MyCity » Ambulanta -> Arhiva Ambulante » Kako se riješiti .exe datoteka kod starta Windowsa?

Kako se riješiti .exe datoteka kod starta Windowsa?

Napisano na dan: 10.10.2008

Strana:
1
2

Kako se riješiti .exe datoteka kod starta Windowsa?

Sledeća strana

Pagination

Odgovori

Strana:
1
2

dreamer050 Poslao: 10 Okt 2008 10:38 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:23:20, on 10/10/2008 Platform: Windows XP SP3, v.3264 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.3264) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\Program Files\PowerISO\PWRISOVM.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Natasa\Desktop\Ambulanta\NT5.exe.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = runonce.msn.com/?v=msgrv75 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: P2P Energy Toolbar - {2bae58c2-79f9-45d1-a286-81f911301c3a} - C:\Program Files\P2P_Energy\tbP2P_.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [99629] C:\WINDOWS/99629.exe O4 - HKCU\..\Run: [86207] C:\WINDOWS/86207.exe O4 - HKCU\..\Run: [XPRepairPro2007] C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe /r O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Multiply AutoUploader.lnk = C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{B1E0C12E-02AA-44FA-AFB8-94491A941835}: NameServer = 195.29.149.197 195.29.149.196 O20 - Winlogon Notify: ljJYSliG - ljJYSliG.dll (file missing) O20 - Winlogon Notify: __c002E4 - C:\WINDOWS\ O20 - Winlogon Notify: __c006EC62 - C:\WINDOWS\ O20 - Winlogon Notify: __c00A1A3C - C:\WINDOWS\ O20 - Winlogon Notify: __c00AE884 - C:\WINDOWS\ O20 - Winlogon Notify: __c00FCD4B - C:\WINDOWS\ O21 - SSODL: monapl - {548A5D7A-ACD7-B822-C4C0-0BE7F3A93F74} - C:\Program Files\agxajxb\monapl.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 5874 bytes Prije nekoliko tjedana instalirala sam "na novo" Windows XP pro sa SP3. Od onda mi kompjuter radi čudno. Kod paljenja kompjutera pojavljuju se dva prozora .exe datoteka: Windows Wash i Utorrent Browser (čini mi se), i traže instalaciju. Nakon što kliknem na "no" i potvrdim - prozori nestaju i ne pojavljuju se više do sljedećeg paljenja kompjutera, ili restarta. Je li riječ o spybotima ili adawerima? Skenirala sam kompjuter sa Spybot- Search & Distroy 1.6 programom i Ad Awareom, ali nije pomoglo. Ni skeniranje Nod-om nije pomoglo. Osim toga, od instalacije Windowsa na ovamo, ne radi kako valja Outlook Express. Naime, kod otvaranja Outlooka pojavljuje se prozor o slanju maila (kojeg nema u Outlooku), a ne primaju se novi mailovi. Onda se javi obavjest o greški (prevelik mail), ja kliknem na "stop", Outlok preuzme dva do tri maila od servera i pokaže "error" prozor i diskonektira se. Je li riječ o pogreškama u instalaciji Windowsa? Moram li ih reinstalirati? Zahvaljujem na svakoj pomoći i savjetu! Za spajanje na internet koristim se modemom, tj. dsl konekcijom. Srdačan pozdrav i ugodan dan!

