MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima...

Problem sa virusima...

Napisano na dan: 13.3.2008

Problem sa virusima...
Sledeća strana Pagination

Idi na vrh

Poslao: 13 Mar 2008 01:22
Idi na vrh
offline
  • Sone+ 
  • Novi MyCity građanin
  • Pridružio: 13 Mar 2008
  • Poruke: 2

Nakon otvaranje sistema otvara explorer (My Documnets)... U korpi prijavljuje da imaju brisani fajlovi a ustvari nista... Nece da otvori sakrivene fajlove, datoteke... Nemoze da se otvori bilo koja particija na dupli klik nego desni klik pa OPEN... Moze li da se resi ovo???


Logfile of HijackThis v1.99.1
Scan saved at 1:14:10, on 13.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\drivers\spoclsv.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Documents and Settings\Nesa\Application Data\explorer.exe
C:\Documents and Settings\Nesa\Application Data\explorer.exe
C:\Documents and Settings\Nesa\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Nesa\Local Settings\Application Data\lsass.exe
C:\Program Files\Red-Devils S©®ipt\Mirc.exe
C:\WINDOWS\System32\lbyhmunxj.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\PROGRA~1\MOZILL~1\firefox.exe
C:\Documents and Settings\Nesa\Desktop\Sone\Sone1.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\secpol.exe,
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\System32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\System32\sw24.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [Windows Serviece Agents] lbyhmunxj.exe
O4 - HKLM\..\RunServices: [Windows Serviece Agents] lbyhmunxj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [svcshare] C:\WINDOWS\System32\drivers\spoclsv.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: windows.pif = ?
O4 - Global Startup: Empty.pif = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O17 - HKLM\System\CCS\Services\Tcpip\..\{88F10BC0-5FB1-488A-8EE4-94E45F78FFF8}: NameServer = 92.60.224.20 92.60.224.30
O17 - HKLM\System\CS1\Services\Tcpip\..\{88F10BC0-5FB1-488A-8EE4-94E45F78FFF8}: NameServer = 92.60.224.20 92.60.224.30
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Poslao: 13 Mar 2008 05:43
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Zdravo,

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 15 Mar 2008 16:07
Idi na vrh
offline
  • Sone+ 
  • Novi MyCity građanin
  • Pridružio: 13 Mar 2008
  • Poruke: 2

