Blokira mi kompijuter

1

Blokira mi kompijuter

offline
  • Pridružio: 18 Apr 2009
  • Poruke: 34

Napisano: 06 Dec 2009 15:31

koristim AVG anti virus program i pri svakom skiniranju iskopa po nesto.Problem je taj sto kompijuter posle izvesnog vremena jednostavno zakuca (bez obzira da li skidam nesto,igram igricu) tako da jedino mogu da ga restartujem na kucistu.Problem se pojavio pre tri dana,skenirao sam ga i brisao to sto detektuje,sinoc sam ga vratio na datum od pre par dana kada je sve bilo OK.Inace povezan sam preko kablovskog interneta 1.5kb

DDS (Ver_09-12-01.01) - NTFSx86
Run by Ivan at 15:25:34.54 on Sun 12/06/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1434 [GMT 1:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Ivan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [av_md] c:\windows\temp\~TM11.tmp
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Regedit32] c:\windows\system32\regedit.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\bitcomet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ivan\applic~1\mozilla\firefox\profiles\00x37hrj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\00x37hrj.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [2009-12-6 160640]
R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [2009-12-6 5248]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2009-12-2 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-12-2 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-2 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-2 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-12-2 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2009-11-28 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-11-28 17024]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-12-2 1858144]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-12-2 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-2 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2009-12-2 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2009-12-2 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-12-2 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2009-12-2 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2009-12-2 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2009-12-2 25736]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-28 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-12-2 30104]

=============== Created Last 30 ================

2009-12-06 11:32:16 0 d-----w- c:\docume~1\alluse~1\applic~1\POP3Profiles
2009-12-06 11:00:40 0 d-----w- c:\docume~1\alluse~1\applic~1\POPWWPROFILES
2009-12-06 09:06:17 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-06 09:06:12 4 ----a-w- c:\docume~1\ivan\applic~1\avdrn.dat
2009-12-06 08:48:08 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-12-06 08:48:08 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-12-06 08:48:02 0 d-----w- c:\program files\Alcohol Soft
2009-12-06 02:05:10 0 d-----w- c:\windows\system32\XPSViewer
2009-12-06 02:04:17 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-06 02:04:17 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-06 02:04:17 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-06 02:04:17 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-06 02:04:17 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-06 02:04:16 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-06 02:04:16 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-06 01:31:20 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-12-06 01:19:56 0 d--h--r- C:\AHCache
2009-12-06 01:13:09 0 d-----w- c:\program files\Uniblue
2009-12-06 01:12:50 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-12-06 01:07:08 0 d-----w- c:\docume~1\ivan\applic~1\Uniblue
2009-12-06 01:07:08 0 d-----w- c:\docume~1\alluse~1\applic~1\DriverScanner
2009-12-04 21:11:24 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-12-04 19:17:24 0 d-----w- c:\program files\ATI
2009-12-04 19:15:12 0 d-----w- C:\ATI
2009-12-03 15:40:23 104 ----a-w- c:\documents and settings\ivan\default.pls
2009-12-03 14:09:10 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-03 14:08:57 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 14:08:57 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-03 14:02:58 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 14:00:46 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 14:00:45 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 14:00:45 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 13:57:41 0 d-----w- c:\program files\Windows Media Connect 2
2009-12-03 13:56:42 0 d-----w- c:\windows\system32\LogFiles
2009-12-03 13:14:43 0 d-----w- c:\windows\system32\PreInstall
2009-12-03 13:14:42 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-03 13:14:41 0 d--h--w- c:\windows\$hf_mig$
2009-12-02 21:19:37 0 d-----w- c:\program files\a-squared Free
2009-12-02 20:23:01 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-12-02 17:08:28 662288 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2009-12-02 17:08:28 137000 ----a-w- c:\windows\system32\MSMAPI32.OCX
2009-12-02 17:08:27 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-12-02 17:08:25 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-12-02 15:35:52 0 d--h--w- C:\$AVG
2009-12-02 15:35:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-02 15:35:39 0 d-----w- c:\windows\system32\drivers\Avg
2009-12-02 15:35:38 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-12-02 15:35:34 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-02 15:35:34 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-02 15:35:33 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 15:35:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 15:35:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-02 15:35:25 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-02 15:35:25 0 d-----w- c:\program files\AVG
2009-12-02 15:35:24 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2009-12-02 14:51:16 0 d-----w- C:\Downloads
2009-12-02 14:51:01 0 d-----w- c:\program files\BitComet
2009-12-02 14:08:23 1174 ----a-w- c:\windows\mozver.dat
2009-11-29 22:13:09 116 ----a-w- c:\windows\NeroDigital.ini
2009-11-29 15:46:14 0 d-----w- c:\docume~1\ivan\applic~1\Activision
2009-11-29 15:15:43 152248 ----a-w- c:\windows\Osveta Besnog Pileta Uninstaller.exe
2009-11-28 16:38:17 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-11-28 16:38:16 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-28 16:38:16 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-28 16:38:16 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-28 16:38:16 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-11-28 16:38:16 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-11-28 16:37:39 0 d-----w- c:\program files\Blast! Entertainment Ltd
2009-11-28 16:21:58 376 ----a-w- c:\windows\ODBC.INI
2009-11-28 16:21:54 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-28 16:21:29 0 d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 16:21:20 0 d-----w- c:\windows\SHELLNEW
2009-11-28 16:05:13 0 d-----w- c:\windows\Logs
2009-11-28 14:23:29 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-28 12:12:37 0 d-----w- c:\windows\RegisteredPackages
2009-11-28 12:12:01 0 d-----w- c:\program files\MUSICMATCH
2009-11-28 12:11:38 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2009-11-28 12:11:07 68864 ----a-w- c:\windows\system32\drivers\LMOUKE.sys
2009-11-28 12:11:07 55040 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2009-11-28 12:10:46 258352 ----a-w- c:\windows\system32\unicows.dll
2009-11-28 12:10:45 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-28 12:10:45 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-11-28 12:10:44 0 d-----w- c:\program files\common files\Logitech
2009-11-28 12:10:40 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-11-28 11:55:36 49668 ------w- c:\windows\UNNMP.cfg
2009-11-28 11:55:34 2670592 ------w- c:\windows\UNNMP.exe
2009-11-28 11:53:39 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-11-28 11:51:54 211802 ------w- c:\windows\UNNeroVision.cfg
2009-11-28 11:51:53 2682880 ------w- c:\windows\UNNeroVision.exe
2009-11-28 11:51:15 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-11-28 11:51:15 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-11-28 11:51:14 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-11-28 11:51:14 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-11-28 11:51:14 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-11-28 11:51:13 38912 ------w- c:\windows\system32\picn20.dll
2009-11-28 11:51:13 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-11-28 10:15:23 0 d-----w- c:\program files\PDFCreator
2009-11-28 10:13:17 0 d-----w- c:\program files\TimeAdjuster
2009-11-28 10:11:56 24064 ------w- c:\windows\system32\msxml3a.dll
2009-11-28 10:08:51 0 d-----w- c:\program files\PeerWeb DC++
2009-11-28 10:06:53 0 d-----w- c:\program files\Mv2Player
2009-11-28 10:04:21 20576 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-28 10:04:12 192 ----a-w- c:\windows\winamp.ini
2009-11-28 09:46:24 545 ----a-w- c:\windows\UC.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\RAR.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\PKZIP.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\LHA.PIF
2009-11-28 09:46:24 545 ----a-w- c:\windows\ARJ.PIF
2009-11-28 09:46:24 306 ----a-w- c:\windows\wincmd.ini
2009-11-28 09:46:24 0 d-----w- c:\program files\totalcmd
2009-11-28 09:45:38 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-11-28 09:23:00 0 d-----w- c:\windows\system32\appmgmt
2009-11-28 09:21:18 17024 ----a-w- c:\windows\system32\drivers\BS_I2cIo.sys
2009-11-28 09:19:40 940794 ----a-w- c:\windows\system32\LoopyMusic.wav
2009-11-28 09:19:40 146650 ----a-w- c:\windows\system32\BuzzingBee.wav
2009-11-28 09:19:38 0 d-----w- c:\windows\system32\Lang
2009-11-28 09:17:24 0 d-----w- c:\program files\HW Monitor
2009-11-28 09:17:05 0 d-----w- c:\program files\Tseries BIOS Update
2009-11-28 09:15:54 0 d-----w- c:\program files\Driver
2009-11-28 09:14:50 73728 ----a-w- c:\windows\system32\RtNicProp32.dll
2009-11-28 09:14:50 176768 ----a-w- c:\windows\system32\drivers\Rtenicxp.sys
2009-11-28 09:14:41 0 d-----w- c:\windows\OPTIONS
2009-11-28 09:14:41 0 d-----w- c:\program files\Realtek
2009-11-28 09:10:33 0 d-----w- c:\program files\ATI Technologies
2009-11-28 09:09:34 0 d-----w- c:\windows\system32\ReinstallBackups
2009-11-28 09:09:31 33792 ----a-w- c:\windows\system32\drivers\AmdPPM.sys
2009-11-28 09:09:22 0 d-----w- c:\program files\AMD
2009-11-28 09:07:25 13696 ----a-r- c:\windows\system32\drivers\BIOS.sys
2009-11-28 09:05:45 12288 ----a-r- c:\windows\system32\drivers\EIO_XP.sys
2009-11-28 09:04:14 0 d-----w- c:\program files\ASUS
2009-11-28 09:01:20 0 d-----w- c:\windows\system32\AGEIA
2009-11-28 09:01:14 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-28 09:01:00 210919 ----a-w- c:\windows\system32\nvapps.xml
2009-11-28 09:00:30 0 d-----w- c:\program files\My Company Name
2009-11-27 22:23:58 4444 ----a-w- c:\windows\system32\pid.PNF
2009-11-27 21:48:10 0 d-----w- c:\program files\common files\ODBC
2009-11-27 21:48:07 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-27 21:47:49 0 d-----r- c:\documents and settings\all users\Documents
2009-11-27 21:28:46 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-27 21:28:33 0 d--h--w- c:\program files\WindowsUpdate
2009-11-27 21:28:02 0 d-----w- c:\program files\common files\MSSoap
2009-11-27 21:26:49 0 d-----w- c:\program files\Online Services
2009-11-27 21:26:44 0 d-----w- c:\program files\Messenger
2009-11-27 21:26:41 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-27 21:26:10 0 d-----w- c:\program files\Windows NT

