MyCity » Ambulanta -> Arhiva Ambulante » Uzas! Trebam vasu pomoc.

Uzas! Trebam vasu pomoc.

Napisano na dan: 6.11.2008

Uzas! Trebam vasu pomoc.

Sledeća strana

Pagination

Odgovori

dlogic Poslao: 06 Nov 2008 23:24 Idi na vrh
offline dlogic Novi MyCity građanin Pridružio: 06 Nov 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:17:07, on 6.11.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\explorer.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Darko\Desktop\hjt 3\ht3.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: IEHlprObj Class - {CE7C3CF0-4B15-11D1-ABED-709549C10000} - C:\WINDOWS\system32\dse235rgd0.dll O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\Program Files\Stardock\WinCustomize\BootSkin\BootSkin.exe" /StartupJobs O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [kxva] C:\WINDOWS\system32\kxvo.exe O4 - HKLM\..\Policies\Explorer\Run: [Mpk.exe] C:\Program Files\KGB\Mpk.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\InCDsrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Nero AG - C:\Program Files\Nero\Nero8\InCD\NBHRegInCDSrv.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe -- End of file - 8616 bytes

Profil

Piksi Poslao: 07 Nov 2008 00:04 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... * Otvori Nod32 Control Center (Klik na njegovu tray ikonicu ( ) u donjem desnom uglu ekrana). * Izaberi AMON iz Threat Protection grupe opcija. * Na desnom panelu deštikliraj opciju File system monitor (AMON) enabled. * Gašenje ove opcije pokazaće se kroz promenu boje Control Center-a iz zelene u crvenu. Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja. Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

