MyCity » Ambulanta -> Arhiva Ambulante » Wuauclt.exe

Wuauclt.exe

Napisano na dan: 17.10.2010

Strana:
1
2

Wuauclt.exe

Sledeća strana

Pagination

Odgovori

Strana:
1
2

vladanstankovic Poslao: 17 Okt 2010 21:29 Idi na vrh
offline vladanstankovic Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 7 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Evo ovako, u poslednjih nekoliko meseci, racunar je znatno usporio, boot-uje se sporije, kada se restartuje, cekam par minuta na logging of..., aplikacije se pokrecu znatno sporije. Imam ESET Smart Security i MBAM i u par navrata bilo je trojanaca i virusa, ali su ocisceni uz pomoc ova dva programa. Zatim su poceli problemi oko (de)instaliranja programa, Quick time narocito, zatim Google chrome- koji sada i kada se instalira, nece da se "podigne'. Takodje, brzina surfovanja je usporena, dok je download u redu. Ima jos bezbroj sitnijih problema u toku rada, npr. ceo ekran kao da hoce da se refreshuje na par sekundi, aplikacije tipa Adobe Premiere ilil After Effects "creshuju" i izbacuju greske tipa "system is low on memory" i slicno. Takodje, u poslednjih nekoliko dana u task manageru sam primetio proces "wuauclt.exe" koji je nemoguce zatvoriti, i multipliciran je na oko 10-ak procesa, svaki "vuce" oko 20MB i racunar tokom vremena znatno uspori. Trenutno, uradio sam full scanove i sa ESET-om i sa MBAM-om i ni jedan malware niti rootkit nije pronadjen. MOlim za pomoc, pozdrav, Vlada mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png DDS (Ver_10-10-10.03) - NTFSx86 Run by Cetvorka at 19:40:21.37 on Sun 10/17/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2568 [GMT 2:00] AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} AV: ESET Smart Security 4.2 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: Kaspersky Anti-Virus disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Silicon Image\57xx SteelVine\SteelVine.exe C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe C:\WINDOWS\system32\hasplms.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\SpeedSix\bin\JawsService.exe C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\uTorrent\uTorrent.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Cetvorka\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll BHO: Mediafour XPlay Explorer notifications: {4907c0ad-874d-44d9-b13e-7b0a4d8b9d3e} - c:\program files\mediafour\xplay 3\XPBHO.DLL BHO: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll TB: Hot MP3 Toolbar: {9384bd4c-dd14-4be9-80f7-f6277511e4f5} - c:\program files\hot_mp3\tbHot1.dll TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE mRun: [AutorunRemover.exe] c:\program files\autorunremover\AutorunRemover.exe -Hide mRun: [CertificateRegistration] SafeSignCertReg.exe mRun: [{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}] "c:\program files\mediafour\xplay 3\XPlay.exe" mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) IE: Add to Anti-Banner - c:\program files\kaspersky lab\kaspersky anti-virus 6.0 for windows workstations mp4\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\cetvorka\applic~1\mozilla\firefox\profiles\wijp8ut3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - component: c:\documents and settings\cetvorka\application data\mozilla\firefox\profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\cetvorka\application data\mozilla\firefox\profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\cetvorka\application data\mozilla\firefox\profiles\wijp8ut3.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\cetvorka\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); ============= SERVICES / DRIVERS =============== R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2009-9-28 259176] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-5-3 130936] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [2010-7-18 145504] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-4-28 114984] R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\silicon image\57xx steelvine\SteelVine.exe [2007-8-20 1282048] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-6-24 810144] R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2008-12-22 80392] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 JawsService.exe;Jaws Service;c:\program files\speedsix\bin\JawsService.exe [2006-8-22 53248] R2 M4iPodWPDService;M4iPodWPDService;c:\program files\common files\mediafour\ipod\M4iPodWPDService.exe [2010-6-18 223232] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-2 304464] R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [2008-12-23 42880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-2 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-8 136176] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\autodesk\3ds max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-3-10 65536] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2008-12-23 16512] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2003-4-4 30336] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [2010-10-1 24416] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [2010-6-23 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [2010-6-23 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [2010-6-23 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [2010-6-23 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [2010-6-23 98568] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional home 2009.sp2\RpcAgentSrv.exe [2008-12-23 98488] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-5-3 348752] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-5-3 1097096] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [2010-6-21 22016] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-5-8 30192] UnknownUnknown AVPsys;AVPsys; [x] =============== Created Last 30 ================ 2010-10-17 17:03:01 -------- d-----w- c:\documents and settings\cetvorka\DoctorWeb 2010-10-17 13:01:21 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2010-10-12 17:50:49 -------- d-----w- c:\program files\Neat Video for Premiere 2010-10-12 17:49:46 -------- d-----w- c:\program files\Neat Video for After Effects 2010-10-12 11:39:32 -------- d-----w- c:\windows\pss 2010-10-11 22:00:21 -------- d-----w- c:\program files\Camtech 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime8.