==================== Find3M ====================

2009-11-27 21:27:07 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-17 19:27:14 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27:14 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 19:27:14 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27:08 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27:08 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27:02 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 19:27:02 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:27:02 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 19:26:56 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26:50 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26:50 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51:38 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 12:48:02 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-25 05:37:11 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37:09 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll

============= FINISH: 15:25:47.21 ===============

Dopuna: 06 Dec 2009 15:33

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/7/2005 5:24:05 PM
System Uptime: 12/6/2009 3:05:00 PM (0 hours ago)

Motherboard: BIOSTAR Group | | TA770E
Processor: AMD Phenom(tm) II X4 920 Processor | CPU 1 | 1595/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 98 GiB total, 74.059 GiB free.
D: is FIXED (NTFS) - 176 GiB total, 130.403 GiB free.
E: is FIXED (NTFS) - 192 GiB total, 23.667 GiB free.
F: is CDROM ()
G: is FIXED (NTFS) - 98 GiB total, 42.751 GiB free.
H: is FIXED (NTFS) - 200 GiB total, 13.923 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP16: 11/28/2009 3:17:47 PM - Installed GTA San Andreas
RP17: 11/28/2009 5:05:32 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP18: 11/28/2009 5:08:06 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP19: 11/28/2009 5:20:32 PM - Installed Microsoft Office Professional Edition 2003
RP20: 11/28/2009 5:37:39 PM - Installed Mr Bean.
RP21: 11/28/2009 7:55:27 PM - Installed Ice Age Dawn of the Dinosaurs(TM)
RP22: 11/29/2009 11:33:39 PM - System Checkpoint
RP23: 12/1/2009 12:14:58 AM - System Checkpoint
RP24: 12/1/2009 6:11:47 PM - Installed GUN (TM)
RP25: 12/1/2009 7:05:59 PM - Removed GUN (TM)
RP26: 12/2/2009 4:35:24 PM - Installed AVG 9.0
RP27: 12/2/2009 4:48:10 PM - Avg8 Update
RP28: 12/2/2009 8:17:28 PM - Avg8 Update
RP29: 12/2/2009 9:37:54 PM - Avg8 Update
RP30: 12/2/2009 9:58:17 PM - Avg8 Update
RP31: 12/3/2009 12:16:07 AM - Avg8 Update
RP32: 12/3/2009 11:24:34 AM - Removed GTA San Andreas
RP33: 12/3/2009 2:14:39 PM - Software Distribution Service 3.0
RP34: 12/3/2009 2:56:16 PM - Installed Windows Media Player 11
RP35: 12/3/2009 2:56:39 PM - Installed Windows XP Wudf01000.
RP36: 12/3/2009 2:58:00 PM - Installed Windows XP MSCompPackV1.
RP37: 12/4/2009 3:00:15 AM - Software Distribution Service 3.0
RP38: 12/4/2009 8:42:36 AM - Configured ASUS Smart Doctor
RP39: 12/4/2009 8:43:18 AM - Removed ASUS Gamer OSD
RP40: 12/4/2009 11:18:56 AM - Installed Uniblue DriverScanner v1.0
RP41: 12/4/2009 11:48:51 AM - DriverScanner install: BenQ FP92G+
RP42: 12/4/2009 8:16:32 PM - Installed Realtek High Definition Audio Driver
RP43: 12/4/2009 10:10:52 PM - Installed REALTEK GbE & FE Ethernet PCI-E NIC Driver
RP44: 12/4/2009 10:14:44 PM - Installed Realtek High Definition Audio Driver
RP45: 12/5/2009 12:16:46 AM - Avg8 Update
RP46: 12/5/2009 3:00:13 AM - Software Distribution Service 3.0
RP47: 12/5/2009 9:26:37 AM - Avg8 Update
RP48: 12/5/2009 2:15:19 PM - Software Distribution Service 3.0
RP49: 12/6/2009 2:10:45 AM - Restore Operation
RP50: 12/6/2009 2:12:50 AM - Installed Uniblue DriverScanner v1.0
RP51: 12/6/2009 3:04:25 AM - Installed Windows KB954550-v5.
RP52: 12/6/2009 3:04:35 AM - Printer Driver Microsoft XPS Document Writer Installed
RP53: 12/6/2009 3:04:44 AM - Printer Driver Microsoft XPS Document Writer Installed
RP54: 12/6/2009 9:48:02 AM - Installed Alcohol 120%
RP55: 12/6/2009 12:00:13 PM - Installed Prince of Persia Warrior Within
RP56: 12/6/2009 12:00:40 PM - Installed Prince of Persia Warrior Within
RP57: 12/6/2009 12:29:25 PM - Installed Prince of Persia The Two Thrones
RP58: 12/6/2009 12:32:16 PM - Installed Prince of Persia The Two Thrones

