~1\temp\88437616Wsy.dll,Sets
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=021410 serial=DR12WCT-1689604-YCX lang=EN
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [RemoteControl] "c:\program files\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\powerdvd\language\Language.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\x-deat~1\startm~1\programs\startup\stardo~1.lnk - c:\program files\stardock\objectdock\ObjectDock.exe
StartupFolder: c:\docume~1\x-deat~1\startm~1\programs\startup\warcra~1.lnk - c:\program files\warcraft iii\support\config.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus\AirPlus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\x-deat~1\applic~1\mozilla\firefox\profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\documents and settings\x-death-x\application data\mozilla\firefox\profiles\vk1wbsjs.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-1-2 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-1-2 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-12-31 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-12-31 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-1-24 40384]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 rootrepeal;rootrepeal;\??\c:\windows\system32\drivers\rootrepeal.sys --> c:\windows\system32\drivers\rootrepeal.sys [?]
=============== Created Last 30 ================
2010-02-06 10:51:01 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-06 10:42:36 0 d-----w- c:\program files\RAR Password (zabranjeno)er
2010-02-05 23:41:34 0 d-----w- c:\program files\JDownloader
2010-02-04 21:50:33 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50:33 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-02 19:50:35 0 d-----w- c:\program files\WinPcap
2010-02-02 19:50:25 0 d-----w- c:\program files\YouTubeMP3Downloader
2010-02-02 14:38:36 0 d-----w- c:\program files\Unlocker
2010-02-02 14:15:03 69 ----a-w- c:\windows\NeroDigital.ini
2010-02-02 04:35:49 4767 ----a-w- c:\windows\Irremote.ini
2010-02-02 04:20:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Nero
2010-02-01 19:17:57 0 d-----w- c:\program files\VLC
2010-02-01 15:40:44 0 d-----w- c:\windows\system32\XPSViewer
2010-02-01 15:39:49 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39:49 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39:49 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39:49 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39:49 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39:49 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 15:39:49 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 15:39:49 0 d-----w- C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:36:40 0 d-----w- c:\program files\MSXML 6.0
2010-01-31 20:05:29 0 d-----w- c:\docume~1\x-deat~1\applic~1\TeamViewer
2010-01-31 20:04:50 0 d-----w- c:\program files\TeamViewer
2010-01-25 19:05:00 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05:00 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-25 19:01:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-24 20:44:18 0 d-----w- c:\program files\Stardock
2010-01-24 20:35:25 5760054 ----a-w- c:\windows\AW_1600x1200.bmp
2010-01-24 20:33:20 3932214 ----a-w- c:\windows\InvaderDark1280.bmp
2010-01-24 20:23:14 3932214 ----a-w- c:\windows\AW_XenoMorph1280.bmp
2010-01-24 20:21:14 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-01-24 20:21:14 0 d-----w- c:\program files\common files\Stardock
2010-01-24 20:21:14 0 d-----w- c:\program files\AlienWare
2010-01-24 18:42:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2010-01-23 21:53:13 0 d--h--r- C:\AHCache
2010-01-22 07:56:20 0 d-----w- c:\windows\system32\SoftwareDistribution
2010-01-20 19:27:54 8608 ----a-w- c:\windows\system32\mpeg4ax.cat
2010-01-20 19:27:54 8587 ----a-w- c:\windows\system32\msaudio.cat
2010-01-20 19:27:54 73728 ----a-w- c:\windows\system32\TOverlay.ax
2010-01-20 19:27:54 700416 ----a-w- c:\windows\system32\AxisToolBar.ocx
2010-01-20 19:27:54 53248 ----a-w- c:\windows\system32\DSTimeStamp.ax
2010-01-20 19:27:54 438976 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2010-01-20 19:27:54 40960 ----a-w- c:\windows\system32\wavdest.ax
2010-01-20 19:27:54 36864 ----a-w- c:\windows\system32\Sof2FFTPrj.ocx
2010-01-20 19:27:54 28672 ----a-w- c:\windows\system32\SpecBarPrj.ocx
2010-01-20 19:27:54 28672 ----a-w- c:\windows\system32\PCWinSoftPBar.ocx
2010-01-20 19:27:54 188416 ----a-w- c:\windows\system32\UScreenCapture.ax
2010-01-20 19:27:53 126976 ----a-w- c:\windows\system32\ArielColorCtrl.ocx
2010-01-20 19:26:56 0 d-----w- c:\program files\ScreenCapture
2010-01-08 20:39:28 0 d-----w- c:\program files\Valve
2010-01-07 16:32:29 0 d-----w- c:\documents and settings\x-death-x\Tracing
2010-01-07 16:25:59 0 d-----w- c:\program files\Microsoft
2010-01-07 16:25:41 0 d-----w- c:\program files\Windows Live SkyDrive
2010-01-07 16:14:50 0 d-----w- c:\program files\common files\Windows Live
==================== Find3M ====================
2010-01-02 20:38:59 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-31 11:12:48 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-29 21:29:58 258352 ----a-w- c:\windows\system32\unicows.dll
============= FINISH: 14:38:25,14 ===============
|
A evo Attach.txt fajla
| Kod: | | http://www.mycity.rs/uploads2/123891_1161100265_Attach.txt |
Sto se tice RootRepeal
| Kod: | | http://www.mycity.rs/uploads2/123891_1749741154_RootRepeal%20report%2002-06-10%20%2814-44-57%29.txt |
Kada upalim racunar iskoci mi ovaj prozorcic:
A nakon toga...par minuti iskoci ovo...
