Trojanci i kojekakva gamad

Trojanci i kojekakva gamad

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Napisano: 10 Nov 2009 16:48

Skenirao sam komp sa
GridinSoft Trojan Killer v.2.0.5.4,i otkrio je neke trojance al nece da ih obrise jer treba da se plati,evo log
GridinSoft Trojan Killer v.2.0.5.4
Report file date: 10.11.2009 15:22:19

Scanning for 779814 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows Vista (TM) Ultimate (version 6.0)
Username: Administrator
Computer name: HEAVENH-SVCJQGP

Starting the file scan:

Hijack.Registry - fixed
Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scaning...
----- C:\Windows\wt\webdriver\wthostctl.dll ---- ActiveX
Threat
WTHoster Class
MD5: 2D8855F819232F4787074F3D06A29452:57344
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 08 A8 70 65 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 1C A8 70 65 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:820C0C9C60F2B70E9E4EB54F411DBB2E:28672
.rdata:2094B35B131D97B5F1695C850EEAB4EC:8192
.data:C3031CBE8DB7C7786CE17B6621905DCE:4096
.rsrc:FF38012011A75E9BB9A7BC9035594FE5:8192
.reloc:9F7DC4520B9EDC7A88E0AD630663D89D:4096


----- C:\Windows\wt\webdriver\webdriver.dll ---- ActiveX
Threat
WildTangent Control
MD5: 757C9E5F9C2EF1B5D059F40C469D1DAE:712704
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 34 45 09 67 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 A8 56 09 67 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:C94824572EAA48E2BC23914B74A61CAE:348160
.rdata:631BE4EE813652C798EC0A3C4D26FC41:118784
.data:09E40F3DA3E25D7A846C6247BFB016BD:16384
.rsrc:CE87DEACAE9FD10F24D1F1A03FE8B8EA:176128
.reloc:D0B8A52568600A0F435DCD734950D792:49152


----- \system\currentcontrolset\control\lsa ---- Registry
agent.48640.f


----- \CLSID\{5e2121ee-0300-11d4-8d3b-444553540000} ---- Registry
Rogue.ActiveSecurity


----- C:\Windows\mmsmark2.dat ---- General
KoobFace.Trace


----- C:\Windows\System32\royal86.sys ---- General
not-a-virus.(zabranjeno).VistaActivation
ProdVer: 1, 0, 0, 0
FileVer: 1, 0, 0, 0
Name : SLP Kernel-Mode Driver
Company: PARADOX
MD5: CD85DD531C2FC085108AEBC047072476:240128
EP: 68 CE A8 7A E6 E9 C1 A3 03 00 3A 43 01 00 AA 40 01 00 C1 40 01 00 CA 40 01 00 3A 43 01 00 8E 40 01 00 79 41 01 00 14 41 01 00 3A 43 01 00 A6 42 01 00 97 42 01 00 B8 40 01 00 3A 43 01 00 15 42 01
SEC:
.text:559B29DDA9483AAB1499DEDAA98C9313:512
.rdata:2E85929BAB34806BC5FC7FF5309013C1:512
.data:7B193DDFD7C97611CE8A69788B3435C4:1536
INIT:36F7C08ACDB348374DF281381A208AEE:8704
.rsrc:C85453B9A3AB43E51CB0906AD3E435ED:1024
.PAGEKD:F9A3D8E3588509CE6AEBAD7E4C0D982F:512
.PAGELK:D7D2800B20BE46958677056840696E04:225280
.reloc:4ACD479316ECA19440D0B4FBAFB9C862:1024


Terminated by user
Terminated by user
Scan completed.

Scan result: 6 infected items
Scan completed in: Scan completed in 42 minute(s) 19 sec.
Files were scanned: 16167

evo i DDS

DDS (Ver_09-10-26.01) - NTFSx86
Run by Administrator at 16:38:31,32 on uto 10.11.2009
Internet Explorer: 7.0.6001.18000
Windows Windows Vista™ Extreme Edition 6.0.6001.1.1252.1.1033.18.2047.74 [GMT 1:00]