dlogic Poslao: 07 Nov 2008 00:36 Idi na vrh
offline dlogic Novi MyCity građanin Pridružio: 06 Nov 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 08-11-05.02 - Darko 2008-11-07 0:28:52.5 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1526 [GMT 1:00] Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-06 21:35 . 2008-11-07 00:07 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-05 18:01 . 2008-11-05 18:01 <DIR> d-------- c:\program files\Common Files\Borland Shared 2008-11-05 18:01 . 2008-11-05 18:19 13,030 --a------ C:\PDOXUSRS.NET 2008-10-31 15:23 . 1999-01-21 23:40 180,224 --------- c:\windows\Res2_uninst.exe 2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\windows\system32\AGEIA 2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\program files\AGEIA Technologies 2008-10-27 23:56 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb 2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\documents and settings\Darko\Application Data\SystemRequirementsLab 2008-10-27 23:21 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2008-10-27 23:21 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2008-10-27 23:21 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2008-10-27 23:21 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2008-10-27 23:21 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2008-10-27 23:19 . 2008-10-27 23:19 <DIR> d-------- c:\windows\Logs 2008-10-27 20:00 . 2008-10-27 20:00 <DIR> d-------- c:\program files\Rapid Hacker 2008-10-22 22:41 . 2008-10-22 22:41 <DIR> d-------- c:\program files\VeryPDF PDF2Word v3.0 2008-10-22 22:27 . 2008-10-22 22:42 312 --a------ c:\windows\pdf2word.INI 2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\program files\SweetIM 2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM 2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\program files\Apple Software Update 2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\program files\WorldOfGoo 2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy 2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-10-07 15:05 . 2008-10-07 15:38 261 --a------ c:\windows\WPE PRO - modified.INI 2008-10-07 10:39 . 2008-10-07 10:39 <DIR> d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 23:32 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK 2008-11-06 23:27 --------- d-----w c:\documents and settings\Darko\Application Data\Skype 2008-11-06 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\skypePM 2008-11-06 15:13 --------- d-----w c:\documents and settings\Darko\Application Data\DMCache 2008-11-05 10:46 --------- d-----w c:\documents and settings\Darko\Application Data\uTorrent 2008-11-04 17:49 --------- d-----w c:\documents and settings\Darko\Application Data\LimeWire 2008-10-31 14:40 111,928 ----a-w c:\windows\system32\PnkBstrB.exe 2008-10-27 22:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-27 22:19 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-10-27 22:19 22,328 ----a-w c:\documents and settings\Darko\Application Data\PnkBstrK.sys 2008-10-27 22:18 66,872 ----a-w c:\windows\system32\PnkBstrA.exe 2008-10-27 22:18 2,250,024 ----a-w c:\windows\system32\pbsvc.exe 2008-10-27 22:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-23 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft 2008-10-23 11:58 --------- d-----w c:\documents and settings\Darko\Application Data\Xfire 2008-10-21 15:36 --------- d-----w c:\documents and settings\Darko\Application Data\Bioshock 2008-10-11 18:32 --------- d-----w c:\program files\Internet Download Manager 2008-10-07 09:39 --------- d-----w c:\program files\Common Files\Adobe 2008-10-06 18:31 --------- d-----w c:\documents and settings\Darko\Application Data\IDM 2008-10-05 21:24 --------- d-----w c:\program files\NSS 2008-10-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-05 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-05 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2008-10-05 14:36 817,664 ---h--w c:\windows\system32\wodfamoh.dll 2008-10-02 15:10 --------- d-----w c:\documents and settings\Darko\Application Data\SPORE 2008-10-02 09:07 453,152 ----a-w c:\windows\system32\NVUNINST.EXE 2008-09-29 19:39 --------- d-----w c:\documents and settings\Darko\Application Data\NSeries 2008-09-29 17:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-09-29 17:36 --------- d-----w c:\program files\World of Warcraft 2008-09-25 18:01 2,856 ----a-w c:\program files\Common Files\unins000.dat 2008-09-25 18:00 728,858 ----a-w c:\program files\Common Files\unins000.exe 2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-24 16:42 --------- d-----w c:\program files\Nokia 2008-09-24 16:42 --------- d-----w c:\program files\Common Files\Nokia 2008-09-24 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-09-24 14:12 --------- d-----w c:\program files\CAPCOM 2008-09-24 08:50 107,888 ----a-w c:\windows\system32\CmdLineExt.dll 2008-09-22 20:39 --------- d-----w c:\documents and settings\Darko\Application Data\Nokia 2008-09-22 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia 2008-09-22 00:22 --------- d-----w c:\program files\Pro Pinball 2008-09-17 14:41 --------- d-----w c:\program files\Microsoft Works 2008-09-17 14:40 --------- d-----w c:\program files\MSXML 4.0 2008-09-17 13:07 --------- d-----w c:\program files\MSN Messenger 2008-09-17 10:57 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-16 15:06 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-09-16 14:49 355,584 ----a-w c:\windows\system32\TuneUpDefragService.exe 2008-09-16 14:49 --------- d-----w