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime7.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime4.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime3.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime2.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime14.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime13.qtx 2010-10-11 21:26:19 927232 ----a-w- c:\windows\system32\raylightQuicktime1.qtx 2010-10-11 21:26:19 -------- d-----w- c:\program files\DVFilm 2010-10-07 21:37:04 -------- d-----w- c:\docume~1\cetvorka\applic~1\BlackBean 2010-10-07 20:21:07 -------- d-----w- c:\program files\BlackBeanGames 2010-10-06 18:35:39 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\SKIDROW 2010-10-05 17:18:06 -------- d-----w- c:\program files\JDownloader 2010-10-04 19:53:11 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\My Games 2010-10-04 19:38:51 -------- d-----w- c:\program files\Sid Meier's Civilization V 2010-10-04 07:51:49 -------- d-----w- c:\docume~1\cetvorka\applic~1\CheeseSoft 2010-10-04 07:51:44 -------- d-----w- c:\program files\FinalUninstaller 2010-10-03 20:15:00 -------- d-----w- c:\docume~1\cetvorka\applic~1\SpeedMP3Downloader 2010-10-03 20:15:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\SpeedMP3Downloader 2010-10-03 19:57:36 -------- d-----w- c:\program files\Conduit 2010-10-03 19:57:36 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\Conduit 2010-10-03 19:57:35 -------- d-----w- c:\program files\Hot_MP3 2010-10-03 19:57:35 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\Hot_MP3 2010-10-03 19:57:31 -------- d-----w- c:\program files\SpeedMP3Downloader 2010-10-01 23:04:18 -------- d-----w- c:\program files\2K Games 2010-10-01 20:00:24 377856 ----a-w- c:\windows\system\binkw32.dll 2010-10-01 19:53:53 -------- d-----w- c:\program files\RADVideo 2010-10-01 17:18:44 -------- d-----w- C:\BackSys 2010-10-01 15:51:47 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\4A Games 2010-10-01 15:51:23 -------- d-----w- c:\docume~1\cetvorka\applic~1\NVIDIA 2010-10-01 15:00:19 -------- d-----w- c:\program files\Steam 2010-10-01 11:30:39 -------- d-----w- c:\windows\RestoreSafeDeleted 2010-10-01 11:30:34 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-10-01 10:25:37 -------- d-----w- c:\program files\Digieffects 2010-10-01 10:22:43 2 --shatr- c:\windows\winstart.bat 2010-10-01 10:22:27 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-10-01 10:22:12 -------- d-----w- c:\program files\UnHackMe 2010-09-26 18:57:00 809560 ----a-r- c:\windows\system32\tmp895.tmp 2010-09-26 18:56:55 809560 ----a-r- c:\windows\system32\tmp894.tmp 2010-09-25 16:09:53 809560 ----a-r- c:\windows\system32\tmp23C.tmp 2010-09-25 16:09:53 809560 ----a-r- c:\windows\system32\tmp23B.tmp 2010-09-22 19:29:58 -------- d-----w- c:\docume~1\alluse~1\applic~1\IncrediMail 2010-09-22 19:29:57 -------- d-----w- c:\docume~1\alluse~1\applic~1\IM 2010-09-21 23:22:18 1160 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-09-20 16:55:50 608448 ----a-w- c:\windows\system32\comctl32.ocx 2010-09-20 16:55:41 -------- d-----w- c:\program files\Total Video Converter 2010-09-19 22:18:25 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\LooksBuilder 2010-09-19 14:34:30 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2010-09-18 20:22:02 -------- d-----w- c:\docume~1\cetvorka\applic~1\Avid 2010-09-18 20:21:47 -------- d-----w- c:\program files\common files\PACE Anti-Piracy 2010-09-18 20:21:47 -------- d-----w- c:\docume~1\cetvorka\locals~1\applic~1\PACE Anti-Piracy 2010-09-18 20:21:47 -------- d-----w- c:\docume~1\cetvorka\applic~1\PACE Anti-Piracy 2010-09-18 20:21:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\PACE Anti-Piracy 2010-09-18 17:49:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avid 2010-09-18 17:39:48 -------- d-----w- c:\program files\common files\Digidesign 2010-09-18 17:39:29 -------- d-----w- c:\program files\common files\SafeNet Sentinel 2010-09-18 17:31:53 -------- d-----w- c:\program files\Avid ==================== Find3M ==================== 2010-10-17 12:20:46 16608 ----a-w- c:\windows\gdrv.sys 2010-10-15 21:07:59 73 ----a-w- c:\windows\system32\ssprs.dll 2010-10-15 21:07:59 205 ----a-w- c:\windows\system32\lsprst7.dll 2010-09-25 16:09:53 445016 ----a-w- c:\windows\system32\wrap_oal.dll 2010-09-25 16:09:53 109144 ----a-w- c:\windows\system32\OpenAL32.dll 2010-09-19 14:34:21 232984 ----a-w- c:\windows\system32\nvdrsdb1.bin 2010-09-19 14:34:21 1 ----a-w- c:\windows\system32\nvdrssel.bin 2010-09-19 14:34:18 232984 ----a-w- c:\windows\system32\nvdrsdb0.bin 2010-09-08 09:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2010-09-08 09:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts 2010-07-27 16:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-07-27 16:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll 2010-07-27 16:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe 2009-05-14 19:02:10 3392872 ----a-w- c:\program files\common files\adlmint_libFNP.dll 2009-05-14 19:02:10 3298152 ----a-w- c:\program files\common files\adlmint.dll 2003-11-03 16:07:06 499712 ----a-w- c:\program files\msvcp71.dll 2003-11-03 16:07:06 348160 ----a-w- c:\program files\msvcr71.dll 2003-05-30 08:22:06 344064 ----a-r- c:\program files\msvcr70.dll 2002-01-05 02:40:18 487424 ----a-w- c:\program files\msvcp70.dll ============= FINISH: 19:41:45.28 ===============

