MyCity » Ambulanta -> Arhiva Ambulante » Zbog virusa kasni mi sat na kompu i usporen rad racunara

Zbog virusa kasni mi sat na kompu i usporen rad racunara

Napisano na dan: 11.7.2009

Zbog virusa kasni mi sat na kompu i usporen rad racunara

Sledeća strana

Pagination

Odgovori

Cyrax Poslao: 11 Jul 2009 22:50 Idi na vrh
offline Cyrax Građanin Pridružio: 13 Maj 2008 Poruke: 113	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem vec 10-ak dana, preko noci kada ostavim komp da mi radi desi mi se ujutru kada se probudim da kasni po 4-5 sati!!! Pored toga sto kasni sat vizuelno se primecuje da i sam racunar radi usporeno!!! Pa ako ima neko da mi pomogne ? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:42:26, on 11.7.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Folder Guard Pro\FGKey.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\RFA\rfagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\Cyberlink\Shared Files\brs.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Webteh\BSplayer\bsplayer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\Crawler\Toolbar\CToolbar.exe C:\Documents and Settings\Dragan Zdravkovic\Desktop\ova\TR3.exe..exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.rs/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = crawler.com/search/ie.aspx?tb_id=60327 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = dnl.crawler.com/support/sa_customize.aspx?TbId=60327 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R3 - URLSearchHook: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn1\yt.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [FG_Monitor] C:\Program Files\Folder Guard Pro\FGKey.exe /Start O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA\rfagent.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe" O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe" O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared Files\brs.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: Crawler Search - tbr:iemenu O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?06eab7b4073a4e97bad8e53154277e26 O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?06eab7b4073a4e97bad8e53154277e26 O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b0.....586-jc.cab O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- End of file - 11009 bytes

Profil

dr_Bora Poslao: 12 Jul 2009 01:04 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Kako si zaključio da sat kasni zbog virusa? Preuzmi gmer.zip sa ovog linka i sačuvaj na Desktopu. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit/Malware Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati rezultate skeniranja u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Iskoristi opciju Prikači fajl ispod polja za pisanje poruke na forumu, i prikači nam ovde ta dva fajla koja smo malopre snimili.

Profil

Cyrax Poslao: 12 Jul 2009 19:35 Idi na vrh
offline Cyrax Građanin Pridružio: 13 Maj 2008 Poruke: 113	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Pa dvetri veceri zaredom kada god ostavim komp upaljen celu noc, ujutru kada se probudim razlika je po nekoliko sati!!! A izmedju ostalog kucaju mi i neki programi i komp mi radi malo usporeno! mycity.rs/must-login.png mycity.rs/must-login.png