c:\documents and settings\Darko\Application Data\TuneUp Software 2008-09-16 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-09-13 23:34 --------- d-----w c:\program files\CyberLink 2008-09-13 23:23 --------- d-----w c:\program files\Xilisoft 2008-09-13 23:23 --------- d-----w c:\documents and settings\Darko\Application Data\Xilisoft Corporation 2008-09-13 23:14 --------- d-----w c:\documents and settings\Darko\Application Data\BSplayer Pro 2008-09-13 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\vlc 2008-09-13 23:06 --------- d-----w c:\documents and settings\Darko\Application Data\dvdcss 2008-09-13 23:05 --------- d-----w c:\program files\VideoLAN 2008-09-13 16:29 --------- d-----w c:\documents and settings\Darko\Application Data\Vso 2008-09-13 08:48 --------- d-----w c:\program files\LimeWire 2008-09-12 10:44 206,256 ----a-w c:\windows\system32\idmmbc.dll 2008-09-11 14:23 --------- d-----w c:\program files\Messenger Plus! Live 2008-09-10 23:22 --------- d-----w c:\program files\Qtracker 2008-09-10 23:17 --------- d-----w c:\documents and settings\Darko\Application Data\GSC 2008-09-08 17:52 --------- d-----w c:\program files\Java 2008-09-08 17:51 --------- d-----w c:\program files\Cheatbook 09.2008 2008-09-08 17:46 --------- d-----w c:\program files\Common Files\Java 2008-09-08 17:21 --------- d-----w c:\documents and settings\Darko\Application Data\Media Player Classic 2008-09-08 17:07 --------- d-----w c:\program files\Neoretix 2008-09-08 17:00 --------- d-----w c:\program files\YouTube Downloader 2008-09-08 16:19 --------- d-----w c:\program files\Google 2008-09-08 14:20 --------- d-----w c:\program files\uTorrent 2008-09-08 13:08 --------- d-----w c:\program files\Skype 2008-09-08 13:08 --------- d-----w c:\program files\Common Files\Skype 2008-09-08 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-09-08 12:24 159,918 ----a-w c:\windows\Marsu-Fix 2.3 Uninstaller.exe 2008-09-08 12:21 --------- d-----w c:\program files\ESET 2008-09-08 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2008-09-04 08:31 288,024 ----a-w c:\windows\system32\PhysXCplUI.exe 2008-08-29 07:57 70,936 ----a-w c:\windows\system32\PhysXLoader.dll 2008-06-25 15:42 119 ----a-w c:\program files\uninstall.url 2008-04-18 08:52 49,024 ----a-w c:\windows\inf\gsiata.sys 2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg 2007-04-26 12:37 2,168,069 ----a-w c:\program files\invsecr.exe 1996-12-02 17:44 582,144 ----a-w c:\program files\Common Files\dao350.dll 1996-12-02 11:27 73,184 ----a-w c:\program files\Common Files\dao2535.tlb . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 21:02 96552 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE7-11"="advpack.dll" [2008-06-23 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Mpk.exe"="c:\program files\KGB\Mpk.exe" [2007-10-09 930304] c:\documents and settings\Darko\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-30 3581680] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-05-30 20:03 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "VIDC.ACDV"= ACDV.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 15:16 171464 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2008-10-10 18:50 2607616 c:\program files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 21:02 1082152 c:\program files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 21:02 2048808 c:\program files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-09-28 17:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-10 13:27 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset] --a------ 2008-04-28 19:57 208353 c:\windows\fix.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] --a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Net Tools\\nettools5.exe"= "c:\\Program Files\\KGB\\Mpk.exe"= "c:\\Program Files\\KGB\\MpkView.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "i:\\Program Files\\TmNationsForever\\TmForever.exe"= "i:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "i:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 enport;enport;c:\windows\system32\drivers\enport.sys [2008-04-18 4992] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 50984] R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336] R3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-16 355584] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}] \Shell\AutoOpen\command - e:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}] \Shell\AutoRun\command - E:\dwg3gngs.exe \Shell\explore\Command - E:\dwg3gngs.exe \Shell\open\Command - E:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}] \Shell\Auto\command - J:\UFO.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}] \Shell\Auto\command - G:\UFO.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . Contents of the 'Scheduled Tasks' folder 2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-SpyHunter Security Suite - c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Darko\Application Data\Mozilla\Firefox\Profiles\cbcvrs3p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - google.ba . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-07 00:32:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\system\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . Completion time: 2008-11-07 0:33:08 ComboFix-quarantined-files.txt 2008-11-06 23:32:55 ComboFix2.txt 2008-11-06 22:46:47 ComboFix3.txt 2008-11-06 22:28:19 ComboFix4.txt 2008-11-06 20:58:29 Pre-Run: 13.980.884.992 bytes free Post-Run: 13,955,461,120 bytes free 311 --- E O F --- 2008-09-17 14:47:47