==== Installed Programs ======================


a-squared Free 4.0
Activision(R)
Adobe Reader 7.0
AMD Processor Driver
ASUS nVidia Driver
ASUS Utilities
ASUS VideoSecurity Online
ATI - Software Uninstall Utility
ATI Catalyst Install Manager
AVG 9.0
BitComet 1.16
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB976098-v2)
HW Monitor
Ice Age Dawn of the Dinosaurs(TM)
Logitech Desktop Messenger
Logitech SetPoint
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
Mr Bean
MV2Player (remove only)
Nero Suite
NVIDIA Drivers
NVIDIA PhysX
Osveta Besnog Pileta
PDFCreator
PeerWeb DC++ 0.41
PowerDVD
Prince of Persia T2T
Prince of Persia The Two Thrones
Prince of Persia Warrior Within
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648-)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748-)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238-)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Time Adjuster STANDARD 3.1
Total Commander (Remove or Repair)
Uniblue DriverScanner 2009
Update for Windows XP (KB898461)
Update for Windows XP (KB951978-)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
WebFldrs XP
Winamp (remove only)
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
WinZip
XviD MPEG-4 Video Codec

==== Event Viewer Messages From Past Week ========

12/6/2009 10:15:59 AM, warning: Windows File Protection [64008] - The protected system file c:\program files\internet explorer\iexplore.exe could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.
12/6/2009 10:15:57 AM, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iexplore.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5512.
12/6/2009 10:15:45 AM, error: Service Control Manager [7034] - The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).
12/5/2009 2:30:00 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Internet Explorer 8 for Windows XP.
12/2/2009 2:37:05 PM, error: Dhcp [1002] - The IP address lease 192.168.100.10 for the Network Card with network address 0030671F90B0 has been denied by the DHCP server 89.216.1.18 (The DHCP Server sent a DHCPNACK message).
12/2/2009 2:34:23 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/2/2009 2:34:18 PM, error: Dhcp [1002] - The IP address lease 172.25.190.9 for the Network Card with network address 0030671F90B0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).

==== End Of File ===========================

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Pozdrav.


Ponovo pročitaj uputstvo Kako otvoriti temu u Ambulanti i isprati uputstvo vezano za Gmer (korak 3)

offline
  • Pridružio: 18 Apr 2009
  • Poruke: 34

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/12/06 18:00
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xB9EE3000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: axloqpoc.sys
Image Path: C:\DOCUME~1\Ivan\LOCALS~1\Temp\axloqpoc.sys
Address: 0xB1265000 Size: 91904 File Visible: No Signed: -
Status: -

Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB2AB2000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA618000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB18D6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\964409fc-53f0-41a0-9c32-ff5bf160f346.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\555a4b28-7414-4718-a731-a40b85382ae6.tmp
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\windows\temp\0b3a3eee-55aa-402c-8b77-4802fd81c9e8.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\0da1aaf6-cb4f-4efb-887a-05adcc5c5232.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\dba5c8cc-acb3-482f-8564-d3559104e585.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\bfcdc5a4-26f0-41e1-8a34-7d3c9d4db73a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\11a4896f-ac1e-49c1-8f20-b0a682a35186.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\a82de2ed-7e25-40dc-806f-fc74e57ca93a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\f4f90ce0-e836-4a87-9589-0480f2dc89b2.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\windows\temp\f541709b-26cf-4988-93b1-8a90f9bf1be9.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\windows\temp\ccf6dc29-b083-4405-a25d-66cf72a4b2cb.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\e5f6c449-1dea-4787-8026-74f562be75da.tmp
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\windows\temp\2c6cdc6d-ca75-496f-97d4-33452fff11c6.tmp
Status: Allocation size mismatch (API: 8192, Raw: 0)

Path: c:\windows\temp\d27ac83f-2444-4a99-95b7-01438f23f020.tmp
Status: Allocation size mismatch (API: 65536, Raw: 0)

Path: c:\windows\temp\67acb019-afee-4c04-a896-2a8755ad0f98.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\67c6432e-badf-440e-b2ef-ee3ed23c834d.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\39619c85-ed80-416c-a6cc-8baa29469176.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\3b1017a1-92c0-455f-a660-b2aa6ae33925.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\3b599746-73f1-44c7-8827-159a92c2d9ce.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\7710f859-599b-4084-9387-f8abeec06945.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\7c002ab9-5753-4c46-961d-199e11674730.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\1710b8b5-d271-4314-9ca2-a19abe56f39d.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\8df7d7d0-4c11-429f-aa59-4a29a16c269a.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\85163706-f92d-49af-8d01-ea11e8afe93e.tmp
Status: Allocation size mismatch (API: 49152, Raw: 0)