ComboFix 08-03-14.4 - Nesa 2008-03-15 16:00:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.1.1250.1.1033.18.196 [GMT 1:00]
Running from: C:\Documents and Settings\Nesa\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\Banlieue 13\Desktop_.ini
C:\PARTICIJA C\C c c\Desktop_.ini
C:\PARTICIJA C\Desktop_.ini
C:\PARTICIJA C\EKS\Desktop_.ini
C:\PARTICIJA C\EKS\Ekskurzija\Desktop_.ini
C:\PARTICIJA C\EKS\Ekskurzija2\Desktop_.ini
C:\PARTICIJA C\EKS\Ekskurzija3\Desktop_.ini
C:\PARTICIJA C\EKS\Ekskurzija4\Desktop_.ini
C:\PARTICIJA C\EKS\Video\Desktop_.ini
C:\PARTICIJA C\EKS\Video\Ekskurzija Video\Desktop_.ini
C:\PARTICIJA C\EKS\Video\Ekskurzija2 Video\Desktop_.ini
C:\PARTICIJA C\EKS\Video\Ekskurzija3 Video\Desktop_.ini
C:\PARTICIJA C\GTA San Andreas User Files\Desktop_.ini
C:\PARTICIJA C\GTA San Andreas User Files\Gallery\Desktop_.ini
C:\PARTICIJA C\GTA San Andreas User Files\User Tracks\Desktop_.ini
C:\PARTICIJA C\GTA Vice City User Files\Desktop_.ini
C:\PARTICIJA C\KONAMI\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\save\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\save\folder1\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\save\folder2\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\save\folder3\Desktop_.ini
C:\PARTICIJA C\KONAMI\Pro Evolution Soccer 6\save\folder4\Desktop_.ini
C:\PARTICIJA C\Muzika\Desktop_.ini
C:\PARTICIJA C\Muzika\Ivan Gavrilovic\Desktop_.ini
C:\PARTICIJA C\Muzika\JOBS\Desktop_.ini
C:\PARTICIJA C\Nacionalni Park Srbija\Desktop_.ini
C:\PARTICIJA C\New Folder\Desktop_.ini
C:\PARTICIJA C\New Folder\Skola\Desktop_.ini
C:\PARTICIJA C\NFS Most Wanted\Desktop_.ini
C:\PARTICIJA C\NFS Most Wanted\kica\Desktop_.ini
C:\PARTICIJA C\NFS Most Wanted\NAME\Desktop_.ini
C:\PARTICIJA C\NFS Most Wanted\NAMEc\Desktop_.ini
C:\PARTICIJA C\NFS Most Wanted\Shone\Desktop_.ini
C:\PARTICIJA C\sashkica\Desktop_.ini
C:\PARTICIJA C\Sexy\Desktop_.ini
C:\PARTICIJA C\Spotovi\bad copyz\Desktop_.ini
C:\PARTICIJA C\Spotovi\Desktop_.ini
C:\PARTICIJA C\Spotovi\edo , franky and elemental\Desktop_.ini
C:\PARTICIJA C\Spotovi\juice and shorty\Desktop_.ini
C:\PARTICIJA C\TIKE\Alien_Project_-_Activation_Portal-Promo-2007-MYCEL\Desktop_.ini
C:\PARTICIJA C\TIKE\Desktop_.ini
C:\PARTICIJA C\Unknown Album (23.10.2007 0-07-05)\Desktop_.ini
C:\PARTICIJA C\Unknown Album (26.1.2008 20-20-07)\Desktop_.ini
C:\Program Files\AMD\Athlon 64 Processor Driver\Desktop_.ini
C:\Program Files\AMD\Desktop_.ini
C:\Program Files\Desktop_.ini
C:\Program Files\JoWooD\Desktop_.ini
C:\Program Files\JoWooD\King\COMMON\Desktop_.ini
C:\Program Files\JoWooD\King\Desktop_.ini
C:\Program Files\JoWooD\King\ENV\Desktop_.ini
C:\Program Files\JoWooD\King\MENV\Desktop_.ini
C:\Program Files\JoWooD\King\MTB\Desktop_.ini
C:\Program Files\JoWooD\King\MTR\Desktop_.ini
C:\Program Files\JoWooD\King\MUSIC\Desktop_.ini
C:\Program Files\JoWooD\King\setup\Desktop_.ini
C:\Program Files\KM Player\Desktop_.ini
C:\Program Files\KM Player\Language\Desktop_.ini
C:\Program Files\KM Player\Logo\Desktop_.ini
C:\Program Files\KM Player\PlayList\Desktop_.ini
C:\Program Files\KM Player\plugins\Desktop_.ini
C:\Program Files\KM Player\plugins\Enhancer\017\Desktop_.ini
C:\Program Files\KM Player\plugins\Enhancer\Desktop_.ini
C:\Program Files\KM Player\plugins\ml\Desktop_.ini
C:\Program Files\KM Player\sdk\Desktop_.ini
C:\Program Files\KM Player\sdk\Exam_C\Desktop_.ini
C:\Program Files\KM Player\sdk\Exam_Delphi\Desktop_.ini
C:\Program Files\KM Player\sdk\Remocon\Desktop_.ini
C:\Program Files\KM Player\sdk\WinampVis\Desktop_.ini
C:\Program Files\KM Player\Shader\Desktop_.ini
C:\Program Files\KM Player\skins\Desktop_.ini
C:\Program Files\KONAMI\Desktop_.ini
C:\Program Files\KONAMI\Pro Evolution Soccer 4\dat\Desktop_.ini
C:\Program Files\KONAMI\Pro Evolution Soccer 4\Desktop_.ini
C:\Program Files\KONAMI\Pro Evolution Soccer 4\save\Desktop_.ini
C:\Program Files\KONAMI\Pro Evolution Soccer 4\save\folder1\Desktop_.ini
C:\Program Files\Ligos\Desktop_.ini
C:\Program Files\Ligos\Indeo\Desktop_.ini
C:\Program Files\Ligos\Indeo\Indeo System Files\Desktop_.ini
C:\Program Files\Ligos\Indeo\Release notes\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\browser\content\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\browser\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\communicator\content\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\communicator\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\navigator\content\Desktop_.ini
C:\Program Files\Mozilla Firefox\chrome\overlayinfo\navigator\Desktop_.ini
C:\Program Files\Mozilla Firefox\components\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\autoconfig\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\pref\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\profile\chrome\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\profile\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\profile\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\profile\extensions\Desktop_.ini
C:\Program Files\Mozilla Firefox\defaults\shortcuts\Desktop_.ini
C:\Program Files\Mozilla Firefox\Desktop_.ini
C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Desktop_.ini
C:\Program Files\Mozilla Firefox\extensions\Desktop_.ini
C:\Program Files\Mozilla Firefox\greprefs\Desktop_.ini
C:\Program Files\Mozilla Firefox\plugins\Desktop_.ini
C:\Program Files\Mozilla Firefox\res\Desktop_.ini
C:\Program Files\Mozilla Firefox\res\dtd\Desktop_.ini
C:\Program Files\Mozilla Firefox\res\entityTables\Desktop_.ini
C:\Program Files\Mozilla Firefox\res\fonts\Desktop_.ini
C:\Program Files\Mozilla Firefox\res\html\Desktop_.ini
C:\Program Files\Mozilla Firefox\searchplugins\Desktop_.ini
C:\Program Files\Mozilla Firefox\uninstall\Desktop_.ini
C:\Program Files\MSN Gaming Zone\Desktop_.ini
C:\Program Files\MSN Messenger\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\10\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\1028\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\1046\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\11\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\12\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\16\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\17\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\18\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\19\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\20\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\22\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\25\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\29\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\31\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\4\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\6\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\7\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\8\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\9\Desktop_.ini