Profil

1l padr1n0 Poslao: 17 Okt 2010 23:01 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav i dobro dosao u Ambulantu My City foruma. U toku resavanja slucaja, zamolio bih te da se pridrzavas sledeceg: Detaljno citati moja uputstva (ili uputstva kolega koji ce me zamenjivati) i raditi iskljucivo po njima; Ne traziti istovremeno pomoc na drugom mestu; Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budes dobio uputstvo; U toku intervencije ne koristiti USB memorijske uredjaje, dok to ne budem zatrazio; Ukoliko ne odgovorim u roku od 48h, osvezi temu novim post-om; Ukoliko se ne javis u roku od 5 dana, zatvoricemo slucaj. Za vise informacija o pravilima Ambulante MyCity foruma: LINK ------------------------------------------------------------------------------------- Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku. goran9888 (AMF Tim)

Profil

vladanstankovic Poslao: 18 Okt 2010 02:08 Idi na vrh
offline vladanstankovic Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 7 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Vise puta je restartovano. ComboFix je trazio da Kaspersky antivirus (inace uninstaliran) i ESET budu disable-ovani. Pogaseni su, i svi procesi u Task manageru su iskljuceni ali ih je Combo prepoznao kao da rade. VErovatno bi trebalo reinstalirati Windows, ali trenutno to ne mogu da uradim posto treba da bekapujem skoro 2TB podataka sa RAid diskova na ovoj masini. Evo i loga mycity.rs/must-login.png ComboFix 10-10-17.01 - Cetvorka 10/18/2010 1:38.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2883 [GMT 2:00] Running from: c:\documents and settings\Cetvorka\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ESET Personal firewall disabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: Kaspersky Anti-Virus disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Cetvorka\Application Data\SQLite3.dll c:\program files\WinPCap c:\program files\WinPCap\daemon_mgm.exe c:\program files\WinPCap\INSTALL.LOG c:\program files\WinPCap\npf_mgm.exe c:\program files\WinPCap\rpcapd.exe c:\program files\WinPCap\Uninstall.exe c:\windows\system32\drivers\npf.sys c:\windows\system32\lsprst7.dll c:\windows\system32\Packet.dll c:\windows\system32\pthreadVC.dll c:\windows\system32\ssprs.dll c:\windows\system32\wpcap.dll c:\windows\system32\DRIVERS\jraid.sys . . . is infected!! . . . Failed to find a valid replacement. . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NPF -------\Service_NPF ((((((((((((((((((((((((( Files Created from 2010-09-17 to 2010-10-17 ))))))))))))))))))))))))))))))) . 2010-10-17 20:47 . 2010-10-17 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-10-17 20:47 . 2010-10-17 20:47 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Thinstall 2010-10-17 20:47 . 2010-10-17 20:47 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\Thinstall 2010-10-17 17:03 . 2010-10-17 17:03 -------- d-----w- c:\documents and settings\Cetvorka\DoctorWeb 2010-10-17 13:01 . 2010-10-17 13:01 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2010-10-17 12:01 . 2010-10-17 12:01 -------- d-----w- c:\program files\Electronic Arts 2010-10-12 17:50 . 2010-10-12 17:50 -------- d-----w- c:\program files\Neat Video for Premiere 2010-10-12 17:49 . 2010-10-12 17:49 -------- d-----w- c:\program files\Neat Video for After Effects 2010-10-12 12:02 . 2010-10-12 12:02 -------- d-----w- c:\program files\Common Files\Apple 2010-10-11 22:00 . 2010-10-11 22:00 -------- d-----w- c:\program files\Camtech 2010-10-11 21:26 . 2010-10-11 21:26 -------- d-----w- c:\program files\DVFilm 2010-10-11 21:26 . 2008-06-23 17:15 927232 ----a-w- c:\windows\system32\raylightQuicktime1.qtx 2010-10-11 21:26 . 2008-06-23 17:15 927232 ----a-w- c:\windows\system32\raylightQuicktime2.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime3.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime4.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime7.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime8.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime13.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime14.qtx 2010-10-07 21:37 . 2010-10-07 21:37 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\BlackBean 2010-10-07 20:21 . 2010-10-07 20:21 -------- d-----w- c:\program files\BlackBeanGames 2010-10-06 18:35 . 2010-10-06 18:35 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\SKIDROW 2010-10-05 17:18 . 2010-10-15 21:24 -------- d-----w- c:\program files\JDownloader 2010-10-04 19:53 . 2010-10-04 19:53 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\My Games 2010-10-04 19:38 . 2010-10-06 18:34 -------- d-----w- c:\program files\Sid Meier's Civilization V 2010-10-04 07:51 . 2010-10-04 07:51 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\CheeseSoft 2010-10-04 07:51 . 2010-10-04 07:51 -------- d-----w- c:\program files\FinalUninstaller 2010-10-03 20:15 . 2010-10-03 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMP3Downloader 2010-10-03 20:15 . 2010-10-03 20:15 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\SpeedMP3Downloader 2010-10-03 19:57 . 2010-10-04 16:27 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Conduit 2010-10-03 19:57 . 2010-10-03 19:57 -------- d-----w- c:\program files\Conduit 2010-10-03 19:57 . 2010-10-04 16:53 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Hot_MP3 2010-10-03 19:57 . 2010-10-04 16:27 -------- d-----w- c:\program files\Hot_MP3 2010-10-03 19:57 . 2010-10-03 19:58 -------- d-----w- c:\program files\SpeedMP3Downloader 2010-10-01 23:04 . 2010-10-01 23:04 -------- d-----w- c:\program files\2K Games 2010-10-01 20:00 . 2004-01-21 19:26 377856 ----a-w- c:\windows\system\binkw32.dll 2010-10-01 19:53 . 2010-10-01 19:53 -------- d-----w- c:\program files\RADVideo 2010-10-01 17:18 . 2010-10-01 18:12 -------- d-----w- C:\BackSys 2010-10-01 15:51 . 2010-10-01 15:51 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\4A Games 2010-10-01 15:51 . 2010-10-01 15:51 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\NVIDIA 2010-10-01 15:00 . 2010-10-01 19:58 -------- d-----w- c:\program files\Steam 2010-10-01 11:30 . 2010-10-01 17:26 -------- d-----w- c:\windows\RestoreSafeDeleted 2010-10-01 11:30 . 2010-10-01 18:11 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-10-01 10:25 . 2010-10-01 10:25 -------- d-----w- c:\program files\Digieffects 2010-10-01 10:22 . 2010-10-01 10:22 2 --shatr- c:\windows\winstart.bat 2010-10-01 10:22 . 2010-09-01 12:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-10-01 10:22 . 2010-10-01 16:58 -------- d-----w- c:\program files\UnHackMe 2010-09-26 18:57 . 2009-10-15 10:44 809560 ----a-r- c:\windows\system32\tmp895.tmp 2010-09-26 18:56 . 2009-10-15 10:44 809560 ----a-r- c:\windows\system32\tmp894.tmp 2010-09-25 16:09 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmp23C.tmp 2010-09-25 16:09 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmp23B.tmp 2010-09-22 19:29 . 2010-09-22 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail 2010-09-22 19:29 . 2010-09-22 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IM 2010-09-21 23:22 . 2010-09-21 23:24 1160 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-09-20 16:55 . 2000-05-22 20:58 608448 ----a-w- c:\windows\system32\comctl32.ocx 2010-09-20 16:55 . 2010-10-11 20:44 -------- d-----w- c:\program files\Total Video Converter 2010-09-19 22:18 . 2010-09-19 22:18 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\LooksBuilder 2010-09-19 14:34 . 