AV: COMODO Antivirus *On-access scanning enabled* (Updated) {043803A5-4F86-4ef7-AFC5-F6E02A79969B}
SP: COMODO Defense+ *enabled* (Updated) {043803A4-4F86-4ef7-AFC5-F6E02A79969B}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\System Control Manager\edd.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DY7R0TVT\dds[1].scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: FlpLauncher Class: {4401fdc3-7996-4774-8d2b-c1ae9cd6cc25} - c:\program files\e-book systems\flipviewer\fplaunch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: : {c90dbb52-46e0-4e65-92bc-799adee54c86} - c:\progra~1\flash2x\flashp~1\FLASHP~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [run32] c:\win\lsass.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: - Download &this page with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addthis.htm
IE: - Download all &images with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addimg.htm
IE: - Download all &links with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addurl.htm
IE: - Download selected links with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addsellinks.htm
IE: Download selected images with WebCloner - c:\program files\productsfoundry\webcloner standard 2.7\addselimgs.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {ADFCCE65-DF10-46fd-B04A-53CCBE2A0795} - c:\program files\productsfoundry\webcloner standard 2.7\webcloner.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BA83FD38-CE14-4DA3-BEF5-96050D55F78A} - hxxp://www.flipviewer.com/exe/fv400p.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
STS: StardockDreamController: {ec654325-1273-c2a9-2b7c-45d29bce68ff} - c:\progra~1\stardock\object~1\desksc~1\DreamControl.dll
STS: Deskscapes Class: {ec654325-1273-c2a9-2b7c-45d29bce68fb} - c:\progra~1\stardock\object~1\desksc~1\deskscapes.dll
STS: Stardock Vista ControlPanel Extension: {ec654325-1273-c2a9-2b7c-45d29bce68fd} - c:\progra~1\stardock\object~1\desksc~1\DesktopControlPanel.dll
STS: AveVistaBackgroundFolder Class: {73526e5a-fd53-4be7-b5e2-d3c89d7413dc} - c:\windows\system32\branding\folderbg\VistaFolderBackground.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-1-22 99344]
R2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2008-7-30 277736]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2003-11-14 8192]
R3 MGHwCtrl;MGHwCtrl;c:\windows\system32\drivers\MGHwCtrl.sys [2009-1-31 19456]
S3 FLASHSYS;FLASHSYS;c:\windows\system32\drivers\FlashSys.sys [2008-1-31 9216]

=============== Created Last 30 ================

2009-11-10 14:16:04 0 d-----w- c:\program files\GridinSoft Trojan Killer
2009-11-04 20:24:25 600 ----a-w- c:\users\administrator\PUTTY.RND
2009-11-04 18:33:46 0 d-----w- c:\programdata\TVU Networks
2009-11-04 18:33:14 0 d-----w- c:\windows\system32\TVUAx
2009-11-04 16:30:50 0 d-sh--r- C:\Win
2009-11-03 14:42:22 0 d-----w- c:\program files\Movie Player
2009-11-03 08:10:02 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-11-03 08:09:32 0 d-----w- c:\users\admini~1\appdata\roaming\SUPERAntiSpyware.com
2009-11-03 08:09:32 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-30 15:59:18 21560 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-30 11:48:32 0 d-----w- c:\program files\MMRadio
2009-10-27 15:19:48 0 d-----w- c:\program files\ffdshow
2009-10-27 15:02:19 0 d-----w- c:\program files\Lonely Cat Games
2009-10-23 11:38:27 1 ---h--w- c:\windows\mmsmark2.dat

==================== Find3M ====================

2009-10-08 18:27:52 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-03-23 13:51:00 86016 ----a-w- c:\windows\inf\infstor.dat
2009-03-23 13:51:00 51200 ----a-w- c:\windows\inf\infpub.dat
2009-03-23 13:50:59 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-01-23 23:27:08 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-22 09:36:17 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:40:37 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:40:37 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-02-18 17:38:20 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012009021820090219\index.dat
2008-04-04 09:50:14 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:40:44,28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-10-26.01)

Windows Windows Vista™ Extreme Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 22.1.2009 10:36:37
System Uptime: 11.10.2009 13:30:13 (723 hours ago)

Motherboard: MSI | | MS-1634X
Processor: AMD Athlon(tm) 64 X2 Dual-Core Processor TK-53 | CPU 1 | 1700/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 51 GiB total, 0,864 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 12,761 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0021
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #2
PNP Device ID: ROOT\*6TO4MP\0021
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0022
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #3
PNP Device ID: ROOT\*6TO4MP\0022
Service: tunnel

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0027
Manufacturer: Microsoft
Name: Microsoft 6to4 Adapter #4
PNP Device ID: ROOT\*6TO4MP\0027
Service: tunnel

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: IDT HDMI
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&D6201BF&0&0001
Manufacturer: IDT
Name: IDT HDMI
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1000\5&D6201BF&0&0001
Service: STHDA