Path: c:\windows\temp\0721818b-5ccc-4243-84a5-093517efdddd.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\windows\temp\c52e18df-2bd1-4c61-a620-c6c32c44b52a.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\eac2751b-99c0-47a0-8ca5-f2b22b835c9f.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\42ba7b65-1103-4e88-a880-3c6e96181154.tmp
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\45fa73ac-c424-46db-8c07-9eb68aaaa029.tmp
Status: Allocation size mismatch (API: 131072, Raw: 0)

Path: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\00x37hrj.default\sessionstore.js
Status: Size mismatch (API: 4117, Raw: 4355)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "a347bus.sys" at address 0xb9f8d028

#: 041 Function Name: NtCreateKey
Status: Hooked by "a347bus.sys" at address 0xb9f8cfe0

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "a347bus.sys" at address 0xb9f80b00

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "a347bus.sys" at address 0xb9f815dc

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "a347bus.sys" at address 0xb9f8d120

#: 116 Function Name: NtOpenFile
Status: Hooked by "a347bus.sys" at address 0xb9f80b40

#: 119 Function Name: NtOpenKey
Status: Hooked by "a347bus.sys" at address 0xb9f8cfa4

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xba4b1470

#: 160 Function Name: NtQueryKey
Status: Hooked by "a347bus.sys" at address 0xb9f815fc

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "a347bus.sys" at address 0xb9f8d076

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "a347bus.sys" at address 0xb9f8c550

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xba4b1520

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xba4b15c0

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys" at address 0xba4b1660

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x89d04270 Size: 11

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x89b4f008 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_READ]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_WRITE]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_EA]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_EA]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLEANUP]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x89b0bd98 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x89c38678 Size: 99

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x89e4cd08 Size: 11

Object: Hidden Code [Driver: Srv, IRP_MJ_READ]
Process: System Address: 0x88f59a20 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x89cc9af0 Size: 11

Object: Hidden Code [Driver: Npfsࠅఐ卆浩, IRP_MJ_READ]
Process: System Address: 0x89cffcd8 Size: 11

Object: Hidden Code [Driver: Msfs؅ఇ癁⩧, IRP_MJ_READ]
Process: System Address: 0x89d03cd0 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x89c9c370 Size: 11

Object: Hidden Code [Driver: CdfsЅః杇獬þ, IRP_MJ_READ]
Process: System Address: 0x89483fb0 Size: 11

==EOF==

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Ukoliko te ComboFix upita da li da instalira Recovery Console, dozvoli mu.


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.




Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.


Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.


Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

offline
  • Pridružio: 18 Apr 2009
  • Poruke: 34

mycity.rs/must-login.png



ComboFix 09-12-06.06 - Ivan 12/06/2009 20:36.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1466 [GMT 1:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\driver
c:\windows\system32\config\systemprofile\oashdihasidhasuidhiasdhiashdiuasdhasd

.
((((((((((((((((((((((((( Files Created from 2009-11-06 to 2009-12-06 )))))))))))))))))))))))))))))))
.