(Nemora uvijek da bude tim redosljedom)
Trazio sam po netu...ali nisam nasao nista korisno...
Pa reko da pitam profesionalce...
I jos jednom se izvinjavam zbog prethodnog posta...nece se vise nikada ponoviti...obecavam...
Uz duzno postovanje prema AMF Timu,
x-Death-x |
|
|
|
|
|
| Poslao: 06 Feb 2010 19:06 |
|
|
|
|
Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:
Bleeping Computer
 Kada preuzimanje programa bude završeno:
- deaktiviraj zaštitni softver (uputstvo);
- zatvori pokrenute programe;
- dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:- proveriti postoji li novija verzija programa:
- klikni Yes ako bude ponuđeno preuzimanje iste.
- prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
- klikni Yes kako bi proces bio nastavljen.
- ako Recovery Console nije instalirana, ponuditi instalaciju:
- obavezno prihvati klikom na Yes i isprati postupak.
- postaviti/dati određeni broj upita/obaveštenja:
- prihvati klikom na Yes ili OK.
- po potrebi, restartovati Windows (više puta);
- na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.
Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
- klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
- klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
- klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.
Napomena:- Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
- Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.
|
|
|
|
|
|
| Poslao: 06 Feb 2010 19:52 |
|
|
|
|
Evo i ComboFix Log-fajl
ComboFix 10-02-05.04 - x-Death-x 06.02.2010 19:46:07.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.846 [GMT 1:00]
Running from: c:\documents and settings\x-Death-x\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-01-06 to 2010-02-06 )))))))))))))))))))))))))))))))
.
2010-02-06 14:35 . 2010-02-06 14:43 -------- d-----w- c:\program files\Garena
2010-02-06 14:18 . 2010-02-06 14:25 76295 ----a-w- c:\windows\War3Unin.dat
2010-02-06 14:18 . 2010-02-06 14:24 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-06 14:18 . 2010-02-06 14:24 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-06 14:17 . 2010-02-06 17:58 -------- d-----w- c:\program files\Warcraft III
2010-02-06 14:11 . 2010-02-06 14:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 10:51 . 2010-02-06 10:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-05 23:41 . 2010-02-06 10:59 -------- d-----w- c:\program files\JDownloader
2010-02-04 21:50 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-04 16:43 . 2010-02-04 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-04 16:42 . 2010-02-04 16:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\x-Death-x\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2010-02-04 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 16:35 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Adobe
2010-02-04 16:35 . 2010-02-04 16:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-04 16:35 . 2010-02-05 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-04 16:35 . 2010-02-04 16:35 -------- d-----w- c:\program files\NOS
2010-02-04 16:35 . 2010-01-25 09:02 31936 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-02-04 16:35 . 2010-01-25 09:02 29344 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\WinPcap
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\YouTubeMP3Downloader
2010-02-02 14:58 . 2010-02-02 14:58 78264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-02 14:38 . 2010-02-02 14:38 -------- d-----w- c:\program files\Unlocker
2010-02-02 14:20 . 2010-02-02 14:20 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Nero
2010-02-02 04:33 . 2010-02-02 14:43 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 04:20 . 2010-02-02 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-01 19:20 . 2010-02-02 15:36 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\vlc
2010-02-01 19:17 . 2010-02-01 19:18 -------- d-----w- c:\program files\VLC
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\program files\MSBuild
2010-02-01 15:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-01 15:39 . 2010-02-01 15:40 -------- d-----w- C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 15:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-01 15:36 . 2010-02-01 15:36 -------- d-----w- c:\program files\MSXML 6.0
2010-01-31 20:05 . 2010-01-31 20:05 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\TeamViewer
2010-01-31 20:04 . 2010-01-31 20:04 -------- d-----w- c:\program files\TeamViewer
2010-01-28 00:37 . 2010-01-28 00:37 -------- d-----w- c:\documents and settings\Turisti\Application Data\skypePM
2010-01-27 21:48 . 2010-01-28 01:19 -------- d-----w- c:\documents and settings\Turisti\Application Data\Skype