Profil

dr_Bora Poslao: 12 Jul 2009 21:31 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ne vidim ovde bilo šta problematično. Hajde da odradimo proveru još jednim alatom... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: zatvori pokrenute programe; deaktiviraj zaštitni softver (uputstvo); dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Cyrax Poslao: 12 Jul 2009 22:15 Idi na vrh
offline Cyrax Građanin Pridružio: 13 Maj 2008 Poruke: 113	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-04-21.03 - Dragan Zdravkovic 12.07.2009 22:08.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1562 [GMT -7:00] Running from: c:\documents and settings\Dragan Zdravkovic\Desktop\yyyy\combofix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) FW: Kaspersky Internet Security disabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\ShoppingReport c:\program files\ShoppingReport\Uninst.exe . ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-11 09:34 . 2009-07-11 16:47 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\BS_Player 2009-07-11 09:34 . 2009-07-11 09:38 -------- d-----w c:\program files\BS_Player 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w c:\program files\Conduit 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\Conduit 2009-07-11 09:34 . 2009-07-12 03:22 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\BSplayer 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\BSplayer Pro 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w c:\program files\Webteh 2009-07-11 04:42 . 2009-07-11 04:42 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\Keys manager 2009-07-03 19:12 . 2009-07-05 10:17 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\Cyberlink 2009-07-03 19:08 . 2009-07-03 19:08 -------- d-----w c:\documents and settings\All Users\Application Data\Temp 2009-07-02 23:10 . 2009-07-02 23:23 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\Sports Interactive 2009-07-02 23:05 . 2009-07-02 23:05 -------- d-----w c:\documents and settings\All Users\Application Data\Sports Interactive 2009-07-02 22:49 . 2009-07-02 22:52 -------- d--h--w c:\program files\Zero G Registry 2009-07-02 22:49 . 2009-07-02 22:49 -------- d-----w c:\program files\Sports Interactive 2009-07-02 22:49 . 2009-07-02 22:49 -------- d--h--w c:\documents and settings\Dragan Zdravkovic\InstallAnywhere 2009-06-18 19:23 . 2009-06-18 19:23 4096 ----a-w c:\windows\d3dx.dat 2009-06-16 03:55 . 2009-06-16 03:55 39 ----a-w c:\windows\KeplerAstrology.INI 2009-06-16 03:54 . 2009-06-17 07:48 -------- d-----w C:\KEPLER70 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 04:53 . 2009-04-13 00:06 -------- d-----w c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-13 02:26 . 2009-03-22 10:10 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\Skype 2009-07-12 15:53 . 2009-04-13 00:06 7472672 --sha-w c:\windows\system32\drivers\fidbox.dat 2009-07-12 15:53 . 2009-04-13 00:06 7204 --sha-w c:\windows\system32\drivers\fidbox2.idx 2009-07-12 15:53 . 2009-04-13 00:06 65748 --sha-w c:\windows\system32\drivers\fidbox.idx 2009-07-12 15:53 . 2009-04-13 00:06 565280 --sha-w c:\windows\system32\drivers\fidbox2.dat 2009-07-12 05:29 . 2009-04-11 00:21 -------- d-----w c:\documents and settings\All Users\Application Data\RFA_Backups 2009-07-12 05:22 . 2009-04-10 22:09 -------- d-----w c:\program files\TuneUp Utilities 2009 2009-07-08 12:14 . 2009-03-15 11:31 -------- d-----w c:\program files\Folder Guard Pro 2009-07-04 07:40 . 2009-03-21 19:41 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\CyberLink 2009-07-03 19:12 . 2009-03-21 19:41 -------- d-----w c:\documents and settings\All Users\Application Data\CyberLink 2009-07-03 19:09 . 2009-03-21 19:41 -------- d-----w c:\program files\Common Files\CyberLink 2009-07-03 19:09 . 2009-03-15 20:27 -------- d--h--w c:\program files\InstallShield Installation Information 2009-07-03 19:08 . 2009-03-21 19:40 -------- d-----w c:\program files\CyberLink 2009-07-03 19:08 . 2009-03-21 19:40 29480 ----a-w c:\windows\system32\msxml3a.dll 2009-07-03 19:08 . 2009-03-20 19:42 353576 ----a-w c:\windows\system32\msvcr71.dll 2009-07-03 19:08 . 2003-03-18 20:14 505128 ----a-w c:\windows\system32\msvcp71.dll 2009-06-17 23:31 . 2009-03-15 20:50 67608 ----a-w c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-17 23:29 . 2009-03-21 17:06 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 04:09 . 2009-06-12 04:09 -------- d-----w c:\program files\Hair Pro 2008 Light 2009-06-12 04:00 . 2009-06-12 04:00 -------- d-----w c:\program files\Kickassscreensavers.com 2009-06-06 04:06 . 2009-03-20 17:37 -------- d-----w c:\program files\Valve 2009-06-03 09:22 . 2009-03-15 08:08 15600 ----a-w c:\windows\gdrv.sys 2009-06-01 23:30 . 2009-06-01 23:30 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\VitySoft 2009-06-01 23:30 . 2009-06-01 23:30 410984 ----a-w c:\windows\system32\deploytk.dll 2009-06-01 23:30 . 