2010-09-19 14:34 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP 2010-09-18 20:22 . 2010-09-18 20:22 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\Avid 2010-09-18 20:21 . 2010-09-18 20:21 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\PACE Anti-Piracy 2010-09-18 20:21 . 2010-09-18 20:21 -------- d-----w- c:\documents and settings\All Users\Application Data\PACE Anti-Piracy 2010-09-18 20:21 . 2010-09-18 20:21 -------- d-----w- c:\program files\Common Files\PACE Anti-Piracy 2010-09-18 20:21 . 2010-09-18 20:21 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\PACE Anti-Piracy 2010-09-18 17:49 . 2010-09-18 17:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Pinnacle 2010-09-18 17:49 . 2010-09-18 20:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Avid 2010-09-18 17:39 . 2010-09-18 17:41 -------- d-----w- c:\program files\Common Files\Digidesign 2010-09-18 17:39 . 2010-09-18 17:39 -------- d-----w- c:\program files\Common Files\SafeNet Sentinel 2010-09-18 17:31 . 2010-09-19 16:11 -------- d-----w- c:\program files\Avid . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-08 12:51 . 2010-05-08 12:51 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- [7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe [7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe c:\windows\System32\wuauclt.exe ... is missing !! . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] 2010-10-04 16:27 2735200 ----a-w- c:\program files\Hot_MP3\tbHot1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2010-04-02 1370624] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe" [2010-04-08 300544] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0Vlaki [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-05-08 12:45 136176 ----atw- c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP2\\RpcAgentSrv.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Autodesk\\Maya2010\\bin\\maya.exe"= "c:\\Program Files\\Autodesk\\Autodesk Toxik 2010\\program\\toxik.exe"= "c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\eyeon\\Fusion 6.0\\eyeonScript.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\PESEdit\\2010 FIFA World Cup Patch\\pes2010.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1055:TCP"= 1055:TCP:Discreet BrowseD "1066:TCP"= 1066:TCP:Discreet Slave Render "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/28/2009 2:02 PM 259176] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/3/2009 4:11 PM 130936] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/18/2010 1:38 AM 145504] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984] R2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [8/20/2007 12:42 PM 1282048] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/24/2010 9:27 AM 810144] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [12/22/2008 9:10 PM 80392] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 JawsService.exe;Jaws Service;c:\program files\SpeedSix\bin\JawsService.exe [8/22/2006 12:27 PM 53248] R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [6/18/2010 2:16 PM 223232] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/2/2009 5:01 PM 304464] R2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536] R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [12/23/2008 5:57 PM 42880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/2/2009 5:01 PM 20952] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2010 2:54 PM 136176] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/23/2008 5:57 PM 16512] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [10/1/2010 1:30 PM 24416] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [6/23/2010 3:59 PM 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [6/23/2010 3:59 PM 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [6/23/2010 3:59 PM 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [6/23/2010 3:59 PM 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [6/23/2010 3:59 PM 98568] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP2\RpcAgentSrv.exe [12/23/2008 3:43 PM 98488] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/3/2009 4:11 PM 348752] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [6/21/2010 11:17 PM 22016] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/8/2010 2:51 PM 30192] . Contents of the 'Scheduled Tasks' folder 2010-10-17 c:\windows\Tasks\AWC Update.job - c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2010-07-29 13:24] 2010-10-17 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-08 12:51] 2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 12:54] 2010-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 12:54] 2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-682003330-1003Core.job - c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 12:45] 2010-10-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-682003330-1003UA.job - c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 12:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = .local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} FF - ProfilePath - c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - component: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) ShellIconOverlayIdentifiers-MacDrive volume icons - (no file) SafeBoot-klmdb.sys SafeBoot-WudfPf SafeBoot-WudfRd AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0xFCC04EC5]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\Disk -> CLASSPNP.SYS @ 0xf5e2cf28 \Driver\ACPI -> ACPI.sys @ 0xf5c7fcb8 \Driver\atapi -> atapi.sys @ 0xf5c11852 IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0xe0c4f6a8 ParseProcedure -> ntkrnlpa.exe @ 0xe0c4e7e8 \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0xe0c4f6a8 ParseProcedure -> ntkrnlpa.exe @ 0xe0c4e7e8 NDIS: Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf5acabb0 PacketIndicateHandler -> NDIS.sys @ 0xf5ad7a21 SendHandler -> NDIS.sys @ 0xf5ab587b user & kernel MBR OK ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\VersionVersion] "Version"=hex:40,57,d0,3f,22,9f,8b,82,9f,c1,fa,0d,a8,8d,e6,83,db,64,1e,8a,c4, 84,db,e9,3d,ac,d4,7f,28,62,66,bb,fa,69,78,b8,4b,a2,27,a6,76,a7,60,44,fb,fa,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\VersionVersion] "Version"=hex:40,57,d0,3f,22,9f,8b,82,9f,c1,fa,0d,a8,8d,e6,83,db,64,1e,8a,c4, 84,db,e9,3d,ac,d4,7f,28,62,66,bb,fa,69,78,b8,4b,a2,27,a6,76,a7,60,44,fb,fa,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1068-) c:\windows\system32\WININET.dll - - - - - - - > 'lsass.exe'(1128-) c:\windows\system32\WININET.dll - - - - - - - > 'explorer.exe'(3344) c:\windows\system32\WININET.dll c:\program files\Mediafour\MacDrive 8\MDVolumeIcons.dll c:\program files\Mediafour\MacDrive 8\MACDRAPI.DLL c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Mediafour\XPlay 3\XPCopyHook.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\windows\system32\hasplms.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Protexis\License Service\PsiService_2.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2010-10-18 01:59:13 - machine was rebooted ComboFix-quarantined-files.txt 2010-10-17 23:59 Pre-Run: 95,961,624,576 bytes free Post-Run: 95,850,450,944 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional Avid 2.5GB" /3GB /userva=2500 /noexecute=optin /fastdetect multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 06E20DEC43079403D5E306BF9DC2300C