2009-12-06 16:04 . 2009-12-06 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\THQ
2009-12-06 16:00 . 2009-12-06 16:00 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Activision
2009-12-06 11:32 . 2009-12-06 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\POP3Profiles
2009-12-06 11:00 . 2009-12-06 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\POPWWPROFILES
2009-12-06 09:06 . 2009-12-06 09:06 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat
2009-12-06 08:48 . 2004-04-30 08:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-12-06 08:48 . 2004-04-30 08:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-12-06 08:48 . 2009-12-06 08:48 -------- d-----w- c:\program files\Alcohol Soft
2009-12-06 02:05 . 2009-12-06 02:05 75664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-06 02:05 . 2009-12-06 02:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-06 02:05 . 2009-12-06 02:05 -------- d-----w- c:\program files\MSBuild
2009-12-06 02:04 . 2009-12-06 02:04 -------- d-----w- c:\program files\Reference Assemblies
2009-12-06 02:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-06 02:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-06 02:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-06 02:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-06 02:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-06 02:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-06 02:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-06 02:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-06 02:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-06 01:31 . 2009-12-06 01:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-12-06 01:19 . 2009-12-06 01:19 -------- d-----r- C:\AHCache
2009-12-06 01:13 . 2008-10-26 04:48 2651951 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-12-06 01:13 . 2009-12-06 01:13 -------- d-----w- c:\program files\Uniblue
2009-12-06 01:07 . 2009-12-06 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-06 01:07 . 2009-12-06 01:13 -------- d-----w- c:\documents and settings\Ivan\Application Data\Uniblue
2009-12-05 08:26 . 2009-12-02 15:35 304408 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgaspmx.dll
2009-12-04 21:11 . 2009-05-26 18:30 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-12-04 19:17 . 2009-12-04 19:17 -------- d-----w- c:\program files\ATI
2009-12-04 19:15 . 2009-12-04 19:15 -------- d-----w- C:\ATI
2009-12-03 15:40 . 2009-12-03 15:40 -------- d-----w- c:\documents and settings\Ivan\Application Data\Ahead
2009-12-03 14:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-03 14:08 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 14:08 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-03 14:02 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 14:00 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 14:00 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 14:00 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 13:58 . 2008-04-14 19:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-03 13:57 . 2009-12-03 13:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-03 13:56 . 2009-12-03 13:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-03 13:56 . 2009-12-03 13:56 -------- d-----w- c:\windows\system32\LogFiles
2009-12-03 13:14 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-03 13:14 . 2009-12-04 10:34 -------- d--h--w- c:\windows\$hf_mig$
2009-12-02 21:23 . 2009-10-16 11:13 1115392 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2009-12-02 21:19 . 2009-12-06 19:23 -------- d-----w- c:\program files\a-squared Free
2009-12-02 20:58 . 2009-12-02 15:35 360584 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtdix.sys
2009-12-02 20:37 . 2009-12-02 15:35 877848 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.exe
2009-12-02 20:37 . 2009-12-02 15:35 610072 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgiproxy.exe
2009-12-02 20:37 . 2009-12-02 15:35 1657112 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2009-12-02 17:08 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-12-02 17:08 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-12-02 15:56 . 2009-12-02 15:56 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\AVG Security Toolbar
2009-12-02 14:51 . 2009-12-06 16:48 -------- d-----w- C:\Downloads
2009-12-02 14:51 . 2009-12-02 14:51 1032192 ----a-w- c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-12-02 14:51 . 2009-12-06 19:31 -------- d-----w- c:\program files\BitComet
2009-12-02 14:08 . 2009-12-02 14:08 1174 ----a-w- c:\windows\mozver.dat
2009-12-02 13:34 . 2009-12-02 13:34 -------- d-----w- c:\documents and settings\Ivan\Application Data\Talkback
2009-12-02 13:34 . 2009-12-02 13:34 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 13:34 . 2009-12-02 13:34 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Mozilla
2009-12-01 17:16 . 2004-07-09 03:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-12-01 17:16 . 2004-07-09 03:26 354816 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-01 17:16 . 2004-07-09 03:26 52096 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-01 17:16 . 2004-07-09 03:26 52096 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-12-01 17:16 . 2004-07-09 03:26 15104 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-01 17:16 . 2004-07-09 03:26 15104 ----a-w- c:\windows\system32\drivers\mpe.sys
2009-12-01 17:16 . 2004-07-09 03:26 11392 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-01 17:16 . 2004-07-09 03:26 11392 ----a-w- c:\windows\system32\drivers\bdasup.sys
2009-12-01 17:16 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe
2009-12-01 17:16 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2009-11-29 18:28 . 2009-11-29 18:28 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Identities
2009-11-29 15:46 . 2009-11-29 15:46 -------- d-----w- c:\documents and settings\Ivan\Application Data\Activision
2009-11-29 15:15 . 2009-11-29 15:15 152248 ----a-w- c:\windows\Osveta Besnog Pileta Uninstaller.exe
2009-11-28 16:38 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-11-28 16:38 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-28 16:38 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-11-28 16:38 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-28 16:38 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-11-28 16:38 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-28 16:37 . 2009-11-28 16:37 -------- d-----w- c:\program files\Blast! Entertainment Ltd
2009-11-28 16:21 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-11-28 16:21 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-28 16:21 . 2009-11-28 16:21 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 16:21 . 2009-11-28 16:21 -------- d-----w- c:\windows\SHELLNEW
2009-11-28 16:20 . 2009-11-28 16:20 -------- d-----w- c:\program files\Microsoft.NET
2009-11-28 16:05 . 2009-11-28 16:05 -------- d-----w- c:\windows\Logs
2009-11-28 14:23 . 2009-11-28 14:23 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-28 14:11 . 2009-11-28 14:11 -------- d-----w- c:\documents and settings\Ivan\Application Data\Logitech
2009-11-28 12:12 . 2009-11-28 12:12 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Musicmatch
2009-11-28 12:12 . 2009-12-04 07:44 -------- d-----w- c:\program files\MUSICMATCH
2009-11-28 12:11 . 2009-11-28 12:11 118784 ------r- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2009-11-28 12:11 . 2005-07-22 22:41 68864 ----a-w- c:\windows\system32\drivers\LMOUKE.sys
2009-11-28 12:11 . 2005-07-22 22:41 55040 ----a-w- c:\windows\system32\drivers\L8042MOU.SYS
2009-11-28 12:10 . 2005-08-04 01:42 258352 ----a-w- c:\windows\system32\unicows.dll
2009-11-28 12:10 . 2005-08-04 01:42 1060864 ----a-w- c:\windows\system32\MFC71.dll
2009-11-28 12:10 . 2005-08-04 01:42 1047552 ----a-w- c:\windows\system32\MFC71u.dll
2009-11-28 12:10 . 2009-11-28 12:10 -------- d-----w- c:\program files\Common Files\Logitech
2009-11-28 12:10 . 2009-11-28 12:11 -------- d-----w- c:\program files\Logitech
2009-11-28 12:10 . 2005-07-22 22:40 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-11-28 11:55 . 2005-02-08 11:12 2670592 ------w- c:\windows\UNNMP.exe
2009-11-28 11:53 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-11-28 11:53 . 2009-11-28 11:53 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 11:51 . 2005-02-17 10:21 2682880 ------w- c:\windows\UNNeroVision.exe
2009-11-28 11:51 . 2009-11-28 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-11-28 11:51 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-11-28 11:51 . 2004-07-09 08:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-11-28 11:51 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-11-28 11:51 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-11-28 11:51 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-11-28 11:51 . 2001-06-26 07:15 38912 ------w- c:\windows\system32\picn20.dll
2009-11-28 11:51 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-11-28 11:51 . 2009-11-28 11:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-28 11:51 . 2009-11-28 11:55 -------- d-----w- c:\program files\Ahead
2009-11-28 10:15 . 2009-12-02 17:08 -------- d-----w- c:\program files\PDFCreator
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\TimeAdjuster
2009-11-28 10:12 . 2009-11-28 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-28 10:11 . 2001-03-08 18:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-11-28 10:11 . 2009-11-28 10:12 -------- d-----w- c:\program files\CyberLink
2009-11-28 10:08 . 2009-12-06 18:45 -------- d-----w- c:\program files\PeerWeb DC++
2009-11-28 10:06 . 2009-11-29 22:13 -------- d-----w- c:\program files\Mv2Player
2009-11-28 10:04 . 2005-07-19 09:05 20576 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-28 10:04 . 2009-11-28 10:05 -------- d-----w- c:\program files\Winamp
2009-11-28 09:47 . 2009-11-28 09:47 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\GHISLER
2009-11-28 09:46 . 2009-11-28 09:46 -------- d-----w- c:\program files\totalcmd

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 11:29 . 2009-11-28 09:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 09:06 . 2009-12-06 09:06 16 ----a-w- c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
2009-12-06 09:06 . 2009-12-06 09:06 4 ----a-w- c:\documents and settings\Ivan\Application Data\avdrn.dat
2009-12-06 01:13 . 2009-12-06 01:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-12-04 09:35 . 2009-11-28 09:04 -------- d-----w- c:\program files\ASUS
2009-12-02 21:23 . 2009-12-02 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-12-02 20:58 . 2009-12-02 15:35 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-02 15:35 . 2009-12-02 15:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-02 15:35 . 2009-12-02 15:35 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2009-12-02 15:35 . 2009-12-02 15:35 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2009-12-02 15:35 . 2009-12-02 15:35 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-02 15:35 . 2009-12-02 15:35 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-02 15:35 . 2009-12-02 15:35 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2009-12-02 15:35 . 2009-12-02 15:35 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2009-12-02 15:35 . 2009-12-02 15:35 -------- d-----w- c:\program files\AVG
2009-12-02 15:35 . 2009-12-02 15:35 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-11-28 09:04 . 2009-11-28 09:04 0 ----a-w- c:\windows\system32\SET79.tmp
2009-11-28 09:00 . 2009-11-28 09:00 -------- d-----w- c:\program files\My Company Name
2009-11-27 22:04 . 2009-11-27 21:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-27 21:29 . 2009-11-27 21:29 -------- d-----w- c:\program files\microsoft frontpage
2009-11-27 21:27 . 2009-11-27 21:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-17 19:27 . 2009-11-28 09:15 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27 . 2009-11-28 09:15 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 19:27 . 2009-11-28 09:15 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27 . 2009-11-28 09:15 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27 . 2009-11-28 09:15 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27 . 2009-11-28 09:15 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 19:27 . 2009-11-28 09:15 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 19:27 . 2009-11-28 09:15 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:26 . 2009-11-28 09:15 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26 . 2009-11-28 09:15 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26 . 2009-11-28 09:15 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51 . 2009-11-28 09:15 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 12:48 . 2009-11-28 09:15 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-25 05:37 . 2008-04-14 19:42 667136 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 19:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 19:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-10-16 11:13 1115392 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-10-16 1115392]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-11-28 32768]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2009-12-02 2020120]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-11-28 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-11-28 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-02 15:35 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16529:TCP"= 16529:TCP:BitComet 16529 TCP
"16529:UDP"= 16529:UDP:BitComet 16529 UDP