Profil

bobby Poslao: 10 Okt 2008 13:08 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav, Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dreamer050 Poslao: 10 Okt 2008 18:34 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Krećem! Hvala! Dopuna: 10 Okt 2008 18:34 E, pa, ja se stvarno nadam da sam ovo dobro napravila. To je neki dug log i valjda neće zauzeti previše mjesta... ComboFix 08-10-09.06 - Natasa 2008-10-10 18:21:38.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.660 [GMT 2:00] Running from: C:\Documents and Settings\Natasa\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Natasa\Application Data\inst.exe C:\WINDOWS\12525.exe C:\WINDOWS\83892.exe C:\WINDOWS\86207.exe C:\WINDOWS\BMf3be6f83.txt C:\WINDOWS\BMf3be6f83.xml C:\WINDOWS\msnimport.exe C:\WINDOWS\system32\anpkimru.dll C:\WINDOWS\system32\awtqnnlK.dll C:\WINDOWS\system32\barcyqvv.ini C:\WINDOWS\system32\dayajrho.dll C:\WINDOWS\system32\dqeeixrq.dll C:\WINDOWS\system32\drivers\npf.sys C:\WINDOWS\system32\eWebControl.dll C:\WINDOWS\system32\jPXGMnnn.ini C:\WINDOWS\system32\jPXGMnnn.ini2 C:\WINDOWS\system32\kirhjbxc.ini C:\WINDOWS\system32\packet.dll C:\WINDOWS\system32\ptvvopdl.ini C:\WINDOWS\system32\wpcap.dll C:\WINDOWS\system32\xapetwwx.ini . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))) . 2008-10-10 09:12 . 2008-10-10 09:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-10 09:06 . 2008-10-10 09:08 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-10-09 10:07 . 2008-10-09 11:32 <DIR> d-------- C:\Program Files\Error Repair Professional 2008-10-08 22:07 . 2008-10-08 22:10 <DIR> d-------- C:\Program Files\hdclone.3.6.2.pe.en 2008-10-08 17:44 . 2008-10-08 17:44 <DIR> d--h----- C:\WINDOWS\Icons 2008-10-08 02:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-08 02:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-10-08 02:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-08 02:22 . 2008-10-08 02:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-10-08 02:17 . 2008-10-08 02:17 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\MSNInstaller 2008-10-08 02:12 . 2008-10-08 02:22 <DIR> d-------- C:\Program Files\Windows Live 2008-10-08 02:06 . 2008-10-08 02:06 <DIR> d-------- C:\Program Files\EZ Boosters 2008-10-07 15:51 . 2008-10-07 15:51 <DIR> d-------- C:\Program Files\SolSuite 2008-10-07 15:51 . 2008-10-07 22:07 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\SolSuite 2008-10-07 13:51 . 2008-10-07 13:56 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\vlc 2008-10-07 13:50 . 2008-10-07 13:50 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-07 10:55 . 2008-10-07 10:55 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-10-07 10:55 . 2008-10-07 10:55 <DIR> d-------- C:\Program Files\AnswersThatWork 2008-10-07 10:55 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll 2008-10-07 10:55 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll 2008-10-07 10:55 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll 2008-10-07 10:55 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll 2008-10-07 10:55 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll 2008-10-07 10:55 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx 2008-10-07 10:50 . 2008-10-07 10:50 <DIR> d-------- C:\BootBkup 2008-10-07 10:48 . 2008-10-07 10:48 <DIR> d-------- C:\Program Files\My BootDisk 2008-10-07 09:43 . 2008-10-07 14:26 <DIR> d-------- C:\Program Files\MagicISO 2008-10-03 04:47 . 2008-10-03 04:47 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\HEXelon 2008-10-03 04:45 . 2008-10-03 04:54 <DIR> d-------- C:\Program Files\TC UP 2008-10-03 04:33 . 2008-10-03 04:33 <DIR> d-------- C:\Program Files\PowerISO 2008-10-03 03:59 . 2008-10-03 04:02 <DIR> d-------- C:\Program Files\WMR11 2008-10-03 03:36 . 2008-10-03 03:44 34 --a------ C:\WINDOWS\system32\oeminfo.ini 2008-10-03 01:46 . 2008-10-03 01:46 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-02 03:08 . 2008-10-02 03:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-10-02 03:08 . 2008-10-02 03:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-10-01 05:05 . 2008-10-01 05:06 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-01 05:05 . 2008-10-01 05:05 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-01 05:05 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-30 23:48 . 2008-09-30 23:48 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sforezql 2008-09-30 23:17 . 2008-09-30 23:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\idkfwdcf 2008-09-30 22:46 . 2008-09-30 22:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ozetwhkv 2008-09-30 22:18 . 2008-09-30 22:18 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2008-09-30 22:16 . 2008-09-30 22:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\gxwdqvwz 2008-09-30 21:49 . 2008-10-08 02:21 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-09-30 21:46 . 2008-10-08 02:07 <DIR> d-------- C:\Documents and Settings\Natasa\Tracing 2008-09-30 21:45 . 2008-09-30 21:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avojaxcl 2008-09-30 21:14 . 2008-09-30 21:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ujsjcbcp 2008-09-30 20:44 . 2008-09-30 20:44 <DIR> d-------- C:\Program Files\agxajxb 2008-09-30 20:44 . 2008-09-30 20:44 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ohczchgx 2008-09-30 20:42 . 2008-09-30 20:42 39,908 --a------ C:\WINDOWS\system32\drivers\TDSSserv.sys.vir 2008-09-30 17:49 . 2008-09-30 17:49 <DIR> d-------- C:\Program Files\P2P_Energy 2008-09-30 17:49 . 2008-09-30 17:49 <DIR> d-------- C:\Program Files\Conduit 2008-09-30 17:38 . 1997-03-20 21:01 114,688 --a------ C:\WINDOWS\CABARC.EXE 2008-09-30 17:38 . 2005-10-11 23:22 4 --a------ C:\WINDOWS\TrialAvatarGirl.mco.cer 2008-09-30 17:38 . 2005-10-11 23:21 4 --a------ C:\WINDOWS\TrialAvatarBoy.mco.cer 2008-09-30 17:26 . 2008-09-30 17:26 <DIR> d-------- C:\Program Files\MSN Content Plus 2008-09-30 17:26 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-09-30 17:26 . 1997-03-20 21:01 65,536 --a------ C:\WINDOWS\CABINET.DLL 2008-09-30 17:13 . 2008-09-30 17:13 <DIR> d-------- C:\Program Files\Real 2008-09-30 17:13 . 2008-10-03 03:04 <DIR> d-------- C:\Program Files\MSN Messenger 2008-09-30 09:52 . 2008-09-30 09:53 <DIR> d-------- C:\Program Files\FOX Video Studio 2008-09-30 09:52 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll 2008-09-30 09:52 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll 2008-09-30 09:52 . 2008-09-30 09:52 81,920 --a------ C:\Documents and Settings\Natasa\Application Data\ezpinst.exe 2008-09-30 01:48 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-09-30 01:48 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-09-30 01:48 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll 2008-09-30 01:48 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-09-30 01:48 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-09-30 01:48 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-09-30 01:48 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-09-30 01:47 . 2008-10-09 11:01 <DIR> d-------- C:\Program Files\VSO 2008-09-30 01:47 . 2008-10-09 10:01 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Vso 2008-09-30 01:47 . 2008-09-30 01:47 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys 2008-09-30 01:47 . 2008-09-30 01:47 94,208 --a------ C:\Documents and Settings\Natasa\Application Data\ezplay.sys 2008-09-30 01:47 . 2008-09-30 01:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-30 01:47 . 2008-10-09 10:01 47,360 --a------ C:\Documents and Settings\Natasa\Application Data\pcouffin.sys 2008-09-29 07:44 . 2008-09-29 07:44 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-09-28 21:13 . 2008-09-28 21:13 72,704 --a------ C:\winupdate.exe.vir 2008-09-26 19:46 . 2008-09-22 19:06 5,864,753 --a------ C:\WINDOWS\99629.exe 2008-09-25 03:37 . 2008-09-25 03:37 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Ulead Systems 2008-09-25 03:09 . 2008-09-25 03:09 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\DriveHQ 2008-09-25 03:09 . 2008-09-25 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ 2008-09-25 00:41 . 2008-09-25 02:37 170 --a------ C:\WINDOWS\WaterIllusion.ini 2008-09-24 20:28 . 2008-09-24 20:28 <DIR> d-------- C:\Program Files\GetDiz 2008-09-24 20:28 . 2008-09-24 20:28 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Outertech 2008-09-24 20:02 . 2008-09-24 20:03 250,690,849 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.part0.edf 2008-09-24 20:02 . 2008-09-24 20:03 12,884 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.edi 2008-09-24 20:02 . 2008-09-24 20:02 45 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.edp 2008-09-24 19:59 . 