C:\Program Files\MSN Messenger\Device Manager\Loc\Desktop_.ini
C:\Program Files\Nero\Desktop_.ini
C:\Program Files\Nero\Nero 7\Core\CDI\Desktop_.ini
C:\Program Files\Nero\Nero 7\Core\Desktop_.ini
C:\Program Files\Nero\Nero 7\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero BackItUp\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero BackItUp\NeroFiles\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\Templates\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Fast CD-Burning Plug-in\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Backgrounds\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Backgrounds_Others\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_Content_BigListView\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_Content_IconView\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_Content_ListView\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_Handlers\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_MenuItems\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_OSD\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_PlayerControls\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\BG_Settings\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_Content\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_FileTypes\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_Handlers\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_MediaCategory\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_MenuItems\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_Notifications\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_OSD\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_PlayerControls\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_Settings\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Icons_State\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\Logo\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\Graphics\VirtualKeyboard\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Horizon Sphere\XML\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Backgrounds\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_Content_IconView\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_Content_ListView\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_MenuItems\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_Notifications\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_OSD\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_PlayerControls\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_Settings\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\BG_Specials\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_Content\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_FileTypes\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_Handlers\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_MediaCategory\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_MenuItems\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_OSD\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_PlayerControls\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_Settings\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Icons_State\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\Logo\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\Graphics\VirtualKeyboard\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Home\Skins\Spin\XML\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero ImageDrive\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero MediaHome\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero PhotoSnap\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Recode\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero ShowTime\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero ShowTime\Skins\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\808\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Acoustic\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Funk\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Hiphop\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\House\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Industrial\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Jazz\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Rock\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Synth\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Drums\Techno\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Concert\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Farm\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Horror\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Jungle\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Office\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Party\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Stadion\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Traffic\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Vehicles\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Samples\Weather\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundBox\Templates\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero SoundTrax\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero StartSmart\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Toolkit\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Vision\Buttons\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Vision\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Vision\MenuTemplates\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Vision\MenuTemplates\Pictures\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero Vision\Video\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero WaveEditor\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero\Desktop_.ini
C:\Program Files\Nero\Nero 7\Nero\Uninstall\Desktop_.ini