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12/6/2009 9:48 AM 5248]
R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [12/2/2009 4:35 PM 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [12/2/2009 4:35 PM 161800]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/2/2009 4:35 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [12/2/2009 4:35 PM 360584]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/28/2009 10:07 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/28/2009 10:21 AM 17024]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/2/2009 10:19 PM 1858144]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [12/2/2009 4:35 PM 906520]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/2/2009 4:35 PM 285392]
R2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [12/2/2009 9:58 PM 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [12/2/2009 4:35 PM 5832712]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [12/2/2009 4:35 PM 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSDriver.sys [12/2/2009 4:35 PM 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSFilter.sys [12/2/2009 4:35 PM 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys [12/2/2009 4:35 PM 25736]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12/6/2009 9:48 AM 160640]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/28/2009 10:15 AM 1684736]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [12/2/2009 4:35 PM 30104]
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-NVIDIA Drivers - c:\windows\system32\nvuninst.exe UninstallGUI
AddRemove-Uniblue DriverScanner 2009 - c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe REMOVE=TRUE MODIFY=FALSE



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
Completion time: 2009-12-06 20:42
ComboFix-quarantined-files.txt 2009-12-06 19:41

Pre-Run: 81,664,368,640 bytes free
Post-Run: 81,643,589,632 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - DFA164628DC69964D196E4B99C289C9A

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\fjhdyfhsn.bat
c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
c:\documents and settings\Ivan\Application Data\avdrn.dat



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

offline
  • Pridružio: 18 Apr 2009
  • Poruke: 34

mycity.rs/must-login.png



ComboFix 09-12-07.07 - Ivan 12/08/2009 13:52.2.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1595 [GMT 1:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ivan\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\Ivan\Application Data\avdrn.dat"
"c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat"
"c:\windows\system32\fjhdyfhsn.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ivan\Application Data\avdrn.dat
c:\windows\system32\config\systemprofile\Application Data\fvgqad.dat
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((( Files Created from 2009-11-08 to 2009-12-08 )))))))))))))))))))))))))))))))
.