2008-09-24 19:59 <DIR> d-------- C:\Program Files\EASEUS 2008-09-24 19:56 . 2008-09-24 19:56 <DIR> d-------- C:\Program Files\Active Data Recovery Services 2008-09-24 19:52 . 2008-10-07 15:51 <DIR> d-------- C:\Program Files\CCleaner 2008-09-24 19:44 . 2008-09-24 19:44 <DIR> d-------- C:\Program Files\Corel 2008-09-24 19:44 . 2008-09-24 19:45 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-09-24 19:44 . 2008-09-24 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-24 19:39 . 2008-09-24 19:39 <DIR> d-------- C:\Program Files\Photodex 2008-09-24 19:39 . 2008-09-24 19:39 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Netscape 2008-09-24 19:38 . 2008-09-24 19:38 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Photodex 2008-09-24 19:37 . 2008-09-24 19:37 <DIR> d-------- C:\Program Files\DynamicPhotoHDR 2008-09-24 19:22 . 2008-09-24 19:22 <DIR> d-------- C:\Program Files\Photo Effect Studio 2008-09-24 19:18 . 2008-09-24 19:18 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\ArcSoft 2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d-------- C:\Program Files\IWIN 2008-09-24 18:40 . 2008-09-24 18:40 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\iolo 2008-09-24 18:40 . 2008-09-24 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-24 18:36 . 2008-09-24 18:36 <DIR> d-------- C:\Program Files\ArcSoft 2008-09-24 18:36 . 2008-09-26 03:18 2,870 --a------ C:\WINDOWS\photoimpression.ini 2008-09-24 18:36 . 2001-06-20 10:09 21 --a------ C:\WINDOWS\PI_setup.ini 2008-09-24 18:19 . 2008-10-07 14:30 <DIR> d-------- C:\Program Files\Nufsoft 2008-09-24 18:11 . 2008-09-24 18:15 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\MahJong Suite 2008-09-24 18:11 . 2008-10-07 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-09-24 18:10 . 2008-09-24 18:10 <DIR> d-------- C:\Program Files\MahJong Suite 2008-09-24 18:05 . 2008-09-24 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX 2008-09-24 18:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-09-24 18:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-09-24 18:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-09-24 18:05 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-09-24 18:05 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2008-09-24 18:04 . 2008-09-24 18:05 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared 2008-09-24 18:03 . 2008-09-30 11:54 <DIR> d-------- C:\WINDOWS\system32\MAGIX 2008-09-24 18:03 . 2008-09-24 18:05 <DIR> d-------- C:\Program Files\MAGIX 2008-09-24 18:03 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2008-09-24 18:03 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll 2008-09-24 18:03 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2008-09-24 18:03 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2008-09-24 18:03 . 2008-09-24 18:05 5,817 --a------ C:\WINDOWS\mgxoschk.ini . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-10 16:24 --------- d-----w C:\Program Files\QuickTime 2008-10-10 16:24 --------- d-----w C:\Program Files\ImageTasks 2008-10-10 16:24 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-10-10 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-10 05:55 --------- d-----w C:\Documents and Settings\Natasa\Application Data\uTorrent 2008-10-09 07:59 --------- d-----w C:\Program Files\PhotoPerfect 2008-10-09 07:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-08 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-08 00:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-08 00:21 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-07 21:40 --------- d-----w C:\Program Files\VstPlugins 2008-10-07 13:52 --------- d-----w C:\Program Files\Google 2008-10-07 12:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-07 12:25 --------- d-----w C:\Program Files\Image-Line 2008-10-07 12:24 --------- d-----w C:\Program Files\Ashampoo 2008-10-07 08:17 --------- d-----w C:\Documents and Settings\Natasa\Application Data\Ashampoo 2008-10-07 01:43 --------- d-----w C:\Documents and Settings\Natasa\Application Data\LimeWire 2008-10-06 15:59 26 ----a-w C:\Program Files\sn.txt 2008-10-03 01:04 --------- d-----w C:\Program Files\uTorrent 2008-10-02 01:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-30 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-30 19:29 --------- d-----w C:\Program Files\LimeWire 2008-09-30 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-24 18:29 --------- d-----w C:\Program Files\MumboJumbo 2008-09-09 19:41 --------- d-----w C:\Documents and Settings\Natasa\Application Data\Panasonic 2008-09-09 19:34 --------- d-----w C:\Program Files\Panasonic 2008-09-09 19:32 --------- d-----w C:\Documents and Settings\Natasa\Application Data\InstallShield 2008-09-09 17:42 --------- d-----w C:\Program Files\PhotoScape 2008-08-29 13:48 --------- d-----w C:\Documents and Settings\Natasa\Application Data\DivX 2008-08-26 16:30 --------- d-----w C:\Program Files\ASIO4ALL v2 2008-08-26 16:26 --------- d-----w C:\Program Files\Outsim 2008-08-26 16:06 --------- d-----w C:\Program Files\MGI 2008-08-22 15:39 --------- d-----w C:\Program Files\Apple Software Update 2008-08-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-08-21 22:05 --------- d-----w C:\Program Files\Multiply 2008-08-21 22:05 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-08-21 22:05 --------- d-----w C:\Documents and Settings\Natasa\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1 2008-08-11 11:12 --------- d-----w C:\Program Files\XP Repair Pro 2007 2008-07-20 20:36 50,192 ----a-w C:\Documents and Settings\Natasa\Application Data\GDIPFONTCACHEV1.DAT . Files Infected - Patched C:\Program Files\ImageTasks\ImageTasksHelper.exe ... hex repaired C:\Program Files\QuickTime\QTTask.exe ... hex repaired C:\Program Files\Advanced System Optimizer\wallpaper.exe ... hex repaired . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2008-09-15 06:47 1784856 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "99629"="C:\WINDOWS/99629.exe" [2008-09-22 5864753] "XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 1023624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "BluetoothAuthenticationAgent"="bthprops.cpl" [2007-12-01 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\Natasa\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Multiply AutoUploader.lnk - C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe [2008-08-22 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "monapl"= {548A5D7A-ACD7-B822-C4C0-0BE7F3A93F74} - C:\Program Files\agxajxb\monapl.dll [2008-09-30 155648] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk] backup=C:\WINDOWS\pss\Auto run of VideoCam Suite 1.0.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageTasksHelper] --a------ 2008-10-10 18:24 370176 C:\Program Files\ImageTasks\ImageTasksHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-10-10 18:24 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer] --a------ 2008-10-10 18:24 151280 C:\Program Files\Advanced System Optimizer\wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] --a------ 2006-10-04 15:41 86016 C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\Trayserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --a------ 2007-08-02 21:08 95504 C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007] --a------ 2007-07-04 04:51 1023624 C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-12-01 14336] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-01 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-03 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17] 2008-08-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) HKCU-Run-86207 - C:\WINDOWS/86207.exe Notify-ljJYSliG - ljJYSliG.dll Notify-WgaLogon - (no file) Notify-__c002E4 - (no file) Notify-__c006EC62 - (no file) Notify-__c00A1A3C - (no file) Notify-__c00AE884 - (no file) Notify-__c00FCD4B - (no file) MSConfigStartUp-Transaction Interface - sdehost.exe . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Natasa\Application Data\Mozilla\Firefox\Profiles\ukbc69b7.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-10 18:26:43 Windows 5.1.2600 Service Pack 3, v.3264 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\bgsvcgen.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Photodex\ProShowGold\scsiaccess.exe . ************************************************************************ . Completion time: 2008-10-10 18:29:00 - machine was rebooted ComboFix-quarantined-files.txt 2008-10-10 16:28:57 Pre-Run: 31,212,654,592 bytes free Post-Run: 31,123,677,184 bytes free 334 --- E O F --- 2008-10-02 23:50:05 POZDRAV!