2009-06-01 23:30 -------- d-----w c:\program files\Java 2009-06-01 00:08 . 2009-03-15 10:19 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-06-01 00:02 . 2009-03-15 09:53 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! 2009-06-01 00:02 . 2009-03-15 08:08 -------- d-----w c:\program files\Yahoo! 2009-05-30 08:27 . 2009-03-21 20:08 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\uTorrent 2009-05-24 07:08 . 2009-03-21 17:28 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\Ahead 2009-05-20 22:07 . 2009-04-13 00:06 105395 ----a-w c:\windows\system32\drivers\klin.dat 2009-05-20 22:07 . 2009-04-13 00:06 94643 ----a-w c:\windows\system32\drivers\klick.dat 2009-05-19 23:46 . 2009-03-21 18:09 -------- d-----w c:\program files\Mv2Player 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\PC Auto Shutdown 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w c:\documents and settings\All Users\Application Data\PMB Files 2009-05-19 18:31 . 2009-05-04 01:45 -------- d-----w c:\program files\Pando Networks 2009-05-19 00:19 . 2009-05-19 00:19 -------- d-----w c:\program files\Audio Bible Ambassador 2009-05-16 05:46 . 2009-05-16 05:46 -------- d-----w c:\documents and settings\Dragan Zdravkovic\Application Data\Braid 2009-05-04 23:39 . 2009-05-04 08:16 1200128 ----a-w c:\windows\RtkUpd.exe 2009-05-04 08:20 . 2006-10-19 00:31 363008 ----a-w c:\windows\system32\idecoiins.dll 2009-05-04 08:20 . 2006-10-19 00:31 363008 ----a-w c:\windows\system32\idecoi.dll 2009-05-04 08:20 . 2006-10-06 00:35 35840 ----a-w c:\windows\system32\NVCOI.DLL 2009-05-02 00:22 . 2009-05-02 00:22 604416 ----a-w c:\windows\system32\TUProgSt.exe 2009-05-02 00:22 . 2009-04-10 22:09 361216 ----a-w c:\windows\system32\TuneUpDefragService.exe 2009-04-27 12:21 . 2009-05-02 00:22 28928 ----a-w c:\windows\system32\uxtuneup.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2009-07-11 09:39 2215960 ----a-w c:\program files\BS_Player\tbBS_1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2008-01-05 118600] "rfagent"="c:\program files\RFA\rfagent.exe" [2008-11-24 916800] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-13 206088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-28 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-08 75048] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\adialhk.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk \0 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "e:\\??????????? ????????\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57457:TCP"= 57457:TCP:Pando Media Booster "57457:UDP"= 57457:UDP:Pando Media Booster R3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [2008-05-20 93696] R3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360] S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-04-13 33808] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/03 12:09];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-05-08 04:05 87536] S2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [2008-01-05 54008] S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152] S2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-15 226656] S2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\System32\TUProgSt.exe [2009-05-02 604416] S2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392] S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [2008-03-14 26640] S3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\DRIVERS\klim5.sys [2008-05-01 24592] --- Other Services/Drivers In Memory --- Deregistered* - duuiaara HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9f0f3264-2d4c-11de-ae94-001fd0b5bc2f}] \Shell\AutoRun\command - libejr.exe \Shell\explore\Command - libejr.exe \Shell\open\Command - libejr.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8a30177-3796-11de-ae9b-001fd0b5bc2f}] \Shell\AutoOpen\command - .\MSOCache\90000804-6000-11D3-8CFE-0150048383C9\KB915865.exe [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-13 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.rs/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?06eab7b4073a4e97bad8e53154277e26 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?06eab7b4073a4e97bad8e53154277e26 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\Dragan Zdravkovic\Application Data\Mozilla\Firefox\Profiles\6yx89i8d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://google.rs FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q= FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll FF - component: c:\documents and settings\Dragan Zdravkovic\Application Data\Mozilla\Firefox\Profiles\6yx89i8d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-12 22:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1020) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-07-13 22:09 ComboFix-quarantined-files.txt 2009-07-13 05:09 Pre-Run: 5.779.812.352 bytes free Post-Run: 5.783.195.648 bytes free 230