2010-01-25 19:05 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-24 20:44 . 2010-01-24 20:44 -------- d-----w- c:\program files\Stardock
2010-01-24 20:23 . 2010-01-25 22:08 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Stardock
2010-01-24 20:21 . 2010-02-06 10:52 -------- d-----w- c:\program files\AlienWare
2010-01-24 20:21 . 2010-02-06 10:48 -------- d-----w- c:\program files\Common Files\Stardock
2010-01-24 20:21 . 2003-02-26 21:27 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\program files\Alwil Software
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 22:02 . 2010-01-23 22:06 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Paint.NET
2010-01-23 21:58 . 2010-01-23 21:58 -------- d-----w- c:\program files\Reference Assemblies
2010-01-23 21:53 . 2010-01-23 21:53 -------- d-----r- C:\AHCache
2010-01-21 23:29 . 2010-01-21 23:29 -------- d-----w- c:\documents and settings\Turisti\Application Data\Corel
2010-01-21 10:49 . 2010-01-21 10:49 -------- d-----w- c:\documents and settings\Turisti\Local Settings\Application Data\Apple Computer
2010-01-21 10:40 . 2010-01-21 10:40 -------- d-----w- c:\documents and settings\Turisti
2010-01-20 19:26 . 2010-01-20 19:31 -------- d-----w- c:\program files\ScreenCapture
2010-01-20 19:26 . 2010-01-20 19:26 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\InstallShield
2010-01-12 18:33 . 2010-01-12 18:33 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Identities
2010-01-12 16:45 . 2010-01-26 19:22 -------- d-----w- c:\documents and settings\Maja\Application Data\skypePM
2010-01-08 20:39 . 2010-01-08 21:39 -------- d-----w- c:\program files\Valve
2010-01-07 23:31 . 2010-01-07 23:31 -------- d-----w- c:\windows\Sun
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 10:51 . 2009-12-31 15:18 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\uTorrent
2010-02-02 15:01 . 2010-01-04 00:00 -------- d-----w- c:\program files\AIMP2
2010-02-01 17:32 . 2009-12-31 11:42 19224 ----a-w- c:\documents and settings\x-Death-x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:08 . 2009-12-31 17:50 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Skype
2010-01-31 20:01 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\skypePM
2010-01-27 21:47 . 2010-01-04 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-26 20:47 . 2010-01-04 21:37 -------- d-----w- c:\documents and settings\Maja\Application Data\Skype
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-20 19:27 . 2009-12-31 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:13 . 2009-12-31 11:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2009-12-31 11:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2009-12-31 11:43 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2009-12-31 11:44 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2009-12-31 11:44 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2009-12-31 11:44 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2009-12-31 11:44 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2009-12-31 11:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2009-12-31 11:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-09 15:43 . 2009-12-31 18:07 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Microsoft
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-07 16:14 . 2010-01-07 16:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-07 12:25 . 2009-12-31 15:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-07 12:19 . 2010-01-07 12:16 -------- d-----w- c:\program files\PowerDVD
2010-01-07 12:19 . 2010-01-07 12:19 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\CyberLink
2010-01-07 12:18 . 2010-01-07 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-07 12:17 . 2010-01-07 12:16 -------- d-----w- c:\program files\CyberLink
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\SourceTec
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-01-06 15:15 . 2010-01-04 10:26 -------- d-----w- c:\documents and settings\Maja\Application Data\Free Download Manager
2010-01-05 20:44 . 2010-01-05 20:44 -------- d-----w- c:\documents and settings\Maja\Application Data\Corel
2010-01-05 20:40 . 2009-12-31 12:06 -------- d-----w- c:\program files\Realtek
2010-01-05 16:52 . 2010-01-05 16:52 -------- d-----w- c:\program files\D-Link AirPlus
2010-01-05 16:13 . 2010-01-05 16:11 -------- d-----w- c:\program files\Driver Magician
2010-01-04 21:37 . 2010-01-04 21:37 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 21:37 . 2009-12-31 17:48 -------- d-----r- c:\program files\Skype
2010-01-04 21:31 . 2010-01-04 21:31 -------- d-----w- c:\program files\Inpaint