C:\Program Files\Online Services\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\ajoin\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\data\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\dlls\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\fonts\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\icons\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\display_manager\icons\Idioplatina\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\idle\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\lagbar\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\scanner\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Addons\urlm\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\ch\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\channels\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\data\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\dll\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\download\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\Graph\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\securequery\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\sounds\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\dll\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\dll\mdx2\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\icons\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\icons\nicklist\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\System\remote\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\teme\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\teme\ikonice\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\anim\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\body\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\grafike\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\ljubav\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\natur\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\pice\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\pjesme\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\pozdrav\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\sex\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\svemir\Desktop_.ini
C:\Program Files\Red-Devils ScRipt\TXT\vozila\Desktop_.ini
C:\Program Files\Samsung\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\ConvertTemp\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Help\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Lang\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\MDProfs\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\ClipArts\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\Images\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\Music\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\Sounds\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Samples\Videos\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\temp\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Temporary\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\TransRender\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Update\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\Update\Lang\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\1\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\2\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\3\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\4\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USB Drivers\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\USER\Desktop_.ini
C:\Program Files\Samsung\Samsung PC Studio 3\util\Desktop_.ini
C:\Program Files\totalcmd\Desktop_.ini
C:\Program Files\totalcmd\LANGUAGE\Desktop_.ini
C:\Program Files\TuneUp Utilities 2006\Data\Desktop_.ini
C:\Program Files\TuneUp Utilities 2006\Desktop_.ini
C:\Program Files\Uninstall Information\Desktop_.ini
C:\Program Files\Winamp\Desktop_.ini
C:\Program Files\Winamp\Plugins\avs\Community Picks\Desktop_.ini
C:\Program Files\Winamp\Plugins\avs\Desktop_.ini
C:\Program Files\Winamp\Plugins\avs\Winamp 5 Picks\Desktop_.ini
C:\Program Files\Winamp\Plugins\Desktop_.ini
C:\Program Files\Winamp\Plugins\DSP_SPS\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\wacs\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\wacs\jpgload\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\about\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\checkbox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\combobox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\dropdownlist\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\historyeditbox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\menubutton\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\msgbox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\pathpicker\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\popupmenu\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\statusbar\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\tabsheet\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\titlebox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\tooltips\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\fonts\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\garbage\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\menu\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\Scripts\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\window\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\groups\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\button\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\editbox\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\slider\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\standardframe\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\text\Desktop_.ini
C:\Program Files\Winamp\Plugins\freeform\xml\wasabi\xml\xui\titlebar\Desktop_.ini
C:\Program Files\Winamp\Plugins\Milkdrop\Desktop_.ini
C:\Program Files\Winamp\Plugins\ml\Desktop_.ini
C:\Program Files\Winamp\Plugins\Predixis MusicMagic\Desktop_.ini
C:\Program Files\Winamp\Plugins\Predixis MusicMagic\images\Desktop_.ini
C:\Program Files\Winamp\Skins\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\about\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\notifier\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\player\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\scripts\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\shade\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\standardframe\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\titlebar\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\window\Desktop_.ini
C:\Program Files\Winamp\Skins\Winamp Modern\xml\Desktop_.ini
C:\Program Files\xerox\Desktop_.ini
C:\Program Files\xerox\nwwia\Desktop_.ini
C:\Radovan III\Desktop_.ini
C:\RECYCLER\Desktop_.ini
C:\setup.exe
C:\WINDOWS\system32\winsys.exe
D:\Autorun.inf
D:\RECYCLER\Desktop_.ini
E:\Autorun.inf
E:\RECYCLER\Desktop_.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.