Profil

dr_Bora Poslao: 12 Jul 2009 22:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Restartuj PC, a zatim doslovce isprati uputstvo koje si dobio (to uključuje skidanje nove verzije programa sa datog linka).

Profil

Cyrax Poslao: 12 Jul 2009 22:57 Idi na vrh
offline Cyrax Građanin Pridružio: 13 Maj 2008 Poruke: 113	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! evo novog: ComboFix 09-07-12.01 - Dragan Zdravkovic 12.07.2009 22:48.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1550 [GMT -7:00] Running from: c:\documents and settings\Dragan Zdravkovic\Desktop\ComboFix.exe AV: Kaspersky Internet Security On-access scanning disabled (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: Kaspersky Internet Security disabled {2C4D4BC6-0793-4956-A9F9-E252435469C0} . ((((((((((((((((((((((((( Files Created from 2009-06-13 to 2009-07-13 ))))))))))))))))))))))))))))))) . 2009-07-11 09:34 . 2009-07-11 16:47 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\BS_Player 2009-07-11 09:34 . 2009-07-11 09:38 -------- d-----w- c:\program files\BS_Player 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w- c:\program files\Conduit 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\Conduit 2009-07-11 09:34 . 2009-07-12 03:22 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\BSplayer 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\BSplayer Pro 2009-07-11 09:34 . 2009-07-11 09:34 -------- d-----w- c:\program files\Webteh 2009-07-11 04:42 . 2009-07-11 04:42 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\Keys manager 2009-07-03 19:12 . 2009-07-05 10:17 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\Cyberlink 2009-07-03 19:08 . 2009-07-03 19:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Temp 2009-07-03 19:08 . 2009-07-03 19:08 53319 ----a-w- c:\documents and settings\All Users\Application Data\Temp\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2009-07-02 23:10 . 2009-07-02 23:23 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\Sports Interactive 2009-07-02 23:05 . 2009-07-02 23:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sports Interactive 2009-07-02 22:49 . 2009-07-02 22:52 -------- d--h--w- c:\program files\Zero G Registry 2009-07-02 22:49 . 2009-07-02 22:49 -------- d-----w- c:\program files\Sports Interactive 2009-07-02 22:49 . 2009-07-02 22:49 -------- d--h--w- c:\documents and settings\Dragan Zdravkovic\InstallAnywhere 2009-06-18 19:23 . 2009-06-18 19:23 4096 ----a-w- c:\windows\d3dx.dat 2009-06-16 03:54 . 2009-06-17 07:48 -------- d-----w- C:\KEPLER70 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-13 05:52 . 2009-03-22 10:10 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\Skype 2009-07-13 05:51 . 2009-04-13 00:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-13 05:50 . 2009-04-13 00:06 7472672 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-13 05:50 . 2009-04-13 00:06 7204 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-13 05:50 . 2009-04-13 00:06 65748 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-13 05:50 . 2009-04-13 00:06 565280 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-12 05:29 . 2009-04-11 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\RFA_Backups 2009-07-12 05:22 . 2009-04-10 22:09 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-07-08 12:14 . 2009-03-15 11:31 -------- d-----w- c:\program files\Folder Guard Pro 2009-07-04 07:40 . 2009-03-21 19:41 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\CyberLink 2009-07-03 19:12 . 