2010-01-03 23:03 . 2010-01-03 22:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-03 22:14 . 2010-01-03 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-01-02 20:38 . 2010-01-02 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\program files\Java
2010-01-02 20:38 . 2010-01-02 20:38 152576 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 20:36 . 2010-01-02 20:36 79488 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Leadertech
2010-01-02 19:12 . 2010-01-02 19:12 -------- d-----w- c:\program files\Deamon
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\program files\QuickTime
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-01 14:31 . 2009-12-31 18:10 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Apple Computer
2010-01-01 13:58 . 2010-01-01 13:58 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\AnvSoft
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-01 11:52 . 2009-12-31 11:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 18:10 . 2009-12-31 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-31 18:08 . 2009-12-31 18:08 -------- d-----w- c:\program files\Apple Software Update
2009-12-31 18:07 . 2009-12-31 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-31 17:51 . 2009-12-31 17:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 17:48 . 2009-12-31 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 15:31 . 2009-12-31 15:31 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Ambient Design
2009-12-31 15:19 . 2009-12-31 15:19 -------- d-----w- c:\program files\uTorrent
2009-12-31 14:03 . 2009-12-31 14:03 -------- d-----w- c:\program files\7-Zip
2009-12-31 14:01 . 2009-12-31 14:01 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 13:59 . 2009-12-31 13:59 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Corel
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Common Files\Corel
2009-12-31 12:36 . 2009-12-31 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Corel
2009-12-31 12:27 . 2009-12-31 12:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 11:17 . 2009-12-31 11:17 -------- d-----w- c:\program files\microsoft frontpage
2009-12-31 11:12 . 2009-12-31 11:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-29 21:29 . 2009-12-31 19:44 258352 ----a-w- c:\windows\system32\unicows.dll
.
------- Sigcheck -------
[-] 2007-12-29 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf59ae24-5796-44fc-9575-8d4f383c65f8}]
2010-01-29 14:44 221184 ----a-w- c:\program files\YouTubeMP3Downloader\MinBHOMp3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}"= "c:\program files\YouTubeMP3Downloader\YouTubeMP3.dll" [2010-01-29 704512]
[HKEY_CLASSES_ROOT\clsid\{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1]
[HKEY_CLASSES_ROOT\TypeLib\{f20fd027-a5f3-451a-8db1-13298321f6a8}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\x-Death-x\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-24 3450608]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-1-5 262144]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2.1.2010 20:12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2.1.2010 20:12 5248]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 12:44 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 12:44 19024]
R3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp --> c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp [?]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 15:11 691696]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - GARENAPENGINE
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ba/
FF - plugin: c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-06 19:49
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x897A3AE8]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba8ecfc3
\Driver\ACPI -> ACPI.sys @ 0xba759cb8
\Driver\atapi -> 0x897a3ae8
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x8058236c
ParseProcedure -> ntkrnlpa.exe @ 0x8058146a
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xba5e0ba0
PacketIndicateHandler -> NDIS.sys @ 0xba5edb21
SendHandler -> NDIS.sys @ 0xba5cb87b
Warning: possible MBR rootkit infection !
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\ISD14F.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(716)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(2604)
c:\windows\system32\msi.dll
.
Completion time: 2010-02-06 19:50:26
ComboFix-quarantined-files.txt 2010-02-06 18:50
Pre-Run: 51.167.334.400 bytes free
Post-Run: 51.789.438.976 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 0CE7CD7EB18E4AAC87A0D7228EF91E14 |
|
|
|
|
|
| Poslao: 06 Feb 2010 21:54 |
|
|
|
|
Korak 1.