Profil

Piksi Poslao: 07 Nov 2008 08:58 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napravio si haos za mene... Zašto si pokretao ComboFix nekoliko puta? Molim te, priloži mi prvi log koji si dobio...

Profil

dlogic Poslao: 07 Nov 2008 10:44 Idi na vrh
offline dlogic Novi MyCity građanin Pridružio: 06 Nov 2008 Poruke: 8	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Combofix sam pokretao vise puta, zato sto mi se komp restartovao u pola procedure Combofix-a. Kako sada da nadjem prvi log? Dopuna: 07 Nov 2008 10:42 Nasao sam prvi. ComboFix 08-11-05.02 - Darko 2008-11-06 21:49:25.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1352 [GMT 1:00] Running from: c:\documents and settings\Darko\Desktop\ComboFix.exe * Created a new restore point * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf c:\documents and settings\Darko\Desktop\flash 4g\Darko Logic 54\Desktop_.ini c:\program files\FunWebProducts c:\program files\MyWebSearch c:\program files\MyWebSearch\bar\Settings\s_pid.dat c:\windows\IE4 Error Log.txt c:\windows\system32\drivers\npf.sys c:\windows\system32\dse235rgd0.dll c:\windows\system32\packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\wedasgads0.dll c:\windows\system32\wpcap.dll D:\Autorun.inf G:\Autorun.inf g:\recycler\Desktop_.ini H:\Autorun.inf h:\recycler\Desktop_.ini I:\Autorun.inf K:\autorun.inf K:\hni.cmd . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2008-10-06 to 2008-11-06 ))))))))))))))))))))))))))))))) . 2008-11-06 21:35 . 2008-11-06 21:35 <DIR> d-------- c:\program files\Enigma Software Group 2008-11-05 18:01 . 2008-11-05 18:01 <DIR> d-------- c:\program files\Common Files\Borland Shared 2008-11-05 18:01 . 2008-11-05 18:19 13,030 --a------ C:\PDOXUSRS.NET 2008-10-31 15:23 . 1999-01-21 23:40 180,224 --------- c:\windows\Res2_uninst.exe 2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\windows\system32\AGEIA 2008-10-27 23:56 . 2008-10-27 23:56 <DIR> d-------- c:\program files\AGEIA Technologies 2008-10-27 23:56 . 2008-10-07 13:33 201,157 --a------ c:\windows\system32\nvapps.nvb 2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\program files\SystemRequirementsLab 2008-10-27 23:27 . 2008-10-27 23:27 <DIR> d-------- c:\documents and settings\Darko\Application Data\SystemRequirementsLab 2008-10-27 23:21 . 2008-05-30 14:11 1,491,992 --a------ c:\windows\system32\D3DCompiler_38.dll 2008-10-27 23:21 . 2008-05-30 14:19 507,400 --a------ c:\windows\system32\XAudio2_1.dll 2008-10-27 23:21 . 2008-05-30 14:18 238,088 --a------ c:\windows\system32\xactengine3_1.dll 2008-10-27 23:21 . 2008-05-30 14:17 65,032 --a------ c:\windows\system32\XAPOFX1_0.dll 2008-10-27 23:21 . 2008-05-30 14:17 25,608 --a------ c:\windows\system32\X3DAudio1_4.dll 2008-10-27 23:19 . 2008-10-27 23:19 <DIR> d-------- c:\windows\Logs 2008-10-27 20:00 . 2008-10-27 20:00 <DIR> d-------- c:\program files\Rapid Hacker 2008-10-22 22:41 . 2008-10-22 22:41 <DIR> d-------- c:\program files\VeryPDF PDF2Word v3.0 2008-10-22 22:27 . 2008-10-22 22:42 312 --a------ c:\windows\pdf2word.INI 2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\program files\SweetIM 2008-10-22 15:49 . 2008-10-22 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\SweetIM 2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\program files\Apple Software Update 2008-10-22 00:38 . 2008-10-22 00:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Apple 2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\program files\WorldOfGoo 2008-10-20 00:13 . 2008-10-20 00:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\2DBoy 2008-10-09 01:47 . 2008-10-09 01:47 42,320 --a------ c:\windows\system32\xfcodec.dll 2008-10-07 15:05 . 2008-10-07 15:38 261 --a------ c:\windows\WPE PRO - modified.INI 2008-10-07 10:39 . 2008-10-07 10:39 <DIR> d-------- c:\program files\Bonjour . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-06 20:54 --------- d-----w c:\documents and settings\Darko\Application Data\skypePM 2008-11-06 20:54 --------- d-----w c:\documents and settings\Darko\Application Data\Skype 2008-11-06 20:52 --------- d-sh--w c:\documents and settings\All Users\Application Data\MPK 2008-11-06 15:13 --------- d-----w c:\documents and settings\Darko\Application Data\DMCache 2008-11-05 10:46 --------- d-----w c:\documents and settings\Darko\Application Data\uTorrent 2008-11-04 17:49 --------- d-----w c:\documents and settings\Darko\Application Data\LimeWire 2008-10-27 22:56 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2008-10-27 22:19 22,328 ----a-w c:\windows\system32\drivers\PnkBstrK.sys 2008-10-27 22:19 22,328 ----a-w