2009-03-21 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-07-03 19:09 . 2009-03-21 19:41 -------- d-----w- c:\program files\Common Files\CyberLink 2009-07-03 19:09 . 2009-03-15 20:27 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-07-03 19:08 . 2009-03-21 19:40 -------- d-----w- c:\program files\CyberLink 2009-07-03 19:08 . 2009-03-21 19:40 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-07-03 19:08 . 2009-03-20 19:42 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-07-03 19:08 . 2003-03-18 20:14 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-06-17 23:31 . 2009-03-15 20:50 67608 ----a-w- c:\documents and settings\Dragan Zdravkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-17 23:29 . 2009-03-21 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-06-12 04:09 . 2009-06-12 04:09 -------- d-----w- c:\program files\Hair Pro 2008 Light 2009-06-12 04:00 . 2009-06-12 04:00 -------- d-----w- c:\program files\Kickassscreensavers.com 2009-06-06 04:06 . 2009-03-20 17:37 -------- d-----w- c:\program files\Valve 2009-06-03 09:22 . 2009-03-15 08:08 15600 ----a-w- c:\windows\gdrv.sys 2009-06-01 23:30 . 2009-06-01 23:30 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\VitySoft 2009-06-01 23:30 . 2009-06-01 23:30 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-06-01 23:30 . 2009-06-01 23:30 -------- d-----w- c:\program files\Java 2009-06-01 23:24 . 2009-06-01 23:24 152576 ----a-w- c:\documents and settings\Dragan Zdravkovic\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-06-01 00:08 . 2009-03-15 10:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion 2009-06-01 00:02 . 2009-03-15 09:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! 2009-06-01 00:02 . 2009-03-15 08:08 -------- d-----w- c:\program files\Yahoo! 2009-05-30 08:27 . 2009-03-21 20:08 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\uTorrent 2009-05-27 02:50 . 2009-06-01 00:02 607472 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\YUpdater\yupdater.exe 2009-05-24 07:08 . 2009-03-21 17:28 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\Ahead 2009-05-20 22:07 . 2009-04-13 00:06 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-20 22:07 . 2009-04-13 00:06 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-19 23:46 . 2009-03-21 18:09 -------- d-----w- c:\program files\Mv2Player 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Auto Shutdown 2009-05-19 18:35 . 2009-05-19 18:35 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files 2009-05-19 18:31 . 2009-05-04 01:45 -------- d-----w- c:\program files\Pando Networks 2009-05-19 09:27 . 2009-05-19 09:27 114688 ----a-w- c:\documents and settings\Dragan Zdravkovic\Application Data\Mozilla\Firefox\Profiles\6yx89i8d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\npmozax.dll 2009-05-19 00:19 . 2009-05-19 00:19 -------- d-----w- c:\program files\Audio Bible Ambassador 2009-05-16 05:46 . 2009-05-16 05:46 -------- d-----w- c:\documents and settings\Dragan Zdravkovic\Application Data\Braid 2009-05-09 09:29 . 2009-05-09 09:29 7680 ----a-w- c:\documents and settings\Dragan Zdravkovic\Application Data\Thinstall\KMPlayer v2.9.3.1428\4000003800002i\wltuser.exe 2009-05-09 09:29 . 2009-05-09 09:29 7680 ----a-w- c:\documents and settings\Dragan Zdravkovic\Application Data\Thinstall\KMPlayer v2.9.3.1428\4000009c00002i\IEXPLORE.EXE 2009-05-04 23:39 . 2009-05-04 08:16 3721664 ----a-w- c:\windows\system32\drivers\RtKHDMI.sys 2009-05-04 23:39 . 