Preuzmi DeFogger sa ovog linka na Desktop .
- Dvoklikom pokreni DeFogger;
- Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable;
- Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;
Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.
Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će biti deaktivirani CD/DVD emulatori i omogućen neometan rad programa koje koristimo.
Korak 2.
Otvoriti Notepad i iskopirati sledeci tekst:
| Kod: | FileLook::
c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
RegLock::
[HKEY_USERS\S-1-5-21-527237240-329068152-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID] |
Snimiti na Desktop fajl iz Notepada kao "CFScript"
Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. |
|
|
|
|
|
| Poslao: 07 Feb 2010 15:43 |
|
|
|
|
Evo ga...
ComboFix 10-02-05.04 - x-Death-x 07.02.2010 15:34:47.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1470.993 [GMT 1:00]
Running from: c:\documents and settings\x-Death-x\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\x-Death-x\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((( Files Created from 2010-01-07 to 2010-02-07 )))))))))))))))))))))))))))))))
.
2010-02-06 14:35 . 2010-02-06 22:43 -------- d-----w- c:\program files\Garena
2010-02-06 14:18 . 2010-02-06 19:32 98366 ----a-w- c:\windows\War3Unin.dat
2010-02-06 14:18 . 2010-02-06 14:24 2829 ----a-w- c:\windows\War3Unin.pif
2010-02-06 14:18 . 2010-02-06 14:24 139264 ----a-w- c:\windows\War3Unin.exe
2010-02-06 14:17 . 2010-02-06 22:35 -------- d-----w- c:\program files\Warcraft III
2010-02-06 14:11 . 2010-02-06 14:11 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-06 10:51 . 2010-02-06 10:51 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-02-05 23:41 . 2010-02-06 10:59 -------- d-----w- c:\program files\JDownloader
2010-02-04 21:50 . 2004-08-03 22:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2010-02-04 21:50 . 2004-08-03 22:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2010-02-04 16:43 . 2010-02-04 16:43 -------- d-----w- c:\documents and settings\Default User\Local Settings\Application Data\Adobe
2010-02-04 16:42 . 2010-02-04 16:42 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\x-Death-x\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-02-04 16:39 . 2010-02-04 16:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-04 16:35 . 2010-02-04 16:58 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Adobe
2010-02-04 16:35 . 2010-02-04 16:35 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-04 16:35 . 2010-02-05 18:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-04 16:35 . 2010-02-04 16:35 -------- d-----w- c:\program files\NOS
2010-02-04 16:35 . 2010-01-25 09:02 31936 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2010-02-04 16:35 . 2010-01-25 09:02 29344 ----a-w- c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\WinPcap
2010-02-02 19:50 . 2010-02-02 19:50 -------- d-----w- c:\program files\YouTubeMP3Downloader
2010-02-02 14:58 . 2010-02-02 14:58 78264 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-02-02 14:38 . 2010-02-02 14:38 -------- d-----w- c:\program files\Unlocker
2010-02-02 14:20 . 2010-02-02 14:20 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Nero
2010-02-02 04:33 . 2010-02-02 14:43 -------- d-----w- c:\program files\Windows Sidebar
2010-02-02 04:20 . 2010-02-02 14:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2010-02-01 19:20 . 2010-02-02 15:36 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\vlc
2010-02-01 19:17 . 2010-02-01 19:18 -------- d-----w- c:\program files\VLC
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\windows\system32\XPSViewer
2010-02-01 15:40 . 2010-02-01 15:40 -------- d-----w- c:\program files\MSBuild
2010-02-01 15:40 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-02-01 15:39 . 2010-02-01 15:40 -------- d-----w- C:\9d6e42c39e220bdf0352dc5ebce6
2010-02-01 15:39 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-02-01 15:39 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-02-01 15:39 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-02-01 15:39 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-02-01 15:36 . 2010-02-01 15:36 -------- d-----w- c:\program files\MSXML 6.0
2010-01-31 20:05 . 2010-01-31 20:05 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\TeamViewer
2010-01-31 20:04 . 2010-01-31 20:04 -------- d-----w- c:\program files\TeamViewer