Profil

bobby Poslao: 10 Okt 2008 21:34 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: C:\WINDOWS\system32\drivers\TDSSserv.sys.vir C:\winupdate.exe.vir C:\WINDOWS\99629.exe Folder:: C:\Documents and Settings\All Users\Application Data\sforezql C:\Documents and Settings\All Users\Application Data\idkfwdcf C:\Documents and Settings\All Users\Application Data\ozetwhkv C:\Documents and Settings\All Users\Application Data\gxwdqvwz C:\Documents and Settings\All Users\Application Data\avojaxcl C:\Documents and Settings\All Users\Application Data\ujsjcbcp C:\Documents and Settings\All Users\Application Data\ohczchgx C:\Program Files\agxajxb\ Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "99629"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] "monapl"=- Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

dreamer050 Poslao: 10 Okt 2008 22:39 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Kako se snima file iz Notepada kao "CFScript"? Šta je to? Uh, oprostite, ali stvarno ne znam.... Žao mi je...

Profil

bobby Poslao: 10 Okt 2008 22:49 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Odes na menij File, pa odaberes opciju Save As Kada se otvori dijalog za snimanje fajla, imas dole polje u koje treba da ukucas CFScript, pa onda kliknes OK.

Profil

dreamer050 Poslao: 10 Okt 2008 23:14 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Joj, puno vam hvala! Evo, odoh ja odmah probati... Dopuna: 10 Okt 2008 23:14 Evo, izvolite... Malo mi je više vremena trebalo, ali JESAM! Još jednom hvala na preciznim i jednostavnim uputama! ComboFix 08-10-10.01 - Natasa 2008-10-10 23:05:02.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.631 [GMT 2:00] Running from: C:\Documents and Settings\Natasa\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Natasa\Desktop\CFScript.txt * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: C:\WINDOWS\99629.exe C:\WINDOWS\system32\drivers\TDSSserv.sys.vir C:\winupdate.exe.vir . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\avojaxcl C:\Documents and Settings\All Users\Application Data\gxwdqvwz C:\Documents and Settings\All Users\Application Data\idkfwdcf C:\Documents and Settings\All Users\Application Data\ohczchgx C:\Documents and Settings\All Users\Application Data\ozetwhkv C:\Documents and Settings\All Users\Application Data\sforezql C:\Documents and Settings\All Users\Application Data\ujsjcbcp C:\Program Files\agxajxb\ C:\Program Files\agxajxb\\monapl.dll C:\WINDOWS\99629.exe C:\WINDOWS\system32\drivers\TDSSserv.sys.vir C:\winupdate.exe.vir . ((((((((((((((((((((((((( Files Created from 2008-09-10 to 2008-10-10 ))))))))))))))))))))))))))))))) . 2008-10-10 23:04 . 2008-10-10 23:04 <DIR> d-------- C:\ERDNT 2008-10-10 09:12 . 2008-10-10 09:12 <DIR> d-------- C:\Program Files\Trend Micro 2008-10-10 09:06 . 2008-10-10 09:08 <DIR> d-------- C:\Program Files\SpywareBlaster 2008-10-09 10:07 . 2008-10-09 11:32 <DIR> d-------- C:\Program Files\Error Repair Professional 2008-10-08 22:07 . 2008-10-08 22:10 <DIR> d-------- C:\Program Files\hdclone.3.6.2.pe.en 2008-10-08 17:44 . 2008-10-08 17:44 <DIR> d--h----- C:\WINDOWS\Icons 2008-10-08 02:23 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll 2008-10-08 02:23 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll 2008-10-08 02:23 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui 2008-10-08 02:22 . 2008-10-08 02:22 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller 2008-10-08 02:17 . 2008-10-08 02:17 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\MSNInstaller 2008-10-08 02:12 . 2008-10-08 02:22 <DIR> d-------- C:\Program Files\Windows Live 2008-10-08 02:06 . 2008-10-08 02:06 <DIR> d-------- C:\Program Files\EZ Boosters 2008-10-07 15:51 . 2008-10-07 15:51 <DIR> d-------- C:\Program Files\SolSuite 2008-10-07 15:51 . 2008-10-07 22:07 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\SolSuite 2008-10-07 13:51 . 2008-10-07 13:56 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\vlc 2008-10-07 13:50 . 2008-10-07 13:50 <DIR> d-------- C:\Program Files\VideoLAN 2008-10-07 10:55 . 2008-10-07 10:55 <DIR> d-------- C:\Program Files\Common Files\eSellerate 2008-10-07 10:55 . 2008-10-07 10:55 <DIR> d-------- C:\Program Files\AnswersThatWork 2008-10-07 10:55 . 2007-06-08 13:53 1,753,088 --a------ C:\WINDOWS\system32\ExGrid.dll 2008-10-07 10:55 . 2007-04-03 16:51 614,400 --a------ C:\WINDOWS\system32\ExButton.dll 2008-10-07 10:55 . 2007-06-05 10:20 602,112 --a------ C:\WINDOWS\system32\ExMenu.dll 2008-10-07 10:55 . 2007-06-05 10:19 516,096 --a------ C:\WINDOWS\system32\ExTab.dll 2008-10-07 10:55 . 2007-04-03 16:51 307,200 --a------ C:\WINDOWS\system32\ExPMenu.dll 2008-10-07 10:55 . 2005-06-18 11:44 212,240 --a------ C:\WINDOWS\system32\RichTx32.ocx 2008-10-07 10:50 . 2008-10-07 10:50 <DIR> d-------- C:\BootBkup 2008-10-07 10:48 . 2008-10-07 10:48 <DIR> d-------- C:\Program Files\My BootDisk 2008-10-07 09:43 . 2008-10-07 14:26 <DIR> d-------- C:\Program Files\MagicISO 2008-10-03 04:47 . 2008-10-03 04:47 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\HEXelon 2008-10-03 04:45 . 2008-10-03 04:54 <DIR> d-------- C:\Program Files\TC UP 2008-10-03 04:33 . 