c:\documents and settings\Darko\Application Data\PnkBstrK.sys 2008-10-27 22:13 --------- d--h--w c:\program files\InstallShield Installation Information 2008-10-23 21:32 --------- d-----w c:\documents and settings\All Users\Application Data\Ubisoft 2008-10-23 11:58 --------- d-----w c:\documents and settings\Darko\Application Data\Xfire 2008-10-21 15:36 --------- d-----w c:\documents and settings\Darko\Application Data\Bioshock 2008-10-11 18:32 --------- d-----w c:\program files\Internet Download Manager 2008-10-07 12:33 6,133,856 ----a-w c:\windows\system32\drivers\nv4_mini.sys 2008-10-07 09:39 --------- d-----w c:\program files\Common Files\Adobe 2008-10-06 18:31 --------- d-----w c:\documents and settings\Darko\Application Data\IDM 2008-10-05 21:24 --------- d-----w c:\program files\NSS 2008-10-05 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-10-05 21:14 --------- d-----w c:\program files\Common Files\Macrovision Shared 2008-10-05 17:09 --------- d-----w c:\documents and settings\All Users\Application Data\TrackMania 2008-10-02 15:10 --------- d-----w c:\documents and settings\Darko\Application Data\SPORE 2008-09-29 19:39 --------- d-----w c:\documents and settings\Darko\Application Data\NSeries 2008-09-29 17:37 --------- d-----w c:\program files\Common Files\Blizzard Entertainment 2008-09-29 17:36 --------- d-----w c:\program files\World of Warcraft 2008-09-25 18:01 2,856 ----a-w c:\program files\Common Files\unins000.dat 2008-09-25 18:00 728,858 ----a-w c:\program files\Common Files\unins000.exe 2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2008-09-24 16:49 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2008-09-24 16:42 --------- d-----w c:\program files\Nokia 2008-09-24 16:42 --------- d-----w c:\program files\Common Files\Nokia 2008-09-24 16:42 --------- d-----w c:\documents and settings\All Users\Application Data\Installations 2008-09-24 14:12 --------- d-----w c:\program files\CAPCOM 2008-09-22 20:39 --------- d-----w c:\documents and settings\Darko\Application Data\Nokia 2008-09-22 20:38 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia 2008-09-22 00:22 --------- d-----w c:\program files\Pro Pinball 2008-09-17 14:41 --------- d-----w c:\program files\Microsoft Works 2008-09-17 14:40 --------- d-----w c:\program files\MSXML 4.0 2008-09-17 13:07 --------- d-----w c:\program files\MSN Messenger 2008-09-17 10:57 --------- d-----w c:\program files\DAEMON Tools Lite 2008-09-16 15:06 --------- d-----w c:\program files\TuneUp Utilities 2008 2008-09-16 14:49 --------- d-----w c:\documents and settings\Darko\Application Data\TuneUp Software 2008-09-16 14:49 --------- d-----w c:\documents and settings\All Users\Application Data\TuneUp Software 2008-09-13 23:34 --------- d-----w c:\program files\CyberLink 2008-09-13 23:23 --------- d-----w c:\program files\Xilisoft 2008-09-13 23:23 --------- d-----w c:\documents and settings\Darko\Application Data\Xilisoft Corporation 2008-09-13 23:14 --------- d-----w c:\documents and settings\Darko\Application Data\BSplayer Pro 2008-09-13 23:07 --------- d-----w c:\documents and settings\Darko\Application Data\vlc 2008-09-13 23:06 --------- d-----w c:\documents and settings\Darko\Application Data\dvdcss 2008-09-13 23:05 --------- d-----w c:\program files\VideoLAN 2008-09-13 16:29 --------- d-----w c:\documents and settings\Darko\Application Data\Vso 2008-09-13 08:48 --------- d-----w c:\program files\LimeWire 2008-09-11 14:23 --------- d-----w c:\program files\Messenger Plus! Live 2008-09-10 23:22 --------- d-----w c:\program files\Qtracker 2008-09-10 23:17 --------- d-----w c:\documents and settings\Darko\Application Data\GSC 2008-09-08 17:52 --------- d-----w c:\program files\Java 2008-09-08 17:51 --------- d-----w c:\program files\Cheatbook 09.2008 2008-09-08 17:46 --------- d-----w c:\program files\Common Files\Java 2008-09-08 17:21 --------- d-----w c:\documents and settings\Darko\Application Data\Media Player Classic 2008-09-08 17:07 --------- d-----w c:\program files\Neoretix 2008-09-08 17:00 --------- d-----w c:\program files\YouTube Downloader 2008-09-08 16:19 --------- d-----w c:\program files\Google 2008-09-08 14:20 --------- d-----w c:\program files\uTorrent 2008-09-08 13:08 --------- d-----w c:\program files\Skype 2008-09-08 13:08 --------- d-----w c:\program files\Common Files\Skype 2008-09-08 13:08 --------- d-----w c:\documents and settings\All Users\Application Data\Skype 2008-09-08 12:24 159,918 ----a-w c:\windows\Marsu-Fix 2.3 Uninstaller.exe 2008-09-08 12:21 --------- d-----w c:\program files\ESET 2008-09-08 12:21 --------- d-----w c:\documents and settings\All Users\Application Data\ESET 2008-06-25 15:42 119 ----a-w c:\program files\uninstall.url 2008-04-18 08:52 49,024 ----a-w c:\windows\inf\gsiata.sys 2008-03-09 05:25 236 ---ha-w c:\program files\Common Files\dx.reg 2007-04-26 12:37 2,168,069 ----a-w c:\program files\invsecr.exe 1996-12-02 17:44 582,144 ----a-w c:\program files\Common Files\dao350.dll 1996-12-02 11:27 73,184 ----a-w c:\program files\Common Files\dao2535.tlb . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2008-09-07 173368] [HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2008-09-07 17:06 1172792 --a------ c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-09-07 1172792] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.SWEETIE] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\NBHShellExt] @="{8D2223A2-B3C6-4e32-B096-CDD11F628C60}" [HKEY_CLASSES_ROOT\CLSID\{8D2223A2-B3C6-4e32-B096-CDD11F628C60}] 2007-12-13 21:02 96552 --a------ c:\program files\Nero\Nero8\InCD\NBHShx.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-08-12 21741864] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-10 68856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-06-10 1447168] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-06-19 851968] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 1744896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "ShowDeskFix"="shell32" [X] "IE7-11"="advpack.dll" [2008-06-23 c:\windows\system32\advpack.dll] [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "Mpk.exe"="c:\program files\KGB\Mpk.exe" [2007-10-09 930304] c:\documents and settings\Darko\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDock\ObjectDock.exe [2008-03-30 3581680] [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2007-04-19 13:41 294912 c:\program files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-05-30 20:03 229376 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.I420"= i263_32.drv "VIDC.ACDV"= ACDV.dll "vidc.3iv2"= 3ivxVfWCodec.dll "msacm.divxa32"= divxa32.acm "VIDC.HFYU"= huffyuv.dll "VIDC.i263"= i263_32.drv "msacm.imc"= imc32.acm "VIDC.VP31"= vp31vfw.dll "vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll "VIDC.XFR1"= xfcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-01-11 22:16 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools] --a------ 2007-09-18 15:16 171464 c:\program files\DAEMON Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IDMan] --a------ 2008-10-10 18:50 2607616 c:\program files\Internet Download Manager\IDMan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] --a------ 2007-12-13 21:02 1082152 c:\program files\Nero\Nero8\InCD\InCD.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut] --------- 2007-02-07 15:21 54832 c:\program files\CyberLink\PowerDVD\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan] --a------ 2007-12-03 13:21 2213160 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2007-03-01 13:57 153136 c:\program files\Common Files\Nero\Lib\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication] --a------ 2007-03-23 12:20 227328 c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] --------- 2007-03-14 20:01 71216 c:\program files\CyberLink\PowerDVD\PDVDServ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SecurDisc] --a------ 2007-12-13 21:02 2048808 c:\program files\Nero\Nero8\InCD\NBHGui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 c:\program files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM] -ra------ 2008-09-28 17:18 111928 c:\program files\SweetIM\Messenger\SweetIM.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] --a------ 2008-09-10 13:27 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset] --a------ 2008-04-28 19:57 208353 c:\windows\fix.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant] --a------ 2006-09-07 18:19 15872 c:\program files\Unlocker\UnlockerAssistant.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XboxStat] --a------ 2007-09-26 17:05 734264 c:\program files\Microsoft Xbox 360 Accessories\XBoxStat.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] -r------- 2005-05-03 11:43 69632 c:\windows\Alcmtr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -r------- 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Nero\\Nero8\\Nero Home\\NeroHome.exe"= "c:\\Program Files\\Net Tools\\nettools5.exe"= "c:\\Program Files\\KGB\\Mpk.exe"= "c:\\Program Files\\KGB\\MpkView.