2010-01-28 00:37 . 2010-01-28 00:37 -------- d-----w- c:\documents and settings\Turisti\Application Data\skypePM
2010-01-27 21:48 . 2010-01-28 01:19 -------- d-----w- c:\documents and settings\Turisti\Application Data\Skype
2010-01-25 19:05 . 2004-08-03 22:08 25600 -c--a-w- c:\windows\system32\dllcache\usbser.sys
2010-01-25 19:05 . 2004-08-03 22:08 25600 ----a-w- c:\windows\system32\drivers\usbser.sys
2010-01-24 20:44 . 2010-01-24 20:44 -------- d-----w- c:\program files\Stardock
2010-01-24 20:23 . 2010-01-25 22:08 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Stardock
2010-01-24 20:21 . 2010-02-06 10:52 -------- d-----w- c:\program files\AlienWare
2010-01-24 20:21 . 2010-02-06 10:48 -------- d-----w- c:\program files\Common Files\Stardock
2010-01-24 20:21 . 2003-02-26 21:27 36864 ----a-w- c:\windows\system32\wbsys.dll
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\program files\Alwil Software
2010-01-24 18:42 . 2010-01-24 18:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-01-23 22:02 . 2010-01-23 22:06 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Paint.NET
2010-01-23 21:58 . 2010-01-23 21:58 -------- d-----w- c:\program files\Reference Assemblies
2010-01-23 21:53 . 2010-01-23 21:53 -------- d-----r- C:\AHCache
2010-01-21 23:29 . 2010-01-21 23:29 -------- d-----w- c:\documents and settings\Turisti\Application Data\Corel
2010-01-21 10:49 . 2010-01-21 10:49 -------- d-----w- c:\documents and settings\Turisti\Local Settings\Application Data\Apple Computer
2010-01-21 10:40 . 2010-01-21 10:40 -------- d-----w- c:\documents and settings\Turisti
2010-01-20 19:26 . 2010-01-20 19:31 -------- d-----w- c:\program files\ScreenCapture
2010-01-20 19:26 . 2010-01-20 19:26 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\InstallShield
2010-01-12 18:33 . 2010-01-12 18:33 -------- d-----w- c:\documents and settings\x-Death-x\Local Settings\Application Data\Identities
2010-01-12 16:45 . 2010-01-26 19:22 -------- d-----w- c:\documents and settings\Maja\Application Data\skypePM
2010-01-08 20:39 . 2010-01-08 21:39 -------- d-----w- c:\program files\Valve
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-06 10:51 . 2009-12-31 15:18 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\uTorrent
2010-02-02 15:01 . 2010-01-04 00:00 -------- d-----w- c:\program files\AIMP2
2010-02-01 17:32 . 2009-12-31 11:42 19224 ----a-w- c:\documents and settings\x-Death-x\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-31 20:08 . 2009-12-31 17:50 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Skype
2010-01-31 20:01 . 2009-12-31 17:51 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\skypePM
2010-01-27 21:47 . 2010-01-04 21:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-26 20:47 . 2010-01-04 21:37 -------- d-----w- c:\documents and settings\Maja\Application Data\Skype
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2010-01-25 19:01 . 2010-01-25 19:01 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-01-20 19:27 . 2009-12-31 12:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-19 13:13 . 2009-12-31 11:44 162640 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-19 11:57 . 2009-12-31 11:44 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-01-19 11:57 . 2009-12-31 11:43 152672 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-19 11:46 . 2009-12-31 11:44 46544 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-19 11:43 . 2009-12-31 11:44 23248 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-19 11:43 . 2009-12-31 11:44 100304 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-19 11:43 . 2009-12-31 11:44 94672 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-19 11:42 . 2009-12-31 11:44 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-19 11:42 . 2009-12-31 11:44 28240 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-09 15:43 . 2009-12-31 18:07 -------- d-----w- c:\program files\Common Files\Apple
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Microsoft
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live
2010-01-07 16:25 . 2010-01-07 16:25 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-01-07 16:14 . 2010-01-07 16:14 -------- d-----w- c:\program files\Common Files\Windows Live
2010-01-07 12:25 . 2009-12-31 15:50 -------- d-----w- c:\program files\Common Files\AVSMedia
2010-01-07 12:19 . 2010-01-07 12:16 -------- d-----w- c:\program files\PowerDVD