Profil

1l padr1n0 Poslao: 18 Okt 2010 23:16 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvinjavam se sto kasnim sa odgovorom. Detaljno isprati sledece uputstvo --------------------------------------------------------------------------------------- Preuzmi Kaspersky Lab-ov TDSSKiller sa sledece adrese na Desktop: TDSSKiller Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili slicnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sacuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; preimenuj TDSSKiller.exe u MyCity.exe; dvoklikom pokreni program MyCity.exe; klik na dugme Start Scan. - Kada skeniranje bude zavrseno, TDSSKiller ce obavestiti da li je nasao infekciju i koja je infekcija u pitanju; - Ukoliko infekcija bude pronadjena, klik na dugme Continue cime ce TDSSKiller pokusati da je ukloni; - Nakon zavrsenog postupka izacice obavestenje da li je uspesno otklonio infekciju; - Ukoliko je infekcija uspesno otklonjenja potrebno je restartovati racunar opcijom Reboot Now. Okaci mi sadrzaj log-a sa sledece lokacije: C:\TDSSKiller_verzija programa_DD.MM.GG_HH.MM.SS.txt (DD-dan, MM-mesec, GG-godina, HH-sat, MM-minut, SS-sekunda; datum i vreme kada je log napravljen) goran9888 (AMF Tim)

Profil

vladanstankovic Poslao: 19 Okt 2010 00:28 Idi na vrh
offline vladanstankovic Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 7 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nije problem, bitno je da se resi problem ;-) Ocistio je dva fajla mycity.rs/must-login.png

Profil

1l padr1n0 Poslao: 19 Okt 2010 19:38 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nadam se da nisi obrisao (i menjao naziv) TDSSKiller sa racunara i da se nalazi na Desktop-u jer ce nam trebati i u sledecem koraku --------------------------------------------------------------------------------------------- Korak 1 Start -> RUN -> cmd U konzoli ukucati cd Desktop kao na slici: Nakon toga ukucati sledecu komandu: `mycity.exe -qcsvc decvxipmxguq -dcsvc decvxipmxguq -l mycity.txt` (laksi nacin je prekopirati ovu komandu u konzoli; selektuj komandu -> desni klik pa Copy -> u konzoli desni klik pa Paste) Potrebno je restartovati racunar klikom na Reboot Now Nakon restarta pojavice se mycity.txt log na Desktop-u. Okaci mi sadrzaj tog log-a uz sledecu poruku. Korak 2 Ponovo pokreni ComboFix i postavi mi svez log. goran9888 (AMF Tim)

Profil

vladanstankovic Poslao: 19 Okt 2010 21:59 Idi na vrh
offline vladanstankovic Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 7 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Nisamnista brisao ;-) evo loga mycity.rs/must-login.png mycity.rs/must-login.png Pozdrav

Profil

diarno Poslao: 19 Okt 2010 22:36 Idi na vrh
offline diarno Anti Malware Fighter Rank 2 Pridružio: 15 Jun 2007 Poruke: 5572	1Ovo se svidja korisniku: goran9888 Registruj se da bi pohvalio/la poruku! Ja se izvinjavam kolegi sto upadam u slucaj ali kako ne bismo gubili vreme, zamolio bih te da okacis CF log kao sto ti je Goran rekao, a ne TDSSKiller-ov log. Citat:Korak 2 Ponovo pokreni ComboFix i postavi mi svez log. goran9888 (AMF Tim) jos jednom izvinjenje kolegi al kontam da ce razumeti