==== System Restore Points ===================


==== Installed Programs ======================


µTorrent
2007 Microsoft Office Suite Service Pack 1 (SP1)
7-Zip 4.64
707 Great Games
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player Plugin
Adobe Reader 9
Adobe Shockwave Player 11.5
Adobe® Photoshop® Album Starter Edition 3.2
Advanced SystemCare 3
AGEIA PhysX v7.09.13
Agere Systems HDA Modem
AMP WinOFF
Apple Application Support
Atheros Driver Installation Program
ATI Catalyst Install Manager
AveoCap
AviSynth 2.5
AVS Update Manager 1.0
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
BatteryCare
Bluetooth Stack for Windows by Toshiba
BoneLab
Camera RAW Plug-In for EPSON Creativity Suite
Canon Camera Access Library
Canon Camera Support Core Library
Canon Camera Window DC_DV 5 for ZoomBrowser EX
Canon Camera Window DC_DV 6 for ZoomBrowser EX
Canon Camera Window MC 6 for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities ZoomBrowser EX
CANYON USB PC Camera
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CD Art Display 1.0
Clickster
COMODO Internet Security
DeskScapes
Double Vision
DriverAgent by eSupport.com
DriverMax 4
DVD Solution
EPSON Attach To Email
EPSON Copy Utility 3
EPSON Easy Photo Print
EPSON File Manager
EPSON Scan
EPSON Scan Assistant
EPSON Stylus CX7300_CX8300_DX7400_DX8400 Manual
FastStone Image Viewer 3.2
ffdshow [rev 3097] [2009-10-08]
Flash2X Flash Player version 3.0.2
FlipViewer 4.0.0
Foto2Avi 2.0
FotoMorph
Foxit Reader
GameHouse Super Games AIO®
GCH Guitar academy
GOM Player
Google Earth
HijackThis 2.0.2
Hitman - Codename 47
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HydraVision
IKEA Home Planner
Java(TM) 6 Update 11
Java(TM) 6 Update 3
Joost (tm) Beta 1.0
MediaShow 3.0
Microsoft .NET Framework 3.5 SP1
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Pandora's Box
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ Run Time Lib Setup
MMRadio
MODEM Mobile Connection
Movie Player 1.0.5
MSXML 4.0 SP2 (KB954430)
My Expose
Need for Speed™ ProStreet Demo
Nero 8 Micro
Netflix in Windows Media Center
nFLVPlayer
PhotoNow! 1.0
PONS Pocetni engleski
Poppy for Windows
Power2Go 5.0
PowerBackup 2.5
PowerCinema
PowerDirector Express
PowerDVD
PowerDVD Copy 1.0
PowerProducer
ProtectDisc Driver, Version 11
QuickTime
Real Chess
RealPlayer
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RGS-MODBlaster 2000 v2.1
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Scientific-Atlanta WebSTAR 2000 series Cable Modem
Sight Words Buddy 1.0
Skins
Skype™ 3.8
SmartMovie Converter
Software tiskárny EPSON
SpeedFan (remove only)
SUPERAntiSpyware Free Edition
System Control Manager
Tennis Elbow 2009 1.0
Trojan Killer 2.0
Turboball
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb943597)
VibrateGameDeviceDriver
Video Caster 3.4
VLC media player 0.9.8a
WildTangent Web Driver
Winamp
WinRAR archiver
World of Warcraft FREE Trial

==== End Of File ===========================
sad cu i GMER

Dopuna: 10 Nov 2009 16:51

Zaboravio sam reci da mi je konekcija SBB kabl,1024\128.Ponekad kad nesto radim pojavi se beli providni ekran i poruka da trazi restart vindows-a ili da trazim resenje problema na netu.A kad uradim nesto od toga on mi svejedno iskljuci internet explorer.

Dopuna: 10 Nov 2009 17:04

Ne moze GMER,zaledi komp,sad cu RootRepeal.

Dopuna: 10 Nov 2009 17:13

Nece ni RootRepeal,sta mi je ciniti,a moram na posao sad.pozz

Dopuna: 10 Nov 2009 17:36

Uspeo sam sa RootRepeal,evo log:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/10 17:18
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP1
==================================================

Drivers
-------------------
Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8FCA6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{64667~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{67811~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{9A505~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{D68D2~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{E1AB2~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{01275~1
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Program Files\COMODO\COMODO Internet Security\Quarantine
Status: Locked to the Windows API!