2008-10-03 04:33 <DIR> d-------- C:\Program Files\PowerISO 2008-10-03 03:59 . 2008-10-03 04:02 <DIR> d-------- C:\Program Files\WMR11 2008-10-03 03:36 . 2008-10-03 03:44 34 --a------ C:\WINDOWS\system32\oeminfo.ini 2008-10-03 01:46 . 2008-10-03 01:46 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-10-02 03:08 . 2008-10-02 03:08 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared 2008-10-02 03:08 . 2008-10-02 03:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-10-01 05:05 . 2008-10-01 05:06 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008 2008-10-01 05:05 . 2008-10-01 05:05 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe 2008-10-01 05:05 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll 2008-09-30 22:18 . 2008-09-30 22:18 360,580 --a------ C:\WINDOWS\eSellerateEngine.dll 2008-09-30 21:49 . 2008-10-08 02:21 <DIR> d-------- C:\Program Files\Messenger Plus! Live 2008-09-30 21:46 . 2008-10-08 02:07 <DIR> d-------- C:\Documents and Settings\Natasa\Tracing 2008-09-30 17:49 . 2008-09-30 17:49 <DIR> d-------- C:\Program Files\P2P_Energy 2008-09-30 17:49 . 2008-09-30 17:49 <DIR> d-------- C:\Program Files\Conduit 2008-09-30 17:38 . 1997-03-20 21:01 114,688 --a------ C:\WINDOWS\CABARC.EXE 2008-09-30 17:38 . 2005-10-11 23:22 4 --a------ C:\WINDOWS\TrialAvatarGirl.mco.cer 2008-09-30 17:38 . 2005-10-11 23:21 4 --a------ C:\WINDOWS\TrialAvatarBoy.mco.cer 2008-09-30 17:26 . 2008-09-30 17:26 <DIR> d-------- C:\Program Files\MSN Content Plus 2008-09-30 17:26 . 2004-03-09 01:00 124,688 --a------ C:\WINDOWS\system32\MSWINSCK.OCX 2008-09-30 17:26 . 1997-03-20 21:01 65,536 --a------ C:\WINDOWS\CABINET.DLL 2008-09-30 17:13 . 2008-09-30 17:13 <DIR> d-------- C:\Program Files\Real 2008-09-30 17:13 . 2008-10-03 03:04 <DIR> d-------- C:\Program Files\MSN Messenger 2008-09-30 09:52 . 2008-09-30 09:53 <DIR> d-------- C:\Program Files\FOX Video Studio 2008-09-30 09:52 . 2004-05-26 21:37 719,872 --a------ C:\WINDOWS\system32\devil.dll 2008-09-30 09:52 . 2006-09-16 19:44 314,368 --a------ C:\WINDOWS\system32\avisynth.dll 2008-09-30 09:52 . 2008-09-30 09:52 81,920 --a------ C:\Documents and Settings\Natasa\Application Data\ezpinst.exe 2008-09-30 01:48 . 2004-05-04 12:53 1,645,320 --a------ C:\WINDOWS\gdiplus.dll 2008-09-30 01:48 . 2006-05-20 17:16 1,184,984 --a------ C:\WINDOWS\system32\wvc1dmod.dll 2008-09-30 01:48 . 2006-05-11 20:21 626,688 --a------ C:\WINDOWS\system32\vp7vfw.dll 2008-09-30 01:48 . 2006-09-29 13:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll 2008-09-30 01:48 . 2006-09-29 13:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll 2008-09-30 01:48 . 2006-09-29 13:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll 2008-09-30 01:48 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll 2008-09-30 01:47 . 2008-10-09 11:01 <DIR> d-------- C:\Program Files\VSO 2008-09-30 01:47 . 2008-10-09 10:01 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Vso 2008-09-30 01:47 . 2008-09-30 01:47 94,208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys 2008-09-30 01:47 . 2008-09-30 01:47 94,208 --a------ C:\Documents and Settings\Natasa\Application Data\ezplay.sys 2008-09-30 01:47 . 2008-09-30 01:47 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2008-09-30 01:47 . 2008-10-09 10:01 47,360 --a------ C:\Documents and Settings\Natasa\Application Data\pcouffin.sys 2008-09-29 07:44 . 2008-09-29 07:44 <DIR> d-------- C:\Program Files\Reference Assemblies 2008-09-25 03:37 . 2008-09-25 03:37 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Ulead Systems 2008-09-25 03:09 . 2008-09-25 03:09 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\DriveHQ 2008-09-25 03:09 . 2008-09-25 03:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DriveHQ 2008-09-25 00:41 . 2008-09-25 02:37 170 --a------ C:\WINDOWS\WaterIllusion.ini 2008-09-24 20:28 . 2008-09-24 20:28 <DIR> d-------- C:\Program Files\GetDiz 2008-09-24 20:28 . 2008-09-24 20:28 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Outertech 2008-09-24 20:02 . 2008-09-24 20:03 250,690,849 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.part0.edf 2008-09-24 20:02 . 2008-09-24 20:03 12,884 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.edi 2008-09-24 20:02 . 2008-09-24 20:02 45 --a------ C:\WINDOWS\DRW4.3.6_DiskImageFile.edp 2008-09-24 19:59 . 2008-09-24 19:59 <DIR> d-------- C:\Program Files\EASEUS 2008-09-24 19:56 . 2008-09-24 19:56 <DIR> d-------- C:\Program Files\Active Data Recovery Services 2008-09-24 19:52 . 2008-10-07 15:51 <DIR> d-------- C:\Program Files\CCleaner 2008-09-24 19:44 . 2008-09-24 19:44 <DIR> d-------- C:\Program Files\Corel 2008-09-24 19:44 . 2008-09-24 19:45 <DIR> d-------- C:\Program Files\Common Files\Ulead Systems 2008-09-24 19:44 . 2008-09-24 19:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Ulead Systems 2008-09-24 19:39 . 2008-09-24 19:39 <DIR> d-------- C:\Program Files\Photodex 2008-09-24 19:39 . 2008-09-24 19:39 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Netscape 2008-09-24 19:38 . 2008-09-24 19:38 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Photodex 2008-09-24 19:37 . 2008-09-24 19:37 <DIR> d-------- C:\Program Files\DynamicPhotoHDR 2008-09-24 19:22 . 