2010-01-07 12:19 . 2010-01-07 12:19 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\CyberLink
2010-01-07 12:18 . 2010-01-07 12:18 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2010-01-07 12:17 . 2010-01-07 12:16 -------- d-----w- c:\program files\CyberLink
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\SourceTec
2010-01-07 12:02 . 2010-01-04 21:44 -------- d-----w- c:\program files\Common Files\SourceTec
2010-01-06 15:15 . 2010-01-04 10:26 -------- d-----w- c:\documents and settings\Maja\Application Data\Free Download Manager
2010-01-05 20:44 . 2010-01-05 20:44 -------- d-----w- c:\documents and settings\Maja\Application Data\Corel
2010-01-05 20:40 . 2009-12-31 12:06 -------- d-----w- c:\program files\Realtek
2010-01-05 16:52 . 2010-01-05 16:52 -------- d-----w- c:\program files\D-Link AirPlus
2010-01-05 16:13 . 2010-01-05 16:11 -------- d-----w- c:\program files\Driver Magician
2010-01-04 21:37 . 2010-01-04 21:37 -------- d-----w- c:\program files\Common Files\Skype
2010-01-04 21:37 . 2009-12-31 17:48 -------- d-----r- c:\program files\Skype
2010-01-04 21:31 . 2010-01-04 21:31 -------- d-----w- c:\program files\Inpaint
2010-01-03 23:03 . 2010-01-03 22:16 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-01-03 22:14 . 2010-01-03 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard
2010-01-02 20:38 . 2010-01-02 20:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-02 20:38 . 2010-01-02 20:38 -------- d-----w- c:\program files\Java
2010-01-02 20:38 . 2010-01-02 20:38 152576 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-02 20:36 . 2010-01-02 20:36 79488 ----a-w- c:\documents and settings\x-Death-x\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-02 19:24 . 2010-01-02 19:24 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Leadertech
2010-01-02 19:12 . 2010-01-02 19:12 -------- d-----w- c:\program files\Deamon
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\program files\QuickTime
2010-01-02 14:35 . 2009-12-31 18:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-01 14:31 . 2009-12-31 18:10 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Apple Computer
2010-01-01 13:58 . 2010-01-01 13:58 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\AnvSoft
2010-01-01 11:56 . 2010-01-01 11:56 -------- d-----w- c:\documents and settings\All Users\Application Data\AVS4YOU
2010-01-01 11:52 . 2009-12-31 11:16 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-12-31 18:10 . 2009-12-31 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-31 18:08 . 2009-12-31 18:08 -------- d-----w- c:\program files\Apple Software Update
2009-12-31 18:07 . 2009-12-31 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-12-31 17:51 . 2009-12-31 17:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-12-31 17:48 . 2009-12-31 17:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-12-31 15:31 . 2009-12-31 15:31 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Ambient Design
2009-12-31 15:19 . 2009-12-31 15:19 -------- d-----w- c:\program files\uTorrent
2009-12-31 14:03 . 2009-12-31 14:03 -------- d-----w- c:\program files\7-Zip
2009-12-31 14:01 . 2009-12-31 14:01 0 ----a-w- c:\windows\nsreg.dat
2009-12-31 13:59 . 2009-12-31 13:59 -------- d-----w- c:\documents and settings\x-Death-x\Application Data\Corel
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Common Files\Corel
2009-12-31 12:36 . 2009-12-31 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
2009-12-31 12:36 . 2009-12-31 12:36 -------- d-----w- c:\program files\Corel
2009-12-31 12:27 . 2009-12-31 12:27 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-12-31 11:57 . 2009-12-31 11:57 -------- d-----w- c:\program files\MSXML 4.0
2009-12-31 11:17 . 2009-12-31 11:17 -------- d-----w- c:\program files\microsoft frontpage
2009-12-31 11:12 . 2009-12-31 11:12 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-12-29 21:29 . 2009-12-31 19:44 258352 ----a-w- c:\windows\system32\unicows.dll
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
--- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 86016
Created time: 2010-02-04 16:35
Modified time: 2010-02-04 16:35
MD5: 8C27E380661ECBE327203F3B1456DD2C
SHA1: 56E3ABCA71E56065FB1E91BE7A070DDB8FE6F132
------- Sigcheck -------