2008-03-15 15:55 . 2008-03-15 15:55 <DIR> d-------- C:\WINDOWS\NV628428.TMP
2008-03-15 15:55 . 2004-05-17 06:49 198,656 -ra------ C:\WINDOWS\system32\fdco1.dll
2008-03-15 15:55 . 2004-05-17 07:00 191,232 -ra------ C:\WINDOWS\system32\drivers\nvsnpu.sys
2008-03-15 15:55 . 2004-05-10 01:52 172,032 --a------ C:\WINDOWS\system32\nvunrm.exe
2008-03-15 15:55 . 2004-03-03 14:14 163,840 --a------ C:\WINDOWS\system32\NVUninst.exe
2008-03-15 15:55 . 2004-05-17 07:00 56,960 -ra------ C:\WINDOWS\system32\drivers\nvnrm.sys
2008-03-15 15:55 . 2004-05-17 07:00 33,280 -ra------ C:\WINDOWS\system32\drivers\NVENETFD.sys
2008-03-15 15:55 . 2004-05-10 01:53 32,256 -ra------ C:\WINDOWS\system32\nvconrm.dll
2008-03-15 15:55 . 2004-05-17 07:00 12,928 -ra------ C:\WINDOWS\system32\drivers\nvnetbus.sys
2008-03-15 15:55 . 2004-05-17 06:48 8,192 -ra------ C:\WINDOWS\system32\bdco1.dll
2008-03-15 15:55 . 2004-03-20 19:30 2,509 --a------ C:\WINDOWS\system32\nvnrm.nvu
2008-03-15 15:35 . 2001-08-17 13:53 4,992 --a------ C:\WINDOWS\system32\drivers\loop.sys
2008-03-15 15:35 . 2001-08-17 13:53 4,992 --a--c--- C:\WINDOWS\system32\dllcache\loop.sys
2008-03-15 15:34 . 2008-03-15 15:34 <DIR> d-------- C:\Program Files\SiSLan
2008-03-15 15:34 . 2002-07-10 16:39 32,256 -ra------ C:\WINDOWS\system32\drivers\sisnic.sys
2008-03-15 15:34 . 2002-07-10 16:39 32,256 --a--c--- C:\WINDOWS\system32\dllcache\sisnic.sys
2008-03-15 13:22 . 2006-04-24 09:30 237,016 --a------ C:\.exe
2008-03-14 01:19 . 2008-03-14 01:19 268 --ah----- C:\sqmdata00.sqm
2008-03-14 01:19 . 2008-03-14 01:19 244 --ah----- C:\sqmnoopt00.sqm
2008-03-13 19:27 . 2006-04-24 09:30 237,016 --a------ C:\Documents and Settings\Nesa\Application Data\explorer.exe
2008-03-13 00:53 . 2008-03-13 00:53 277,978 --a------ C:\WINDOWS\UninstallFirefox.exe
2008-03-13 00:53 . 2008-03-13 00:53 2,654 --a------ C:\WINDOWS\mozver.dat
2008-03-13 00:53 . 2008-03-13 00:53 0 --a------ C:\WINDOWS\nsreg.dat
2008-03-13 00:34 . 2008-03-14 01:19 <DIR> d-------- C:\Documents and Settings\Nesa\Contacts
2008-03-13 00:34 . 2008-03-13 00:34 45,056 --a------ C:\WINDOWS\system32\fsmgmt.dll
2008-03-13 00:32 . 2008-03-13 00:32 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-03-13 00:32 . 2008-03-15 16:00 <DIR> d-------- C:\Program Files\MSN Messenger
2008-03-13 00:24 . 2008-03-13 00:24 67 --a------ C:\WINDOWS\system32\o
2008-03-13 00:22 . 2008-03-14 01:26 <DIR> d-------- C:\Program Files\Red-Devils S©®ipt
2008-03-05 22:07 . 2008-03-05 22:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-03-05 22:04 . 2008-03-05 22:09 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-03-05 22:03 . 2008-03-05 22:03 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-28 19:34 . 2008-03-15 16:00 <DIR> d-------- C:\Program Files\KONAMI
2008-02-28 19:29 . 2008-02-28 19:29 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-02-26 23:16 . 2008-03-05 22:15 10,240 --ahs---- C:\WINDOWS\Thumbs.db
2008-02-26 23:03 . 2008-02-26 23:28 2,174,720 --a------ C:\WINDOWS\system32\TUKernel.exe
2008-02-26 22:43 . 2002-08-29 01:32 21,760 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 15:00 --------- d-----w C:\Program Files\Winamp
2008-03-15 15:00 --------- d-----w C:\Program Files\TuneUp Utilities 2006
2008-03-15 15:00 --------- d-----w C:\Program Files\totalcmd
2008-03-15 15:00 --------- d-----w C:\Program Files\Samsung
2008-03-15 15:00 --------- d-----w C:\Program Files\Nero
2008-03-15 15:00 --------- d-----w C:\Program Files\Ligos
2008-03-15 15:00 --------- d-----w C:\Program Files\KM Player
2008-03-15 15:00 --------- d-----w C:\Program Files\JoWooD
2008-03-15 15:00 --------- d-----w C:\Program Files\AMD
2008-03-13 00:53 195,542 ----a-w C:\WINDOWS\system32\secpol.exe
2008-03-12 23:18 356,120 ----a-w C:\WINDOWS\system32\PerfStringBackup.TMP
2008-02-28 18:37 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-28 18:29 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-02-25 21:35 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-02-25 20:52 238,044 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-02-25 20:47 --------- d-----w C:\Documents and Settings\Nesa\Application Data\Ahead
2008-02-25 20:46 --------- d-----w C:\Program Files\Common Files\Ahead
2008-02-25 20:43 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\Nesa\Application Data\TuneUp Software
2008-02-25 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-25 20:20 --------- d-----w C:\Program Files\microsoft frontpage
2008-02-25 20:19 558,142 ----a-w C:\WINDOWS\java\Packages\RHRV3LB7.ZIP
2008-02-25 20:19 155,995 ----a-w C:\WINDOWS\java\Packages\9N9JD7PV.ZIP
2002-08-29 03:41 228,352 --sh--r C:\WINDOWS\system32\lbyhmunxj.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\ctfmon.exe" [2002-08-29 04:41 13312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2005-06-15 10:20 6803456]
"nwiz"="nwiz.exe" [2005-06-15 10:20 1697238 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2005-06-15 10:20 86016]
"SoundMan"="SOUNDMAN.EXE" [2005-06-14 11:36 77824 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Windows Serviece Agents"="lbyhmunxj.exe" [2002-08-29 04:41 228352 C:\WINDOWS\system32\lbyhmunxj.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2002-08-29 04:41 13312]
"Windows Serviece Agents"="lbyhmunxj.exe" [2002-08-29 04:41 228352 C:\WINDOWS\system32\lbyhmunxj.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\fsmgmt]
fsmgmt.dll 2008-03-13 00:34 45056 C:\WINDOWS\system32\fsmgmt.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Empty.pif]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif
backup=C:\WINDOWS\pss\Empty.pifCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Nesa^Start Menu^Programs^Startup^windows.pif]
path=C:\Documents and Settings\Nesa\Start Menu\Programs\Startup\windows.pif
backup=C:\WINDOWS\pss\windows.pifStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-10-28 16:25 271832 C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5852124 C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 333280 C:\WINDOWS\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\svcshare]
C:\WINDOWS\System32\drivers\spoclsv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW20]
-ra------ 2005-06-29 10:08 390616 C:\WINDOWS\System32\sw20.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SW24]
-ra------ 2005-07-04 06:29 247264 C:\WINDOWS\System32\sw24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Serviece Agents]
-r-hs---- 2002-08-29 04:41 228352 C:\WINDOWS\system32\lbyhmunxj.exe