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "i:\\Program Files\\TmNationsForever\\TmForever.exe"= "i:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "i:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "i:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 enport;enport;c:\windows\system32\drivers\enport.sys [2008-04-18 4992] R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2008-06-10 34312] R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};c:\program files\CyberLink\PowerDVD\000.fcl [2006-11-02 15:51 13560] R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [2007-10-15 1382672] R2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero8\InCD\NBHRegInCDSrv.exe [2007-12-13 50984] R2 UxTuneUp;TuneUp Theme Extension;c:\windows\System32\svchost.exe [2008-04-14 14336] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2008-02-01 138112] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2008-02-01 8320] S3 PRODIGY;PRODIGY;c:\windows\system32\Drivers\PRODIGY.SYS [2006-08-29 32377] S3 TuneUp.Defrag;TuneUp Drive Defrag Service;c:\windows\System32\TuneUpDefragService.exe [2008-09-16 355584] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;c:\program files\MSN Messenger\usnsvc.exe [2007-01-19 97136] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}] \Shell\AutoOpen\command - e:\.\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}] \Shell\AutoRun\command - E:\dwg3gngs.exe \Shell\explore\Command - E:\dwg3gngs.exe \Shell\open\Command - E:\dwg3gngs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}] \Shell\Auto\command - J:\UFO.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}] \Shell\Auto\command - G:\UFO.exe \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe . Contents of the 'Scheduled Tasks' folder 2008-11-03 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-MsnMsgr - ~c:\program files\MSN Messenger\MsnMsgr.Exe MSConfigStartUp-AdVantage Setup - c:\program files\DAEMON Tools Lite\AdVantageSetup.exe MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-Invisible Secrets 4 - c:\progra~1\INVISI~1\invtray.exe MSConfigStartUp-kxva - c:\windows\system32\kxvo.exe MSConfigStartUp-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL MSConfigStartUp-RegClean Expert Scheduler - c:\program files\Registry Clean Expert\RCHelper.exe . ------- Supplementary Scan ------- . FireFox -: Profile - c:\documents and settings\Darko\Application Data\Mozilla\Firefox\Profiles\cbcvrs3p.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - google.ba . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-11-06 21:54:23 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DUMeterSvc] "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService" [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: c:\windows\system32\winlogon.exe -> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll PROCESS: c:\windows\system32\lsass.exe -> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll PROCESS: c:\windows\explorer.exe -> c:\program files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll -> c:\program files\Stardock\ObjectDock\DockShellHook.dll -> c:\program files\KGB\MPK.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Bonjour\mDNSResponder.exe c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe c:\program files\Nero\Nero8\InCD\InCDsrv.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2008-11-06 21:58:27 - machine was rebooted [Darko] ComboFix-quarantined-files.txt 2008-11-06 20:58:23 Pre-Run: 8.667.115.520 bytes free Post-Run: 8,776,036,352 bytes free 361 --- E O F --- 2008-09-17 14:47:47

Profil

Piksi Poslao: 09 Nov 2008 10:47 Idi na vrh
offline Piksi Elitni građanin Pridružio: 13 Nov 2003 Poruke: 2435	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini na čekanju... Da li si ti instalirao KGB Keylogger? Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\fix.exe Registry:: [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{13786de4-9073-11dd-8d6b-001d7daaf670}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1c975d93-89cb-11dd-8d56-001d7daaf670}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2f1050c2-ff61-11dc-8c55-aed3212c1c8b}] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{945b6f86-fcbc-11dc-811c-b6bca9be72ec}] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrialReset] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Bilo bi poželjno da preko opcije Prikači fajl priložiš i ostale logove koje je napravio ComboFix...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Uzas! Trebam vasu pomoc.

Ko je trenutno na forumu

Ukupno su 840 korisnika na forumu :: 3 registrovanih, 1 sakriven i 836 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Bokiboks, MilosKop, Shilok

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by