Path: C:\Windows\Microsoft.NET\Framework\NETFXS~1.HKF
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Data\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET CLR Networking\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\inf\.NET Data Provider for SqlServer\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_7658964504b9f3b6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_b7e00e6c7b30b69b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.42_none_45e008191e507087.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.20.microsoft.msxml2_6bd6b9abf345378f_4.20.9870.0_none_a6dea5dc0ea08098.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_365945b9da656e4d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.4.1.microsoft.msxml2r_6bd6b9abf345378f_4.1.1.0_none_8b7b15c031cda6db.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.16720_none_a7f9fcdcd724c803\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6000.20883_none_91321380f0c70cf6\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.18111_none_a7d4e192d776d4a4\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\msil_jsc_b03f5f7f11d50a3a_6.0.6001.22230_none_9109522ef11c4db7\JSCEXE~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16386_none_6c022a44ef879fba\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.16720_none_6bfcb0a8ef8c6f2e\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6000.20883_none_5534c74d092eb421\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.18111_none_6bd7955eefde7bcf\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_caspol_b03f5f7f11d50a3a_6.0.6001.22230_none_550c05fb0983f4e2\CASPOL~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc659b26ce7\$$DeleteMe.atl.dll.01ca1bfdf460c31e.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18000_none_0ced9f1d51bda029\$$DeleteMe.es.dll.01c97db22311cdb2.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18000_none_9e8bec4ef6ba613c\$$DeleteMe.emdmgmt.dll.01c97db21e9b39b2.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-ado_net_diag_b03f5f7f11d50a3a_6.0.6000.16386_none_6d869912e7931eda\ADONET~1.MOF
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18000_none_597ea9fc49518b6b\$$DeleteMe.gdi32.dll.01c97db22394b952.000b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\Microsoft.Interop.Security.AzRoles.config
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18000_none_01e8f37da1d311e6\$$DeleteMe.wininet.dll.01c97db21fef9e52.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\$$DeleteMe.jsproxy.dll.01c98d40e639b164.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18157_none_01b9e7cda1f54c23\$$DeleteMe.wininet.dll.01c98d40e6459844.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\$$DeleteMe.kernel32.dll.01c9be7c732ec194.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386_none_0041f38286aeaf07\MICROS~2.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..-downlevelmanifests_31bf3856ad364e35_6.0.6000.16386_none_0041f38286aeaf07\MI2095~1.MAN
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18000_none_886e409a96d6223c\$$DeleteMe.msxml3.dll.01c97db221570df2.0008
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18000_none_440e77d1ec053e6c\$$DeleteMe.IPSECSVC.DLL.01c97db22444df12.000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6000.16386_none_9ba4123e2dd0c459\$$DeleteMe.NlsLexicons0009.dll.01c998ca37039872.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\$$DeleteMe.NlsLexicons0009.dll.01c998ca37039872.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18000_none_9ddad43a2abbd52d\$$DeleteMe.NaturalLanguage6.dll.01c998ca36b04852.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18000_none_8d341b13018fde32\$$DeleteMe.netapi32.dll.01c97db221251112.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b5dfb92ae18db\$$DeleteMe.localspl.dll.01c9ea9eb932bbe0.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-networkclient_31bf3856ad364e35_6.0.6001.18000_none_39733ab970ea03f2\$$DeleteMe.win32spl.dll.01c97db21ed6bc12.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..component.resources_31bf3856ad364e35_6.0.6001.18000_en-us_817b5730b9a6e374\W32UIRes.dll.mui2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-digest_31bf3856ad364e35_6.0.6001.18000_none_3acd4b177cb513c9\$$DeleteMe.wdigest.dll.01ca22a0121db140.0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-ntlm_31bf3856ad364e35_6.0.6001.18000_none_7cb2ecd3628ac318\$$DeleteMe.msv1_0.dll.01ca22a012866dc0.0006
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-setup-component_31bf3856ad364e35_6.0.6001.18000_none_322c7e4ead424897\W32UIRes.dll2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-security-schannel_31bf3856ad364e35_6.0.6001.18175_none_21cf9ef255771632\$$DeleteMe.schannel.dll.01ca22a012677be0.0005
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.0.6001.18000_none_1062be8b8b6509c7\$$DeleteMe.WmiPrvSD.dll.01c9be7c74b78474.000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-workstationservice_31bf3856ad364e35_6.0.6001.18000_none_cc3a17edd6d1c174\$$DeleteMe.wkssvc.dll.01ca1bfdf444329e.0000
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.16720_none_38b929534b68462d\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6000.20883_none_21f13ff7650a8b20\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.18111_none_38940e094bba52ce\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_defwsdlhlpgen_b03f5f7f11d50a3a_6.0.6001.22230_none_21c87ea5655fcbe1\DEFAUL~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.16720_none_7c654fdc62654993\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6000.20883_none_659d66807c078e86\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.18111_none_7c40349262b75634\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_regsql_cfg_b03f5f7f11d50a3a_6.0.6001.22230_none_6574a52e7c5ccf47\ASPNET~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.16720_none_4f196f15369ae496\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6000.20883_none_385185b9503d2989\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.18111_none_4ef453cb36ecf137\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPCON~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\APPSET~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\CREATE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEBUGA~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\DEFINE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\EDITAP~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appcfg_res_b03f5f7f11d50a3a_6.0.6001.22230_none_3828c46750926a4a\SMTPSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.16720_none_4ef4fbb8699d6b09\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6000.20883_none_382d125c833faffc\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.18111_none_4ecfe06e69ef77aa\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\CREATE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\DEFINE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_appconfig_b03f5f7f11d50a3a_6.0.6001.22230_none_3804510a8394f0bd\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.16720_none_e000b84a44323b9f\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6000.20883_none_c938ceee5dd48092\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.18111_none_dfdb9d0044844840\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.16720_none_7325c867d7281910\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6000.20883_none_5c5ddf0bf0ca5e03\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.18111_none_7300ad1dd77a25b1\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\CHOOSE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~1.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_providers_b03f5f7f11d50a3a_6.0.6001.22230_none_5c351db9f11f9ec4\MANAGE~2.ASP
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.16720_none_e1f7e8f41a7be9de\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6000.20883_none_cb2fff98341e2ed1\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\MANAGE~2.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.18111_none_e1d2cdaa1acdf67f\PROVID~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.16720_none_e2c358ab062e054b\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6000.20883_none_cbfb6f4f1fd04a3e\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.18111_none_e29e3d61068011ec\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webmintrust_config_b03f5f7f11d50a3a_6.0.6001.22230_none_cbd2adfd20258aff\WEB_MI~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.16720_none_ea4958dde0dcb61b\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6000.20883_none_d3816f81fa7efb0e\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.18111_none_ea243d93e12ec2bc\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-data_perf_h_b03f5f7f11d50a3a_6.0.6001.22230_none_d358ae2ffad43bcf\_DATAP~2.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.16386_none_96ee0340e66c3abe\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.16720_none_96e889a4e6710a32\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-fw_perfcounters_b03f5f7f11d50a3a_6.0.6000.20883_none_8020a04900134f25\_NETWO~1.H
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~2.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBADM~3.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WE5915~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_b03f5f7f11d50a3a_6.0.6001.22230_none_c9100d9c5e29c153\WEBE69~1.MAS
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\CHOOSE~1.RES
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_netfx-aspnet_webadmin_prov_res_b03f5f7f11d50a3a_6.0.6001.22230_none_cb073e4634736f92\MANAGE~1.RES
Status: Locked to the Windows API!

PatProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1240 Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163ad8

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90164982

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163f0c

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162e8e

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163694

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162be8

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901634ea

#: 077 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163cbe

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901627be

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162520

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90164604

#: 174 Function Name: NtMakeTemporaryObject
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901630d4

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901638cc

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162250

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163364

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901623c8

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162d06

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901643bc

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901647b2

#: 326 Function Name: NtShutdownSystem
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x9016306e

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90163258

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" at address 0x8fc650b0

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90162980

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90164018

#: 383 Function Name: NtCreateUserProcess
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90164c12

Shadow SSDT
-------------------
#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901659d8

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901657de

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901658d8

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90165526

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901651d8

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90165384

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90165ad8

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x901656e8

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90165bce

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\System32\DRIVERS\cmdguard.sys" at address 0x90165e02

==EOF==

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak
- Kada zavrsis sa svim uredjajima, klikni desno dugme misa na sred prozora programa i odaberi opciju Save log. To ce automatski otvoriti log u Notepadu. Iskopiraj nam taj log iz Notepada na forum.

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11.11.2009 7:46:28

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {0f2b8ebd-e86b-11dd-87ac-0019db3e6bfc}
C: {cd476b3e-e866-11dd-bcb5-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for cd476b3e-e866-11dd-bcb5-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0f2b8ebd-e86b-11dd-87ac-0019db3e6bfc
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11.11.2009 7:46:54

Scanning for connected USB mass storage...
----------------------------------------
F: {074e2fb7-fd20-11dd-ac00-0019db3e6bfc}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 074e2fb7-fd20-11dd-ac00-0019db3e6bfc
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================



New device connected at 11.11.2009 7:46:55

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 074e2fb7-fd20-11dd-ac00-0019db3e6bfc
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================

========================================
Removed F:
========================================


New device connected at 11.11.2009 7:47:30

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 11.11.2009 7:47:30

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 11.11.2009 7:47:31

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 11.11.2009 7:47:31

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================



New device connected at 11.11.2009 7:47:39

Scanning for connected removable storage...
----------------------------------------
F: {8288581c-f14d-11dd-b6d3-001cea43bf67}
Added F:
========================================

Scanning removable storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 8288581c-f14d-11dd-b6d3-001cea43bf67
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================
Removed F:
========================================
========================================

========================================


New device connected at 11.11.2009 7:49:09

Scanning for connected USB mass storage...
----------------------------------------

========================================
New drive connected, but USBNoRisk can't find it
========================================

========================================

========================================


New device connected at 11.11.2009 7:49:58

Scanning for connected USB mass storage...
----------------------------------------
F: {05b895b4-ea46-11dd-af8c-0019db3e6bfc}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 05b895b4-ea46-11dd-af8c-0019db3e6bfc
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

No mimics found on drive F:
========================================

========================================

========================================
========================================
Removed F:
========================================

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Preuzmi The Avenger na Desktop.
Raspakuj arhivu u neki folder

Dvoklikom pokreni avenger.exe

Iskopiraj tekst koji se nalazi unutar Kod polja u (beli) prozor programa:

Registry values to delete:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run | run32

Folders to delete:
C:\Win


Klikni Execute, a zatim Yes u sledeća dva prozora koji će se otvoriti

Kompjuter će se restartovati (u određenim slučajevima: dva puta) i započeti će proces čišćenja/skeniranja

Kada proces bude završen, logfile C:\avenger.txt će se otvoriti u Notepad-u

Iskopiraj sadržaj dobijenog loga u temu na forumu.

-----------------

Zatim kad to uradis, pokreni USBNorisk program sacekaj malo pa ubodi prvi usb flash (zapamtio si koji je).
Zatim klikni na karticu Script i tamo unesi sledeci tekst:


{074e2fb7-fd20-11dd-ac00-0019db3e6bfc}
delete_mimics:
no_sh:
folder_list: %DRIVE%


Kad zavsri skeniranje klikni desni klik na prozor programa pa save log i iskopiraj mi taj log ovde.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Napisano: 11 Nov 2009 16:39

Logfile of The Avenger Version 2.0, (c) by Swandog46
swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Folder "C:\Win" deleted successfully.
Registry value "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|run32" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Dopuna: 11 Nov 2009 16:44

USBNoRisk 2.5 (26 July 2009) by bobby

Started at 11.11.2009 16:43:25

Searching for connected USB Mass storage...
----------------------------------------
========================================