2009-05-04 08:16 1200128 ----a-w- c:\windows\RtkUpd.exe 2009-05-04 08:20 . 2006-10-19 00:31 363008 ----a-w- c:\windows\system32\idecoiins.dll 2009-05-04 08:20 . 2006-10-19 00:31 363008 ----a-w- c:\windows\system32\idecoi.dll 2009-05-04 08:20 . 2006-10-19 00:31 105088 ----a-w- c:\windows\system32\drivers\nvata.sys 2009-05-04 08:20 . 2006-10-06 00:35 35840 ----a-w- c:\windows\system32\NVCOI.DLL 2009-05-02 00:22 . 2009-05-02 00:22 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-05-02 00:22 . 2009-04-10 22:09 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-04-27 12:21 . 2009-05-02 00:22 28928 ----a-w- c:\windows\system32\uxtuneup.dll 2009-04-18 09:29 . 2009-04-18 09:29 7680 ----a-w- c:\documents and settings\Dragan Zdravkovic\Application Data\Thinstall\KMPlayer v2.9.3.1428\4000001c00002i\opera.exe . ((((((((((((((((((((((((((((( SnapShot@2009-07-13_05.08.26 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-13 05:51 . 2009-07-13 05:51 16384 c:\windows\Temp\Perflib_Perfdata_b38.dat + 2009-07-13 05:46 . 2009-07-13 05:46 16384 c:\windows\Temp\Perflib_Perfdata_b1c.dat + 2009-07-13 05:51 . 2009-07-13 05:51 16384 c:\windows\Temp\Perflib_Perfdata_39c.dat + 2009-03-15 07:52 . 2004-08-04 01:07 19429 c:\windows\system32\MsDtc\Trace\msdtcvtr.bat + 2009-03-22 16:36 . 2009-03-22 16:36 98816 c:\windows\Installer\4f33a14.msi + 2009-03-22 16:35 . 2009-03-22 16:35 23040 c:\windows\Installer\4f339f0.msi + 2009-03-22 16:34 . 2009-03-22 16:34 25088 c:\windows\Installer\4f33993.msi + 2009-03-22 16:34 . 2009-03-22 16:34 28160 c:\windows\Installer\4f3398c.msi + 2009-03-22 16:33 . 2009-03-22 16:33 83456 c:\windows\Installer\4f33968.msi + 2009-03-22 16:33 . 2009-03-22 16:33 59904 c:\windows\Installer\4f33961.msi + 2009-03-25 11:04 . 2009-03-25 11:04 20480 c:\windows\Installer\2e67367.msi + 2009-03-25 11:03 . 2009-03-25 11:03 26112 c:\windows\Installer\2e67360.msi + 2009-03-15 10:24 . 2009-03-15 10:24 51712 c:\windows\Installer\22a96.msi + 2009-03-20 19:03 . 2008-01-19 04:43 2247 c:\windows\ServicePackFiles\i386\tscdsbl.bat + 2009-03-20 19:04 . 2008-01-19 04:43 2247 c:\windows\Installer\tsclientmsitrans\tscdsbl.bat + 2009-03-20 19:03 . 2007-04-03 08:04 366080 c:\windows\ServicePackFiles\i386\digreqex.msi + 2009-03-20 19:04 . 2007-04-03 08:04 863232 c:\windows\ServicePackFiles\i386\digopt.msi + 2009-06-01 23:30 . 2009-06-01 23:30 598016 c:\windows\Installer\c4f661.msi + 2009-03-15 20:48 . 2009-03-15 20:48 195072 c:\windows\Installer\bad49.msi + 2009-03-15 20:48 . 2009-03-15 20:48 248832 c:\windows\Installer\bad42.msi + 2009-03-15 20:48 . 2009-03-15 20:48 248832 c:\windows\Installer\bad3b.msi + 2009-03-15 20:48 . 2009-03-15 20:48 251392 c:\windows\Installer\bad34.msi + 2009-03-15 20:48 . 2009-03-15 20:48 251392 c:\windows\Installer\bad2d.msi + 2009-03-15 20:48 . 2009-03-15 20:48 251392 c:\windows\Installer\bad26.msi + 2009-03-15 20:48 . 2009-03-15 20:48 251392 c:\windows\Installer\bad1f.msi + 2009-03-15 20:48 . 2009-03-15 20:48 251392 c:\windows\Installer\bad18.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bad11.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bad0a.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bad03.msi + 2009-03-15 20:47 . 2009-03-15 20:47 248320 c:\windows\Installer\bacfc.msi + 2009-03-15 20:47 . 2009-03-15 20:47 248832 c:\windows\Installer\bacf5.msi + 2009-03-15 20:47 . 2009-03-15 20:47 248832 c:\windows\Installer\bacee.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bace7.msi + 2009-03-15 20:47 . 2009-03-15 20:47 249344 c:\windows\Installer\bace0.