[-] 2007-12-29 . 9F960FAC5166F8626B9CDE4DD9A0EB84 . 1580544 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-02-06_18.49.08 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-07 14:28 . 2010-02-07 14:28 16384 c:\windows\Temp\Perflib_Perfdata_1fc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{cf59ae24-5796-44fc-9575-8d4f383c65f8}]
2010-01-29 14:44 221184 ----a-w- c:\program files\YouTubeMP3Downloader\MinBHOMp3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}"= "c:\program files\YouTubeMP3Downloader\YouTubeMP3.dll" [2010-01-29 704512]
[HKEY_CLASSES_ROOT\clsid\{f27a9a1d-6f23-442d-88c0-5dc40fd13dcd}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3.1]
[HKEY_CLASSES_ROOT\TypeLib\{f20fd027-a5f3-451a-8db1-13298321f6a8}]
[HKEY_CLASSES_ROOT\KBBar.KBBarBandMp3]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-10-15 14864384]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-02 149280]
"RemoteControl"="c:\program files\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-01-19 2743104]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\x-Death-x\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2010-1-24 3450608]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus.lnk - c:\program files\D-Link AirPlus\AirPlus.exe [2010-1-5 262144]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\PowerDVD\\PowerDVD.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Garena\\Garena.exe"=
"c:\\Program Files\\YouTubeMP3Downloader\\YouTubeMP3.exe"=
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [31.12.2009 12:44 162640]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [31.12.2009 12:44 19024]
S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp --> c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6.11.2007 21:22 34064]
S4 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2.1.2010 20:12 155136]
S4 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2.1.2010 20:12 5248]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6.2.2010 15:11 691696]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - ISAPNP
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.googlebreak.com/?CID=3&PID=STV
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\
FF - prefs.js: browser.search.selectedEngine - www.googlebreak.com
FF - prefs.js: browser.startup.homepage - hxxp://www.googlebreak.com/?CID=3&PID=STV
FF - plugin: c:\documents and settings\x-Death-x\Application Data\Mozilla\Firefox\Profiles\vk1wbsjs.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-07 15:39
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\docume~1\X-DEAT~1\LOCALS~1\Temp\UZM361.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\PowerDVD\000.fcl"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3328)
c:\program files\Stardock\ObjectDock\DockShellHook.dll
.
Completion time: 2010-02-07 15:40:23
ComboFix-quarantined-files.txt 2010-02-07 14:40
ComboFix2.txt 2010-02-06 18:50
Pre-Run: 51.729.027.072 bytes free
Post-Run: 51.699.220.480 bytes free
- - End Of File - - 863F0CAE70693A84743474C18B32237F |
|
|
|
|
|
| Poslao: 07 Feb 2010 16:27 |
|
|
|
|
Ovo sad deluje ok.
Isprati još sledeća uputstva...
Korak 1.
Potrebno je deinstalirati ComboFix:
- klikni start (ili
 ), a zatim RUN.
Na Visti koristiti Start Search polje ukoliko Run nije dostupan.
- U liniju za unos teksta ukucaj (iskopiraj) sledeće:
- ComboFix /Uninstall
Primeti da postoji razmak između "ComboFix" i "/Uninstall".
- a zatim klikni OK (ili pritisni Enter).
Sačekaj da se proces deinstalacije završi.
Korak 2.
Ponovo dvoklikom pokreni DeFogger;
- Pojaviće se MsgBox na kome ćeš kliknuti na taster Re-enable;
- Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;
Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.
Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će ponovo biti aktivirani CD/DVD emulatori. |
|
|
|
|
|
| Poslao: 07 Feb 2010 17:23 |
|
|
|
|
Hvala mnogo...Sada neko od modova neka stavi katanac ako hoce...da drugi nebi piskarali ovuda...
Imas moje postovanje... |
|
|
|
|
|
  |
Strana 1 od 1
|
(Registrovanim korisnicima se NE prikazuju reklame)
 |
|
 |
Ukupno su 193 korisnika na forumu :: 14 Registrovanih, 3 Sakriven i 176 Gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije
Najviše korisnika na forumu ikad bilo je 972 - dana 26 Okt 2008 13:06
Korisnici trenutno na forumu: Da vam Bata nešto kaže..., dr_Bora, Dubara, helen1, jetza88, magna86, nemanja_066, NoOneEver Dreams, plavii, Rumba King, stankovic, vlada_14, x-Death-x, Žan Klod vam dam |
|
Ugledni građanin 
Anti Malware Fighter 