Profil

vladanstankovic Poslao: 19 Okt 2010 23:54 Idi na vrh
offline vladanstankovic Novi MyCity građanin Pridružio: 02 Dec 2007 Poruke: 7 Gde živiš: Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Moja greska. Evo ga mycity.rs/must-login.png ComboFix 10-10-18.06 - Cetvorka 10/19/2010 23:43:14.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2699 [GMT 2:00] Running from: c:\documents and settings\Cetvorka\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 On-access scanning enabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} AV: Kaspersky Anti-Virus On-access scanning enabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FW: Kaspersky Anti-Virus disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\drivers\str.sys . ((((((((((((((((((((((((( Files Created from 2010-09-19 to 2010-10-19 ))))))))))))))))))))))))))))))) . 2010-10-19 19:49 . 2010-10-19 19:49 -------- d-----w- C:\TDSSKiller_Quarantine 2010-10-19 13:17 . 2010-10-19 13:17 14802944 ---ha-w- c:\documents and settings\Cetvorka\ntuser.tmp 2010-10-17 20:47 . 2010-10-17 23:18 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2010-10-17 20:47 . 2010-10-17 20:47 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Thinstall 2010-10-17 20:47 . 2010-10-17 20:47 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\Thinstall 2010-10-17 17:03 . 2010-10-17 17:03 -------- d-----w- c:\documents and settings\Cetvorka\DoctorWeb 2010-10-17 13:01 . 2010-10-17 13:01 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy) 2010-10-17 12:01 . 2010-10-17 12:01 -------- d-----w- c:\program files\Electronic Arts 2010-10-12 17:50 . 2010-10-12 17:50 -------- d-----w- c:\program files\Neat Video for Premiere 2010-10-12 17:49 . 2010-10-12 17:49 -------- d-----w- c:\program files\Neat Video for After Effects 2010-10-12 12:02 . 2010-10-12 12:02 -------- d-----w- c:\program files\Common Files\Apple 2010-10-11 22:00 . 2010-10-11 22:00 -------- d-----w- c:\program files\Camtech 2010-10-11 21:26 . 2010-10-11 21:26 -------- d-----w- c:\program files\DVFilm 2010-10-11 21:26 . 2008-06-23 17:15 927232 ----a-w- c:\windows\system32\raylightQuicktime1.qtx 2010-10-11 21:26 . 2008-06-23 17:15 927232 ----a-w- c:\windows\system32\raylightQuicktime2.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime3.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime4.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime7.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime8.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime13.qtx 2010-10-11 21:26 . 2008-06-23 17:14 927232 ----a-w- c:\windows\system32\raylightQuicktime14.qtx 2010-10-07 21:37 . 2010-10-07 21:37 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\BlackBean 2010-10-07 20:21 . 2010-10-07 20:21 -------- d-----w- c:\program files\BlackBeanGames 2010-10-06 18:35 . 2010-10-06 18:35 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\SKIDROW 2010-10-05 17:18 . 2010-10-15 21:24 -------- d-----w- c:\program files\JDownloader 2010-10-04 19:53 . 2010-10-04 19:53 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\My Games 2010-10-04 19:38 . 2010-10-06 18:34 -------- d-----w- c:\program files\Sid Meier's Civilization V 2010-10-04 07:51 . 2010-10-04 07:51 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\CheeseSoft 2010-10-04 07:51 . 2010-10-04 07:51 -------- d-----w- c:\program files\FinalUninstaller 2010-10-03 20:15 . 2010-10-03 20:35 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedMP3Downloader 2010-10-03 20:15 . 2010-10-03 20:15 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\SpeedMP3Downloader 2010-10-03 19:57 . 2010-10-04 16:27 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Conduit 2010-10-03 19:57 . 2010-10-03 19:57 -------- d-----w- c:\program files\Conduit 2010-10-03 19:57 . 2010-10-04 16:53 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\Hot_MP3 2010-10-03 19:57 . 2010-10-04 16:27 -------- d-----w- c:\program files\Hot_MP3 2010-10-03 19:57 . 2010-10-03 19:58 -------- d-----w- c:\program files\SpeedMP3Downloader 2010-10-01 23:04 . 2010-10-01 23:04 -------- d-----w- c:\program files\2K Games 2010-10-01 20:00 . 2004-01-21 19:26 377856 ----a-w- c:\windows\system\binkw32.dll 2010-10-01 19:53 . 2010-10-01 19:53 -------- d-----w- c:\program files\RADVideo 2010-10-01 17:18 . 2010-10-01 18:12 -------- d-----w- C:\BackSys 2010-10-01 15:51 . 2010-10-01 15:51 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\4A Games 2010-10-01 15:51 . 2010-10-01 15:51 -------- d-----w- c:\documents and settings\Cetvorka\Application Data\NVIDIA 2010-10-01 15:00 . 2010-10-01 19:58 -------- d-----w- c:\program files\Steam 2010-10-01 11:30 . 2010-10-01 17:26 -------- d-----w- c:\windows\RestoreSafeDeleted 2010-10-01 11:30 . 2010-10-01 18:11 24416 ----a-w- c:\windows\system32\drivers\regguard.sys 2010-10-01 10:25 . 2010-10-01 10:25 -------- d-----w- c:\program files\Digieffects 2010-10-01 10:22 . 2010-10-01 10:22 2 --shatr- c:\windows\winstart.bat 2010-10-01 10:22 . 2010-09-01 12:18 12808 ----a-w- c:\windows\system32\drivers\UnHackMeDrv.sys 2010-10-01 10:22 . 2010-10-01 16:58 -------- d-----w- c:\program files\UnHackMe 2010-09-26 18:57 . 2009-10-15 10:44 809560 ----a-r- c:\windows\system32\tmp895.tmp 2010-09-26 18:56 . 