2008-09-24 19:22 <DIR> d-------- C:\Program Files\Photo Effect Studio 2008-09-24 19:18 . 2008-09-24 19:18 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\ArcSoft 2008-09-24 19:15 . 2008-09-24 19:15 <DIR> d-------- C:\Program Files\IWIN 2008-09-24 18:40 . 2008-09-24 18:40 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\iolo 2008-09-24 18:40 . 2008-09-24 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\iolo 2008-09-24 18:36 . 2008-09-24 18:36 <DIR> d-------- C:\Program Files\ArcSoft 2008-09-24 18:36 . 2008-09-26 03:18 2,870 --a------ C:\WINDOWS\photoimpression.ini 2008-09-24 18:36 . 2001-06-20 10:09 21 --a------ C:\WINDOWS\PI_setup.ini 2008-09-24 18:19 . 2008-10-07 14:30 <DIR> d-------- C:\Program Files\Nufsoft 2008-09-24 18:11 . 2008-09-24 18:15 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\MahJong Suite 2008-09-24 18:11 . 2008-10-07 15:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TreeCardGames 2008-09-24 18:10 . 2008-09-24 18:10 <DIR> d-------- C:\Program Files\MahJong Suite 2008-09-24 18:05 . 2008-09-24 18:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MAGIX 2008-09-24 18:05 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll 2008-09-24 18:05 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll 2008-09-24 18:05 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax 2008-09-24 18:05 . 2003-04-18 15:29 82,432 --a------ C:\WINDOWS\system32\msxml4r.dll 2008-09-24 18:05 . 2003-04-18 15:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll 2008-09-24 18:04 . 2008-09-24 18:05 <DIR> d-------- C:\Program Files\Common Files\MAGIX Shared 2008-09-24 18:03 . 2008-09-30 11:54 <DIR> d-------- C:\WINDOWS\system32\MAGIX 2008-09-24 18:03 . 2008-09-24 18:05 <DIR> d-------- C:\Program Files\MAGIX 2008-09-24 18:03 . 2002-09-20 23:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL 2008-09-24 18:03 . 2007-02-07 10:53 663,552 --a------ C:\WINDOWS\system32\mgxoschk.dll 2008-09-24 18:03 . 1998-10-15 16:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll 2008-09-24 18:03 . 1999-01-28 13:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll 2008-09-24 18:03 . 2008-09-24 18:05 5,817 --a------ C:\WINDOWS\mgxoschk.ini 2008-09-24 18:00 . 2008-09-24 18:00 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Downloaded Installations 2008-09-24 17:53 . 2008-09-24 17:53 <DIR> d-------- C:\Program Files\Flash Effect Maker 2008-09-24 17:46 . 2008-09-24 17:46 3,532 --a------ C:\drmHeader.bin 2008-09-24 15:38 . 2008-09-24 15:38 <DIR> d-------- C:\WINDOWS\Aloha Solitaire 2008-09-24 15:38 . 2008-10-03 03:04 <DIR> d-------- C:\Program Files\Aloha Solitaire 2008-09-24 14:50 . 2008-09-24 14:50 <DIR> d-------- C:\Program Files\Babylon 2008-09-24 14:49 . 2008-09-25 03:33 <DIR> d-------- C:\Documents and Settings\Natasa\Application Data\Babylon 2008-09-24 14:49 . 2008-10-10 22:26 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Babylon 2008-09-24 13:53 . 2008-10-07 14:20 <DIR> d-------- C:\Program Files\Digital Photo Software 2008-09-24 13:52 . 2008-09-24 19:43 <DIR> d-------- C:\WINDOWS\Downloaded Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-10 16:24 --------- d-----w C:\Program Files\QuickTime 2008-10-10 16:24 --------- d-----w C:\Program Files\ImageTasks 2008-10-10 16:24 --------- d-----w C:\Program Files\Advanced System Optimizer 2008-10-10 06:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-10-10 05:55 --------- d-----w C:\Documents and Settings\Natasa\Application Data\uTorrent 2008-10-09 07:59 --------- d-----w C:\Program Files\PhotoPerfect 2008-10-09 07:58 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-10-08 00:22 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2008-10-08 00:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-10-08 00:21 --------- d-----w C:\Program Files\Common Files\InstallShield 2008-10-07 21:40 --------- d-----w C:\Program Files\VstPlugins 2008-10-07 13:52 --------- d-----w C:\Program Files\Google 2008-10-07 12:38 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-10-07 12:25 --------- d-----w C:\Program Files\Image-Line 2008-10-07 12:24 --------- d-----w C:\Program Files\Ashampoo 2008-10-07 08:17 --------- d-----w C:\Documents and Settings\Natasa\Application Data\Ashampoo 2008-10-07 01:43 --------- d-----w C:\Documents and Settings\Natasa\Application Data\LimeWire 2008-10-06 15:59 26 ----a-w C:\Program Files\sn.txt 2008-10-03 01:04 --------- d-----w C:\Program Files\uTorrent 2008-10-02 01:10 --------- d-----w C:\Program Files\Common Files\Adobe 2008-09-30 22:00 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-30 19:29 --------- d-----w C:\Program Files\LimeWire 2008-09-30 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-09-24 18:29 --------- d-----w C:\Program Files\MumboJumbo 2008-09-09 19:41 --------- d-----w C:\Documents and Settings\Natasa\Application Data\Panasonic 2008-09-09 19:34 --------- d-----w C:\Program Files\Panasonic 2008-09-09 19:32 --------- d-----w C:\Documents and Settings\Natasa\Application Data\InstallShield 2008-09-09 17:42 --------- d-----w C:\Program Files\PhotoScape 2008-08-29 13:48 --------- d-----w C:\Documents and