Searching for other storage...
----------------------------------------
D: {0f2b8ebd-e86b-11dd-87ac-0019db3e6bfc}
C: {cd476b3e-e866-11dd-bcb5-806e6f6e6963}
========================================


Scanning fixed storage...
----------------------------------------

No blocked files found on C:
No Autorun.inf files found on C:
No mountpoint found for C:
No mountpoint found for cd476b3e-e866-11dd-bcb5-806e6f6e6963
No Desktop.ini files found on C:
----------------------------------------

No blocked files found on D:
No Autorun.inf files found on D:
No mountpoint found for D:
No mountpoint found for 0f2b8ebd-e86b-11dd-87ac-0019db3e6bfc
No Desktop.ini files found on D:
----------------------------------------

========================================
Initial scan finished!
========================================


New device connected at 11.11.2009 16:43:33

Scanning for connected USB mass storage...
----------------------------------------
F: {074e2fb7-fd20-11dd-ac00-0019db3e6bfc}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
No mountpoint found for 074e2fb7-fd20-11dd-ac00-0019db3e6bfc
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================



New device connected at 11.11.2009 16:43:33

Scanning for connected USB mass storage...
----------------------------------------

========================================

Scanning USB mass storage for files...
----------------------------------------
No blocked files found on F:
----------------------------------------
No Autorun.inf files found on F:
Sanitized mountpoint for 074e2fb7-fd20-11dd-ac00-0019db3e6bfc
----------------------------------------

No Desktop.ini files found on F:
----------------------------------------

Mimics found on drive F:
========================================


Processing script
----------------------------------------
074e2fb7-fd20-11dd-ac00-0019db3e6bfc
Drive letter for GUID: F:
SectionStart = 0
SectionEnd = 3
----------------------------------------
Deleting mimics:
----------------------------------------
f_delete: C:\Win\lsass.exe > File does not exist!
Mimics found: F:\Michael Jackson Thriller (1982) - Pop Music Album - rcrocks.exe
f_delete:
file "F:\Michael Jackson Thriller (1982) - Pop Music Album - rcrocks.exe" deleted successfully
Mimics found: F:\slike.exe
f_delete:
file "F:\slike.exe" deleted successfully
Mimics found: F:\hahahaha.exe
f_delete:
file "F:\hahahaha.exe" deleted successfully
Mimics found: F:\monkey firm.exe
f_delete:
file "F:\monkey firm.exe" deleted successfully
Mimics found: F:\Kad ti zatreba.exe
f_delete:
file "F:\Kad ti zatreba.exe" deleted successfully
Mimics found: F:\Mikeli.exe
f_delete:
file "F:\Mikeli.exe" deleted successfully
Mimics found: F:\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps.exe
f_delete:
file "F:\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps.exe" deleted successfully
Mimics found: F:\Best Of Acid Jazz.exe
f_delete:
file "F:\Best Of Acid Jazz.exe" deleted successfully
Mimics found: F:\Black Sabbath - Paranoid (1970) {Original} [EAC - Lame V0].exe
f_delete:
file "F:\Black Sabbath - Paranoid (1970) {Original} [EAC - Lame V0].exe" deleted successfully
----------------------------------------
Unhide superhidden for F:\
----------------------------------------
dra-- F:\Michael Jackson Thriller (1982) - Pop Music Album - rcrocks > unhidden
dra-- F:\slike > unhidden
--a-- F:\slike\Thumbs.db > unhidden
dra-- F:\hahahaha > unhidden
dra-- F:\monkey firm > unhidden
--a-- F:\monkey firm\Thumbs.db > unhidden
dra-- F:\Kad ti zatreba > unhidden
--a-- F:\Kad ti zatreba\desktop.ini > unhidden
dra-- F:\Mikeli > unhidden
dra-- F:\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps > unhidden
dra-- F:\Best Of Acid Jazz > unhidden
dra-- F:\Black Sabbath - Paranoid (1970) {Original} [EAC - Lame V0] > unhidden
----------------------------------------
Folder list for F:\:
----------------------------------------