2009-10-15 10:44 809560 ----a-r- c:\windows\system32\tmp894.tmp 2010-09-25 16:09 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmp23C.tmp 2010-09-25 16:09 . 2010-08-18 15:10 809560 ----a-r- c:\windows\system32\tmp23B.tmp 2010-09-22 19:29 . 2010-09-22 19:29 -------- d-----w- c:\documents and settings\All Users\Application Data\IncrediMail 2010-09-22 19:29 . 2010-09-22 19:30 -------- d-----w- c:\documents and settings\All Users\Application Data\IM 2010-09-21 23:22 . 2010-09-21 23:24 1160 --sha-w- c:\windows\system32\KGyGaAvL.sys 2010-09-20 16:55 . 2000-05-22 20:58 608448 ----a-w- c:\windows\system32\comctl32.ocx 2010-09-20 16:55 . 2010-10-11 20:44 -------- d-----w- c:\program files\Total Video Converter 2010-09-19 22:18 . 2010-09-19 22:18 -------- d-----w- c:\documents and settings\Cetvorka\Local Settings\Application Data\LooksBuilder . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-05-08 12:51 . 2010-05-08 12:51 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll . ------- Sigcheck ------- [7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\system32\dllcache\wuauclt.exe [7] 2008-04-14 . ED7262E52C31CF1625B65039102BC16C . 111104 . . [5.4.3790.5512] . . c:\windows\ServicePackFiles\i386\wuauclt.exe [7] 2004-08-03 . 4126D27CECE4471E00E425411F7306B5 . 111104 . . [5.4.3790.2180] . . c:\windows\$NtServicePackUninstall$\wuauclt.exe c:\windows\System32\wuauclt.exe ... is missing !! . ((((((((((((((((((((((((((((( SnapShot@2010-10-17_23.53.11 ))))))))))))))))))))))))))))))))))))))))) . + 2010-10-19 19:53 . 2010-10-19 19:53 16384 c:\windows\Temp\Perflib_Perfdata_2ac.dat + 2010-10-19 19:54 . 2010-10-19 19:54 16384 c:\windows\Temp\Perflib_Perfdata_25c.dat - 2008-12-22 19:00 . 2008-05-08 06:21 77200 c:\windows\system32\drivers\jraid.sys + 2008-12-22 19:00 . 2010-10-18 22:23 77200 c:\windows\system32\drivers\jraid.sys - 2008-12-22 18:39 . 2010-07-21 14:00 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2008-12-22 18:39 . 2010-10-19 09:06 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2008-12-22 18:39 . 2010-07-21 14:00 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2008-12-22 18:39 . 2010-10-19 09:06 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-10-18 14:44 . 2010-10-19 09:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2008-12-22 18:39 . 2010-07-21 14:00 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2008-12-22 19:10 . 2010-10-19 19:54 16608 c:\windows\gdrv.sys - 2008-12-22 19:10 . 2010-10-17 23:53 16608 c:\windows\gdrv.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] 2010-10-04 16:27 2735200 ----a-w- c:\program files\Hot_MP3\tbHot1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{9384bd4c-dd14-4be9-80f7-f6277511e4f5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{9384BD4C-DD14-4BE9-80F7-F6277511E4F5}"= "c:\program files\Hot_MP3\tbHot1.dll" [2010-10-04 2735200] [HKEY_CLASSES_ROOT\clsid\{9384bd4c-dd14-4be9-80f7-f6277511e4f5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-09-28 2407632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AutorunRemover.exe"="c:\program files\AutorunRemover\AutorunRemover.exe" [2010-04-02 1370624] "CertificateRegistration"="SafeSignCertReg.exe" [2004-02-17 28672] "{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe" [2010-04-08 300544] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-06-24 2202704] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0Vlaki [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-05-08 12:45 136176 ----atw- c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Bonjour Service"=2 (0x2) "GoogleDesktopManager-110309-193829"=3 (0x3) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP2\\RpcAgentSrv.exe"= "c:\\WINDOWS\\system32\\java.exe"= "c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\totalcmd\\TOTALCMD.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Sony\\Vegas Pro 8.0\\VegSrv80.exe"= "c:\\Program Files\\Adobe\\Adobe After Effects CS3\\Support Files\\AfterFX.exe"= "c:\\Program Files\\SiSoftware\\SiSoftware Sandra Professional Home 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Autodesk\\Maya2010\\bin\\maya.exe"= "c:\\Program Files\\Autodesk\\Autodesk Toxik 2010\\program\\toxik.exe"= "c:\\Program Files\\Adobe\\Adobe Premiere Pro CS3\\Adobe Premiere Pro.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\eyeon\\Fusion 6.0\\eyeonScript.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\PESEdit\\2010 FIFA World Cup Patch\\pes2010.exe"= "c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2010\\pes2010.exe"= "c:\\Program Files\\Codemasters\\F1 2010\\F1_2010_game.exe"= "c:\\Program Files\\Steam\\Steam.