S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\System32\DRIVERS\loop.sys [2001-08-17 13:53]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\System32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\System32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\System32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-25 20:44:05 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2006\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-03-15 16:00:59
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-15 16:01:22
ComboFix-quarantined-files.txt 2008-03-15 15:01:15

Dopuna: 15 Mar 2008 16:07

Evo i novog HijackThis loga:

Logfile of HijackThis v1.99.1
Scan saved at 16:06:31, on 15.3.2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
c:\windows\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nesa\Application Data\explorer.exe
C:\Documents and Settings\Nesa\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Nesa\Desktop\Sone\Sone1.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\RunServices: [Windows Serviece Agents] lbyhmunxj.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: windows.pif = ?
O4 - Global Startup: Empty.pif = ?
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: fsmgmt - C:\WINDOWS\SYSTEM32\fsmgmt.dll
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Poslao: 15 Mar 2008 17:46
Idi na vrh
offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

1. Zasto nemas instaliran Service Pack 2 za Windows?
2. Zasto nemas instaliran anti-virus program?
3. Zasto nemas instaliran firewall?
4. Jel ti ta mIRC skripta provereno nema Zapchast trojanca?

Kompjuter ti je i dalje inficiran, ali zelim prvo da mi odgovoris na gornja pitanja, da bih ja video koliko smisla ima da dalje cistimo komp koji ce garant biti ponovo zarazen dok kazes "keks".

MyCity » Ambulanta -> Arhiva Ambulante » Problem sa virusima...

Ko je trenutno na forumu
 

Ukupno su 630 korisnika na forumu :: 15 registrovanih, 4 sakrivenih i 611 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., bbogdan, bojcistv, Brana01, DragoslavS, kolle.the.kid, MB120mm, Milos82, mnn2, ozzy, S2M, SR-3m, yufighter, zlaya011, zziko