Settings\Natasa\Application Data\DivX 2008-08-26 16:30 --------- d-----w C:\Program Files\ASIO4ALL v2 2008-08-26 16:26 --------- d-----w C:\Program Files\Outsim 2008-08-26 16:06 --------- d-----w C:\Program Files\MGI 2008-08-22 15:39 --------- d-----w C:\Program Files\Apple Software Update 2008-08-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer 2008-08-22 15:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple 2008-08-21 22:05 --------- d-----w C:\Program Files\Multiply 2008-08-21 22:05 --------- d-----w C:\Program Files\Common Files\Adobe AIR 2008-08-21 22:05 --------- d-----w C:\Documents and Settings\Natasa\Application Data\com.Multiply.AutoUploader.C7DF09F73C2059D294831784007C5F0856677385.1 2008-08-11 11:12 --------- d-----w C:\Program Files\XP Repair Pro 2007 2008-07-25 08:34 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe 2008-07-20 20:36 50,192 ----a-w C:\Documents and Settings\Natasa\Application Data\GDIPFONTCACHEV1.DAT 2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll 2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe 2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll 2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll 2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll 2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll 2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll 2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll 2008-07-14 12:51 577,536 ----a-w C:\WINDOWS\system32\SkinCrafter3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2bae58c2-79f9-45d1-a286-81f911301c3a}] 2008-09-15 06:47 1784856 --a------ C:\Program Files\P2P_Energy\tbP2P_.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{2bae58c2-79f9-45d1-a286-81f911301c3a}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{2BAE58C2-79F9-45D1-A286-81F911301C3A}"= "C:\Program Files\P2P_Energy\tbP2P_.dll" [2008-09-15 1784856] [HKEY_CLASSES_ROOT\clsid\{2bae58c2-79f9-45d1-a286-81f911301c3a}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2007-12-01 15360] "msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184] "XPRepairPro2007"="C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 1023624] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2007-12-21 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 6803456] "Babylon Client"="C:\Program Files\Babylon\Babylon-Pro\Babylon.exe" [2008-09-01 3563232] "PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 167936] "BluetoothAuthenticationAgent"="bthprops.cpl" [2007-12-01 C:\WINDOWS\system32\bthprops.cpl] C:\Documents and Settings\Natasa\Start Menu\Programs\Startup\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] Multiply AutoUploader.lnk - C:\Program Files\Multiply\AutoUploader\Multiply AutoUploader\Multiply AutoUploader.exe [2008-08-22 94208] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) "NoFileAssociate"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, credssp.dll, msnsspc.dll [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Auto run of VideoCam Suite 1.0.lnk] backup=C:\WINDOWS\pss\Auto run of VideoCam Suite 1.0.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2007-05-11 03:06 40048 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ImageTasksHelper] --a------ 2008-10-10 18:24 370176 C:\Program Files\ImageTasks\ImageTasksHelper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] --a------ 2008-10-10 18:24 413696 C:\Program Files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Systweak Wallpaper Changer] --a------ 2008-10-10 18:24 151280 C:\Program Files\Advanced System Optimizer\wallpaper.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrayServer] --a------ 2006-10-04 15:41 86016 C:\Program Files\MAGIX\Movie_Edit_Pro_12_e-version\Trayserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] --a------ 2007-08-02 21:08 95504 C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XPRepairPro2007] --a------ 2007-07-04 04:51 1023624 C:\Program Files\XP Repair Pro 2007\XPRepairPro.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "nwiz"=nwiz.exe /install [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Messenger\\msmsgs.exe"= "C:\\Program Files\\uTorrent\\uTorrent.exe"= "C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"= "C:\\Program Files\\LimeWire\\LimeWire.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R1 VD_FileDisk;VD_FileDisk;C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872] R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2007-12-01 14336] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-10-01 306432] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2008-10-03 C:\WINDOWS\Tasks\1-Click Maintenance.job - C:\Program Files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 15:17] 2008-08-22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57] . ************************************************************************ catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-10-10 23:08:21 Windows 5.1.2600 Service Pack 3, v.3264 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2008-10-10 23:08:53 Pre-Run: 31,064,920,064 bytes free Post-Run: 31,063,109,632 bytes free 298 --- E O F --- 2008-10-02 23:50:05