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server "3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server "50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server "50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server "1055:TCP"= 1055:TCP:Discreet BrowseD "1066:TCP"= 1066:TCP:Discreet Slave Render "1947:TCP"= 1947:TCP:HASP SRM "1947:UDP"= 1947:UDP:HASP SRM [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings] "AllowInboundEchoRequest"= 1 (0x1) R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [9/28/2009 2:02 PM 259176] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/3/2009 4:11 PM 130936] R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [7/18/2010 1:38 AM 145504] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4/28/2010 8:17 AM 114984] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [6/24/2010 9:27 AM 810144] R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [12/22/2008 9:10 PM 80392] R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?] R2 JawsService.exe;Jaws Service;c:\program files\SpeedSix\bin\JawsService.exe [8/22/2006 12:27 PM 53248] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [5/2/2009 5:01 PM 304464] R3 EuMusDesignVirtualAudioCableWdm_s2x;Sound2x Audio Cable (WDM);c:\windows\system32\drivers\vacs2xkd.sys [12/23/2008 5:57 PM 42880] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [5/2/2009 5:01 PM 20952] S2 57xx SteelVine Manager;57xx SteelVine;c:\program files\Silicon Image\57xx SteelVine\SteelVine.exe [8/20/2007 12:42 PM 1282048] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/8/2010 2:54 PM 136176] S2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [6/18/2010 2:16 PM 223232] S2 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [3/10/2008 12:04 AM 65536] S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [12/23/2008 5:57 PM 16512] S3 RegGuard;RegGuard;c:\windows\system32\drivers\regguard.sys [10/1/2010 1:30 PM 24416] S3 s115bus;Sony Ericsson Device 115 driver (WDM);c:\windows\system32\drivers\s115bus.sys [6/23/2010 3:59 PM 83208] S3 s115mdfl;Sony Ericsson Device 115 USB WMC Modem Filter;c:\windows\system32\drivers\s115mdfl.sys [6/23/2010 3:59 PM 15112] S3 s115mdm;Sony Ericsson Device 115 USB WMC Modem Driver;c:\windows\system32\drivers\s115mdm.sys [6/23/2010 3:59 PM 108680] S3 s115mgmt;Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s115mgmt.sys [6/23/2010 3:59 PM 100488] S3 s115obex;Sony Ericsson Device 115 USB WMC OBEX Interface;c:\windows\system32\drivers\s115obex.sys [6/23/2010 3:59 PM 98568] S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Professional Home 2009.SP2\RpcAgentSrv.exe [12/23/2008 3:43 PM 98488] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/3/2009 4:11 PM 348752] S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096] S3 TodosAgmII;Driver for Todos Argosmini II USB;c:\windows\system32\drivers\AgmIIusb.sys [6/21/2010 11:17 PM 22016] S4 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/8/2010 2:51 PM 30192] --- Other Services/Drivers In Memory --- Deregistered* - klmd25 Deregistered - klmdb . Contents of the 'Scheduled Tasks' folder 2010-10-19 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-08 12:51] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 12:54] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-08 12:54] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-682003330-1003Core.job - c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 12:45] 2010-10-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-343818398-1957994488-682003330-1003UA.job - c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-08 12:45] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ig?hl=en uInternet Settings,ProxyOverride = .local IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} FF - ProfilePath - c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_address_bar_fs&search= FF - component: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll FF - plugin: c:\documents and settings\Cetvorka\Application Data\Mozilla\Firefox\Profiles\wijp8ut3.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll FF - plugin: c:\documents and settings\Cetvorka\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\VersionVersion] "Version"=hex:40,57,d0,3f,22,9f,8b,82,9f,c1,fa,0d,a8,8d,e6,83,db,64,1e,8a,c4, 84,db,e9,3d,ac,d4,7f,28,62,66,bb,fa,69,78,b8,4b,a2,27,a6,76,a7,60,44,fb,fa,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:40,57,d0,3f,22,9f,8b,82,9f,c1,fa,0d,a8,8d,e6,83,db,64,1e,8a,c4, 84,db,e9,3d,ac,d4,7f,28,62,66,bb,fa,69,78,b8,4b,a2,27,a6,76,a7,60,44,fb,fa,\ . Completion time: 2010-10-19 23:52:22 ComboFix-quarantined-files.txt 2010-10-19 21:52 ComboFix2.txt 2010-10-17 23:59 Pre-Run: 95,803,916,288 bytes free Post-Run: 95,837,073,408 bytes free - - End Of File - - 219044FDA0ADF31AECC2CB60ABF802CE

Profil

1l padr1n0 Poslao: 20 Okt 2010 00:24 Idi na vrh
offline 1l padr1n0 Anti Malware Fighter Rank 2 Pridružio: 02 Feb 2008 Poruke: 14018 Gde živiš: Nish	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `FCopy:: c:\windows\ServicePackFiles\i386\wuauclt.exe\|c:\windows\System32\wuauclt.exe SecCenter:: {2C4D4BC6-0793-4956-A9F9-E252435469C0} File:: c:\windows\system32\tmp895.tmp c:\windows\system32\tmp894.tmp c:\windows\system32\tmp23C.tmp c:\windows\system32\tmp23B.tmp` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. Kakvo je sada stanje racunara? goran9888 (AMF Tim)

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Wuauclt.exe

Ko je trenutno na forumu

Ukupno su 855 korisnika na forumu :: 18 registrovanih, 1 sakriven i 836 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., Boris90, comi_pfc, laki_bb, loon123, Marko Marković, Mixelotti, operniki, procesor, raketaš, repac, S2M, stegonosa, wolverined4, wulfy, yrraf, zdrebac

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by