dra--   0   F:\MICHAE~1   F:\Michael Jackson Thriller (1982) - Pop Music Album - rcrocks
dra--   0   F:\slike   F:\slike
dra--   0   F:\hahahaha   F:\hahahaha
dra--   0   F:\MONKEY~1   F:\monkey firm
--a--   24576   F:\STABIS~1.DOC   F:\Sta bi se desilo.doc
--a--   1012489   F:\GABRIE~1.RAR   F:\Gabriel Garcia Marquez - Ljubav u doba kolere.rar
--a--   244016   F:\MICHEL~1.RAR   F:\Michel Houellebecq - Elementarne cestice (doc).rar
--a--   496979   F:\ADAMSD~1.RAR   F:\Adams Daglas - Autostoperski vodic kroz galaksiju.rar
dra--   0   F:\KADTIZ~1   F:\Kad ti zatreba
dra--   0   F:\Mikeli   F:\Mikeli
d----   0   F:\Autorun.inf   F:\Autorun.inf
d----   0   F:\OSTROV~1.XVI   F:\Ostrov.2006.DVDRip.XviD-MESS
--a--   19982   F:\OSTROV~1.ZIP   F:\Ostrov1973-Serbian[Xsubt.com][0788847711].zip
--a--   6310434   F:\COOLAR~1.WMV   F:\coolares band prva verzija.wmv
dra--   0   F:\LADYGA~1   F:\Lady GaGa - The Fame [2008][CD+SkidVid_XviD+Cov]320Kbps
dra--   0   F:\BESTOF~1   F:\Best Of Acid Jazz
--a--   5137401   F:\ALEKSA~1.RAR   F:\Aleksa_Ivic_-_Rodoslovne_tablice_srpskih_dinastija_i_vlastele.rar
--a--   899231   F:\ANTOIN~1.RAR   F:\Antoine_de_Saint-MaliPrinc.rar
--a--   29751063   F:\JOVAN_~1.RAR   F:\Jovan_I._Deretic_-_Anticka_Srbija.rar
--a--   645737   F:\JOVAND~1.RAR   F:\JovanDeretic-Zapadna_ Srbija.rar
dra--   0   F:\BLACKS~1   F:\Black Sabbath - Paranoid (1970) {Original} [EAC - Lame V0]
--a--   3928034   F:\CRVENA~1.MP3   F:\CRVENA JABUKA SAMPANJSKI POLJUBAC.mp3
--ah-   296   F:\WMPInfo.xml   F:\WMPInfo.xml

----------------------------------------

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

Kakvo je stanje sada?

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Skenirao sam ponovo sa GridinSoft Trojan Killer-om,i sad pokazuje duplo vise malicioznih programa ili sta vec.


GridinSoft Trojan Killer v.2.0.5.4
Report file date: 11.11.2009 18:52:55

Scanning for 780384 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Windows Vista (TM) Ultimate (version 6.0)
Username: Administrator
Computer name: HEAVENH-SVCJQGP

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scaning...
----- C:\Windows\wt\webdriver\wthostctl.dll ---- ActiveX
Threat
WTHoster Class
MD5: 2D8855F819232F4787074F3D06A29452:57344
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 08 A8 70 65 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 1C A8 70 65 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:820C0C9C60F2B70E9E4EB54F411DBB2E:28672
.rdata:2094B35B131D97B5F1695C850EEAB4EC:8192
.data:C3031CBE8DB7C7786CE17B6621905DCE:4096
.rsrc:FF38012011A75E9BB9A7BC9035594FE5:8192
.reloc:9F7DC4520B9EDC7A88E0AD630663D89D:4096


----- C:\Windows\wt\webdriver\webdriver.dll ---- ActiveX
Threat
WildTangent Control
MD5: 757C9E5F9C2EF1B5D059F40C469D1DAE:712704
EP: 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6 75 09 83 3D 34 45 09 67 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1 A8 56 09 67 85 C0 74 09 57 56 53 FF D0 85 C0 74 0C 57 56 53 E8 15 FF FF FF 85
SEC:
.text:C94824572EAA48E2BC23914B74A61CAE:348160
.rdata:631BE4EE813652C798EC0A3C4D26FC41:118784
.data:09E40F3DA3E25D7A846C6247BFB016BD:16384
.rsrc:CE87DEACAE9FD10F24D1F1A03FE8B8EA:176128
.reloc:D0B8A52568600A0F435DCD734950D792:49152


----- \system\currentcontrolset\control\lsa ---- Registry
agent.48640.f


----- \CLSID\{5e2121ee-0300-11d4-8d3b-444553540000} ---- Registry
Rogue.ActiveSecurity


----- C:\Windows\mmsmark2.dat ---- General
KoobFace.Trace


----- \SYSTEM\ControlSet001\Services\atapi ---- Registry
Rootkit


----- \SYSTEM\ControlSet002\Services\atapi ---- Registry
Rootkit


----- \SYSTEM\CurrentControlSet\Services\atapi ---- Registry
Rootkit


----- C:\Windows\System32\royal86.sys ---- General
not-a-virus.(zabranjeno).VistaActivation
ProdVer: 1, 0, 0, 0
FileVer: 1, 0, 0, 0
Name : SLP Kernel-Mode Driver
Company: PARADOX
MD5: CD85DD531C2FC085108AEBC047072476:240128
EP: 68 CE A8 7A E6 E9 C1 A3 03 00 3A 43 01 00 AA 40 01 00 C1 40 01 00 CA 40 01 00 3A 43 01 00 8E 40 01 00 79 41 01 00 14 41 01 00 3A 43 01 00 A6 42 01 00 97 42 01 00 B8 40 01 00 3A 43 01 00 15 42 01
SEC:
.text:559B29DDA9483AAB1499DEDAA98C9313:512
.rdata:2E85929BAB34806BC5FC7FF5309013C1:512
.data:7B193DDFD7C97611CE8A69788B3435C4:1536
INIT:36F7C08ACDB348374DF281381A208AEE:8704
.rsrc:C85453B9A3AB43E51CB0906AD3E435ED:1024
.PAGEKD:F9A3D8E3588509CE6AEBAD7E4C0D982F:512
.PAGELK:D7D2800B20BE46958677056840696E04:225280
.reloc:4ACD479316ECA19440D0B4FBAFB9C862:1024