2009-12-07 11:21 . 2009-12-08 11:25 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-07 11:21 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-07 11:21 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-07 11:21 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-07 11:21 . 2009-12-07 11:21 -------- d-----w- c:\program files\Avira
2009-12-07 11:21 . 2009-12-07 11:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-07 00:20 . 2009-12-07 00:20 -------- d-----w- c:\documents and settings\Ivan\Application Data\Skinux
2009-12-07 00:14 . 2009-12-07 00:14 -------- d-----w- c:\program files\The Skins Factory
2009-12-06 16:04 . 2009-12-06 16:04 -------- d-----w- c:\documents and settings\All Users\Application Data\THQ
2009-12-06 16:00 . 2009-12-06 16:00 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Activision
2009-12-06 11:32 . 2009-12-06 11:32 -------- d-----w- c:\documents and settings\All Users\Application Data\POP3Profiles
2009-12-06 11:00 . 2009-12-08 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\POPWWPROFILES
2009-12-06 08:48 . 2004-04-30 08:37 160640 ----a-w- c:\windows\system32\drivers\a347bus.sys
2009-12-06 08:48 . 2004-04-30 08:33 5248 ----a-w- c:\windows\system32\drivers\a347scsi.sys
2009-12-06 08:48 . 2009-12-06 08:48 -------- d-----w- c:\program files\Alcohol Soft
2009-12-06 02:05 . 2009-12-06 02:05 75664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-06 02:05 . 2009-12-06 02:05 -------- d-----w- c:\windows\system32\XPSViewer
2009-12-06 02:05 . 2009-12-06 02:05 -------- d-----w- c:\program files\MSBuild
2009-12-06 02:04 . 2009-12-06 02:04 -------- d-----w- c:\program files\Reference Assemblies
2009-12-06 02:04 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2009-12-06 02:04 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-12-06 02:04 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-12-06 02:04 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-12-06 02:04 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-12-06 02:04 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-12-06 02:04 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2009-12-06 02:04 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-12-06 02:04 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-12-06 01:31 . 2009-12-06 01:31 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2009-12-06 01:13 . 2008-10-26 04:48 2651951 -c--a-w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}\DriverScanner_Setup.exe
2009-12-06 01:13 . 2009-12-06 01:13 -------- d-----w- c:\program files\Uniblue
2009-12-06 01:07 . 2009-12-06 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2009-12-06 01:07 . 2009-12-06 01:13 -------- d-----w- c:\documents and settings\Ivan\Application Data\Uniblue
2009-12-04 21:11 . 2009-05-26 18:30 73728 ----a-w- c:\windows\system32\RTNUninst32.dll
2009-12-04 19:17 . 2009-12-04 19:17 -------- d-----w- c:\program files\ATI
2009-12-04 19:15 . 2009-12-04 19:15 -------- d-----w- C:\ATI
2009-12-03 15:40 . 2009-12-03 15:40 -------- d-----w- c:\documents and settings\Ivan\Application Data\Ahead
2009-12-03 14:09 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-03 14:08 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-03 14:08 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-03 14:02 . 2008-10-24 11:21 455296 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-03 14:00 . 2009-08-04 15:13 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-03 14:00 . 2009-08-04 14:20 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-03 14:00 . 2009-08-04 14:20 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-12-03 13:58 . 2008-04-14 19:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2009-12-03 13:57 . 2009-12-03 13:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-12-03 13:56 . 2009-12-03 13:57 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-12-03 13:56 . 2009-12-03 13:56 -------- d-----w- c:\windows\system32\LogFiles
2009-12-03 13:14 . 2007-11-30 11:18 26488 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-03 13:14 . 2009-12-04 10:34 -------- d--h--w- c:\windows\$hf_mig$
2009-12-02 21:19 . 2009-12-06 19:23 -------- d-----w- c:\program files\a-squared Free
2009-12-02 17:08 . 2001-10-28 16:42 116224 ----a-w- c:\windows\system32\pdfcmnnt.dll
2009-12-02 17:08 . 1998-07-06 00:00 23552 ----a-w- c:\windows\system32\MSMPIDE.DLL
2009-12-02 15:35 . 2009-12-02 15:35 -------- d-----w- c:\program files\AVG
2009-12-02 15:35 . 2009-12-07 11:12 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2009-12-02 14:51 . 2009-12-08 12:38 -------- d-----w- C:\Downloads
2009-12-02 14:51 . 2009-12-02 14:51 1032192 ----a-w- c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
2009-12-02 14:51 . 2009-12-08 12:44 -------- d-----w- c:\program files\BitComet
2009-12-02 14:08 . 2009-12-02 14:08 1174 ----a-w- c:\windows\mozver.dat
2009-12-02 13:34 . 2009-12-02 13:34 -------- d-----w- c:\documents and settings\Ivan\Application Data\Talkback
2009-12-02 13:34 . 2009-12-02 13:34 0 ----a-w- c:\windows\nsreg.dat
2009-12-02 13:34 . 2009-12-02 13:34 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Mozilla
2009-12-01 17:16 . 2004-07-09 03:26 354816 -c--a-w- c:\windows\system32\dllcache\psisdecd.dll
2009-12-01 17:16 . 2004-07-09 03:26 354816 ----a-w- c:\windows\system32\psisdecd.dll
2009-12-01 17:16 . 2004-07-09 03:26 52096 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2009-12-01 17:16 . 2004-07-09 03:26 52096 ----a-w- c:\windows\system32\drivers\msdv.sys
2009-12-01 17:16 . 2004-07-09 03:26 15104 -c--a-w- c:\windows\system32\dllcache\mpe.sys
2009-12-01 17:16 . 2004-07-09 03:26 15104 ----a-w- c:\windows\system32\drivers\mpe.sys
2009-12-01 17:16 . 2004-07-09 03:26 11392 -c--a-w- c:\windows\system32\dllcache\bdasup.sys
2009-12-01 17:16 . 2004-07-09 03:26 11392 ----a-w- c:\windows\system32\drivers\bdasup.sys
2009-12-01 17:16 . 2002-12-11 23:14 46592 ----a-w- c:\windows\system32\dxdllreg.exe
2009-12-01 17:16 . 2002-08-29 02:41 31744 -c--a-w- c:\windows\system32\dllcache\pid.dll
2009-11-29 18:28 . 2009-11-29 18:28 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Identities
2009-11-29 15:46 . 2009-11-29 15:46 -------- d-----w- c:\documents and settings\Ivan\Application Data\Activision
2009-11-29 15:15 . 2009-11-29 15:15 152248 ----a-w- c:\windows\Osveta Besnog Pileta Uninstaller.exe
2009-11-28 16:38 . 2006-12-08 11:02 251672 ----a-w- c:\windows\system32\xactengine2_5.dll
2009-11-28 16:38 . 2007-04-04 17:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
2009-11-28 16:38 . 2007-03-05 11:42 15128 ----a-w- c:\windows\system32\x3daudio1_1.dll
2009-11-28 16:38 . 2006-11-29 12:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-11-28 16:38 . 2006-09-28 15:05 237848 ----a-w- c:\windows\system32\xactengine2_4.dll
2009-11-28 16:38 . 2006-09-28 15:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2009-11-28 16:37 . 2009-11-28 16:37 -------- d-----w- c:\program files\Blast! Entertainment Ltd
2009-11-28 16:21 . 2003-06-18 16:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
2009-11-28 16:21 . 2003-06-18 16:31 17920 ----a-w- c:\windows\system32\mdimon.dll
2009-11-28 16:21 . 2009-11-28 16:21 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-11-28 16:21 . 2009-11-28 16:21 -------- d-----w- c:\windows\SHELLNEW
2009-11-28 16:20 . 2009-11-28 16:20 -------- d-----w- c:\program files\Microsoft.NET
2009-11-28 16:05 . 2009-11-28 16:05 -------- d-----w- c:\windows\Logs
2009-11-28 14:23 . 2009-11-28 14:23 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-28 12:12 . 2009-11-28 12:12 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\Musicmatch
2009-11-28 12:12 . 2009-12-04 07:44 -------- d-----w- c:\program files\MUSICMATCH
2009-11-28 12:10 . 2009-12-07 15:25 -------- d-----w- c:\program files\Logitech
2009-11-28 12:10 . 2005-07-22 22:40 13440 ----a-w- c:\windows\system32\drivers\L8042Kbd.sys
2009-11-28 11:55 . 2005-02-08 11:12 2670592 ------w- c:\windows\UNNMP.exe
2009-11-28 11:53 . 2001-07-09 10:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2009-11-28 11:53 . 2009-11-28 11:53 -------- d-----w- c:\program files\Common Files\Nero
2009-11-28 11:51 . 2005-02-17 10:21 2682880 ------w- c:\windows\UNNeroVision.exe
2009-11-28 11:51 . 2009-11-28 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2009-11-28 11:51 . 2004-07-26 16:16 471040 ------w- c:\windows\system32\ImagXRA7.dll
2009-11-28 11:51 . 2004-07-09 08:43 364544 ------w- c:\windows\system32\TwnLib4.dll
2009-11-28 11:51 . 2004-07-26 16:16 476320 ------w- c:\windows\system32\ImagXpr7.dll
2009-11-28 11:51 . 2004-07-26 16:16 262144 ------w- c:\windows\system32\ImagXR7.dll
2009-11-28 11:51 . 2004-07-26 16:16 1568768 ------w- c:\windows\system32\ImagX7.dll
2009-11-28 11:51 . 2001-06-26 07:15 38912 ------w- c:\windows\system32\picn20.dll
2009-11-28 11:51 . 2000-06-26 10:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2009-11-28 11:51 . 2009-11-28 11:51 -------- d-----w- c:\program files\Common Files\Ahead
2009-11-28 11:51 . 2009-11-28 11:55 -------- d-----w- c:\program files\Ahead
2009-11-28 10:15 . 2009-12-02 17:08 -------- d-----w- c:\program files\PDFCreator
2009-11-28 10:13 . 2009-11-28 10:13 -------- d-----w- c:\program files\TimeAdjuster
2009-11-28 10:12 . 2009-11-28 10:12 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink
2009-11-28 10:11 . 2001-03-08 18:30 24064 ------w- c:\windows\system32\msxml3a.dll
2009-11-28 10:11 . 2009-11-28 10:12 -------- d-----w- c:\program files\CyberLink
2009-11-28 10:08 . 2009-12-08 12:37 -------- d-----w- c:\program files\PeerWeb DC++
2009-11-28 10:06 . 2009-11-29 22:13 -------- d-----w- c:\program files\Mv2Player
2009-11-28 10:04 . 2005-07-19 09:05 20576 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-11-28 10:04 . 2009-11-28 10:05 -------- d-----w- c:\program files\Winamp
2009-11-28 09:47 . 2009-11-28 09:47 -------- d-----w- c:\documents and settings\Ivan\Local Settings\Application Data\GHISLER
2009-11-28 09:46 . 2009-11-28 09:46 -------- d-----w- c:\program files\totalcmd
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\UC.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\RAR.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\PKZIP.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\PKUNZIP.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\NOCLOSE.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\LHA.PIF
2009-11-28 09:46 . 2005-05-31 05:53 545 ----a-w- c:\windows\ARJ.PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 11:29 . 2009-11-28 09:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-06 01:13 . 2009-12-06 01:12 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{D5ABFFAD-D592-4F98-B02B-587125B4801F}
2009-12-04 09:35 . 2009-11-28 09:04 -------- d-----w- c:\program files\ASUS
2009-11-28 09:04 . 2009-11-28 09:04 0 ----a-w- c:\windows\system32\SET79.tmp
2009-11-28 09:00 . 2009-11-28 09:00 -------- d-----w- c:\program files\My Company Name
2009-11-27 22:04 . 2009-11-27 21:28 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-11-27 21:29 . 2009-11-27 21:29 -------- d-----w- c:\program files\microsoft frontpage
2009-11-27 21:27 . 2009-11-27 21:27 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-17 19:27 . 2009-11-28 09:15 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2009-11-17 19:27 . 2009-11-28 09:15 358944 ----a-w- c:\windows\vncutil.exe
2009-11-17 19:27 . 2009-11-28 09:15 1833504 ----a-w- c:\windows\SkyTel.exe
2009-11-17 19:27 . 2009-11-28 09:15 1489440 ----a-w- c:\windows\RtlUpd.exe
2009-11-17 19:27 . 2009-11-28 09:15 9721888 ----a-w- c:\windows\RTLCPL.EXE
2009-11-17 19:27 . 2009-11-28 09:15 48672 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2009-11-17 19:27 . 2009-11-28 09:15 129568 ----a-w- c:\windows\RtkAudioService.exe
2009-11-17 19:27 . 2009-11-28 09:15 18789408 ----a-w- c:\windows\RTHDCPL.EXE
2009-11-17 19:26 . 2009-11-28 09:15 2177568 ----a-w- c:\windows\MicCal.exe
2009-11-17 19:26 . 2009-11-28 09:15 64032 ----a-w- c:\windows\ALCMTR.EXE
2009-11-17 19:26 . 2009-11-28 09:15 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2009-11-17 18:51 . 2009-11-28 09:15 5956608 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2009-11-02 12:48 . 2009-11-28 09:15 831488 ----a-w- c:\windows\RtlExUpd.dll
2009-09-25 05:37 . 2008-04-14 19:42 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2008-04-14 19:41 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2008-04-14 19:42 136192 ----a-w- c:\windows\system32\msv1_0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-09 13680640]
"nwiz"="nwiz.exe" [2009-02-09 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-09 86016]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-04-13 49152]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PeerWeb DC++\\PeerWeb DC++.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"16529:TCP"= 16529:TCP:BitComet 16529 TCP
"16529:UDP"= 16529:UDP:BitComet 16529 UDP