Profil

bobby Poslao: 10 Okt 2008 23:18 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jesmo li uspeli da resimo problem? Pojavljuju li se jos uvek oni simptomi?

Profil

dreamer050 Poslao: 11 Okt 2008 00:20 Idi na vrh
offline dreamer050 Građanin Pridružio: 10 Okt 2008 Poruke: 38 Gde živiš: Rijeka	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! NE! NE! NE! Ajme... Nikakav se prozor ne poajavljuje! kompjuter radi kao nikad prije! Kako da se zahvalim? NEMAM RIJEČI! Veliko hvala na pomoći, strpljenju i vremenu koje ste potrošili da mi pomognete!!! Srdačan pozdrav i laku i ugodnu noć želim!

Profil

bobby Poslao: 11 Okt 2008 09:55 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Hajmo jos da deinstaliramo ComboFix prema sledecoj proceduri: Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kako se riješiti .exe datoteka kod starta Windowsa?

Ko je trenutno na forumu

Ukupno su 948 korisnika na forumu :: 27 registrovanih, 2 sakrivenih i 919 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Andrija357, bigfoot, DragoslavS, drimer, FileFinder, kolle.the.kid, maiden6657, mikrimaus, Milometer, ozzy, panzerwaffe, pein, repac, RJ, rovac, royst33, S2M, savaskytec, Shinobi, Trpe Grozni, Vlada1389, Webb, wolf431, wulfy, |_MeD_|

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by