----- C:\Users\Administrator\AppData\Local\temp\Rar$EX00.400\avenger.exe ---- General
Infostealer.Bancos
MD5: 30F3680E007D924960FD65524DE36601:731136
RIC: CA28C92FCBEFC4B2F06F6FEFACCD36FB:744
EP: 60 BE 15 10 60 00 8D BE EB FF DF FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 C0 E3 2A 00 57 83 C3 04 53 68 A9 FE 0A 00 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90 55
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:FC54D2DBEF6EAEEC4C6595D7DF5AF3C3:723968
.rsrc:AE736CB14BD59E7F5D9E7FB1A12B6FE7:6656


----- C:\Users\ADMINI~1\AppData\Local\Temp\Rar$EX00.400\avenger.exe ---- General
Infostealer.Bancos
MD5: 30F3680E007D924960FD65524DE36601:731136
RIC: CA28C92FCBEFC4B2F06F6FEFACCD36FB:744
EP: 60 BE 15 10 60 00 8D BE EB FF DF FF 57 89 E5 8D 9C 24 80 C1 FF FF 31 C0 50 39 DC 75 FB 46 46 53 68 C0 E3 2A 00 57 83 C3 04 53 68 A9 FE 0A 00 56 83 C3 04 53 50 C7 03 03 00 02 00 90 90 90 90 90 55
SEC:
UPX0:00000000000000000000000000000000:0
UPX1:FC54D2DBEF6EAEEC4C6595D7DF5AF3C3:723968
.rsrc:AE736CB14BD59E7F5D9E7FB1A12B6FE7:6656


----- C:\Program Files\CyberLink\PowerDirector Express\pncrt.dll ---- General
Trojan.Win32
ProdVer: 6.0.0.0
FileVer: 6.0.0.0
Name : RealPlayer/RealServer
Company: Real Networks, Inc
MD5: B9807BDDD55D3D4DA93A0BF5F67E4144:278528
EP: 8B 44 24 08 53 83 F8 01 56 0F 85 CA 00 00 00 FF 15 38 60 03 78 8B D8 8B F3 81 E6 FF 00 00 00 83 FE 03 75 26 F7 C3 00 00 00 80 74 1E 68 10 20 01 00 68 38 6D 03 78 68 98 6D 03 78 E8 70 3D 00 00 83
SEC:
.text:762C3A6C4FD656C9BEEDB5E472F54FD4:217088
.rdata:51ED4AB33A0D2E7F3F930D4D5AA49000:28160
.data:305C1B6103DC788BD7CBA92A31CDF1B6:19456
.rsrc:3D4AB692EA302F8C2B7F0640997A5BEF:1024
.reloc:EEE4EDADF48E130E1FFAE31DACC67731:11264


Scan completed.

Scan result: 12 infected items
Scan completed in: Scan completed in 47 minute(s) 24 sec.
Files were scanned: 18617

rip
  • argus  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 27 Apr 2008
  • Poruke: 9160
  • Gde živiš: Prokuplje

@ekano preporucujem ti da uklonis GridinSoft Trojan Killer. Evo zasto, prvo nije registrovan, drugo pravi kriticne FP (lazne uzbune).

Primer:

----- \SYSTEM\ControlSet001\Services\atapi ---- Registry
Rootkit


----- \SYSTEM\ControlSet002\Services\atapi ---- Registry
Rootkit


----- \SYSTEM\CurrentControlSet\Services\atapi ---- Registry
Rootkit


Ono sto je trebalo da detektuje nije, a to je Crv C:\Win\lsass.exe koji ti je i pravio probleme i koji si doneo preko flasha.

Osim sto ti oyaj program prijavljuje FP ja mislim da ne bi trebalo da imas drugih problema.

offline
  • Pridružio: 03 Dec 2007
  • Poruke: 156
  • Gde živiš: Novi Sad

Napisano: 11 Nov 2009 20:58

I ja sam to pomislio,deinstaliracu ga,pa cu pratiti da li ce se desavati one negativne stvari od pre,hvala puno.

Dopuna: 11 Nov 2009 21:00

Ne vidim nigde ovaj program u kontrol panelu,kako da ga reinstaliram?

Dopuna: 11 Nov 2009 21:02

Mislim da sam uspeo da ga reinstaliram.

Ko je trenutno na forumu
 

Ukupno su 887 korisnika na forumu :: 39 registrovanih, 4 sakrivenih i 844 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: -[CoA]-, ArmyBoss, Belac91, darkangel, darkstar101, DejanSt, doklevise, draggan, dragoljub11987, DrugiREI, Faki-Valjevo, Georgius, GogiA, GreenMan, helen1, hyla, ivica976, Karla, Koridor, Kubovac, Lošmi, mane123, mgolub, mikki jons, Neutral-M, Panonsky, Posmatrac77OKB, raykan, RiV, Steeeefan, tanakadzo, Tas011, TheDictator, trutcina, ValarMorghulis, virked, VladaNS1978, wizzardone, Zoca