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [12/6/2009 9:48 AM 5248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/28/2009 10:07 AM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/28/2009 10:21 AM 17024]
R2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [12/2/2009 10:19 PM 1858144]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [12/7/2009 12:21 PM 108289]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HDThemeEnabler.exe [7/23/2008 8:27 PM 106496]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
S0 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [12/6/2009 9:48 AM 160640]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/28/2009 10:15 AM 1684736]
.
------- Supplementary Scan -------
.
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=
FF - component: c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\00x37hrj.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\components\IBitCometExtension.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-12-08 13:55
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
Completion time: 2009-12-08 13:56
ComboFix-quarantined-files.txt 2009-12-08 12:56

Pre-Run: 83,048,017,920 bytes free
Post-Run: 83,053,826,048 bytes free

- - End Of File - - 003C6AB9CF28AECFE7FF5DF7CE22A3F7

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Da li si igrao neke igrice pre pokretanja ComboFix_a?

offline
  • Pridružio: 18 Apr 2009
  • Poruke: 34

Pre samog pokretanja ne,u toku dana da

offline
  • Pridružio: 04 Jan 2009
  • Poruke: 2168

Onda je sve ok.

Isprati još sledeće...


Potrebno je deinstalirati ComboFix:
klikni start (ili ), a zatim RUN.

Na Visti koristiti Start Search polje ukoliko Run nije dostupan.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

ComboFix /Uninstall

Primeti da postoji razmak između "ComboFix" i "/Uninstall".



a zatim klikni OK (ili pritisni Enter).


Sačekaj da se proces deinstalacije završi.

Ko je trenutno na forumu
 

Ukupno su 910 korisnika na forumu :: 64 registrovanih, 3 sakrivenih i 843 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: 357magnum, _Rade, A.R.Chafee.Jr., Arsenije, Ben Roj, bojank, Boris90, brundo65, cikadeda, Dannyboy, darkojbn, dejankm, doloress, dulleo, Filip Marinković, gomago, helen1, HrcAk47, hyla, ILGromovnik, Ivica1102, JOntra, kosticmilanko, Kristian_KG, kunktator, kuntalo, Lazarus, Leonardo, Lošmi, mane123, Miki01, mikrimaus, Milan A. Nikolic, Motocar, nenad81, nenad_l, ObelixSRB, opt1, pacika, Panter, Paor, Parker, pedja.st, pein, randja26, Recce, rikirubio, robert1979, SerbFlippy, sickmouse, slonic_tonic, sovanova95, Steeeefan, styg, Suva planina, theNedjeljko, upitnik, Van, vaso1, Vatrogasaccc, vobo, Vule, Yonesky, zlaya011