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bacd9.msi + 2009-03-15 20:47 . 2009-03-15 20:47 249344 c:\windows\Installer\bacd2.msi + 2009-03-15 20:47 . 2009-03-15 20:47 252416 c:\windows\Installer\baccb.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251904 c:\windows\Installer\bacc4.msi + 2009-03-15 20:47 . 2009-03-15 20:47 249344 c:\windows\Installer\bacbd.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251904 c:\windows\Installer\bacb6.msi + 2009-03-15 20:47 . 2009-03-15 20:47 251392 c:\windows\Installer\bacaf.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\baca8.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\baca1.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\bac9a.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\bac93.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\bac8c.msi + 2009-03-15 20:47 . 2009-03-15 20:47 267776 c:\windows\Installer\bac85.msi + 2009-03-15 20:46 . 2009-03-15 20:46 268800 c:\windows\Installer\bac7e.msi + 2009-03-15 20:46 . 2009-03-15 20:46 267776 c:\windows\Installer\bac77.msi + 2009-03-15 20:46 . 2009-03-15 20:46 267776 c:\windows\Installer\bac70.msi + 2009-03-15 20:46 . 2009-03-15 20:46 267776 c:\windows\Installer\bac69.msi + 2009-03-15 20:46 . 2009-03-15 20:46 185344 c:\windows\Installer\bac62.msi + 2009-03-15 20:46 . 2009-03-15 20:46 185344 c:\windows\Installer\bac5b.msi + 2009-03-15 20:46 . 2009-03-15 20:46 264704 c:\windows\Installer\bac54.msi + 2009-03-15 20:46 . 2009-03-15 20:46 264704 c:\windows\Installer\bac4d.msi + 2009-03-15 20:46 . 2009-03-15 20:46 187392 c:\windows\Installer\bac46.msi + 2009-03-15 20:46 . 2009-03-15 20:46 262656 c:\windows\Installer\bac3f.msi + 2009-03-15 20:46 . 2009-03-15 20:46 265728 c:\windows\Installer\bac38.msi + 2009-03-15 20:46 . 2009-03-15 20:46 264704 c:\windows\Installer\bac31.msi + 2009-03-15 20:46 . 2009-03-15 20:46 265728 c:\windows\Installer\bac2a.msi + 2009-03-15 20:46 . 2009-03-15 20:46 264704 c:\windows\Installer\bac23.msi + 2009-03-15 20:46 . 2009-03-15 20:46 264704 c:\windows\Installer\bac1c.msi + 2009-03-15 20:46 . 2009-03-15 20:46 211968 c:\windows\Installer\bac15.msi + 2009-03-15 20:46 . 2009-03-15 20:46 180224 c:\windows\Installer\bac0e.msi + 2009-03-15 20:46 . 2009-03-15 20:46 286208 c:\windows\Installer\bac07.msi + 2009-03-15 20:46 . 2009-03-15 20:46 181760 c:\windows\Installer\bac00.msi + 2009-03-15 20:46 . 2009-03-15 20:46 268288 c:\windows\Installer\babf9.msi + 2009-03-15 20:46 . 2009-03-15 20:46 317952 c:\windows\Installer\babf2.msi + 2009-03-15 20:46 . 2009-03-15 20:46 258560 c:\windows\Installer\babeb.msi + 2009-03-15 20:45 . 2009-03-15 20:45 774144 c:\windows\Installer\babe4.msi + 2009-03-21 19:40 . 2009-03-21 19:40 331264 c:\windows\Installer\77bd58.msi + 2009-03-15 11:53 . 2009-03-15 11:53 211968 c:\windows\Installer\503d6f.msi + 2009-03-15 11:53 . 2009-03-15 11:53 217088 c:\windows\Installer\503d68.msi + 2009-03-15 11:52 . 2009-03-15 11:52 216576 c:\windows\Installer\503d61.msi + 2009-03-15 11:52 . 2009-03-15 11:52 215552 c:\windows\Installer\503d5a.msi + 2009-03-15 11:52 . 2009-03-15 11:52 221184 c:\windows\Installer\503d53.msi + 2009-03-15 11:52 . 2009-03-15 11:52 220160 c:\windows\Installer\503d4c.msi + 2009-03-15 11:52 . 2009-03-15 11:52 505856 c:\windows\Installer\503d45.msi + 2009-03-15 11:52 . 2009-03-15 11:52 217600 c:\windows\Installer\503d3d.msi + 2009-03-15 11:52 . 2009-03-15 11:52 218112 c:\windows\Installer\503d36.msi + 2009-03-15 11:52 . 2009-03-15 11:52 227328 c:\windows\Installer\503d2f.msi + 2009-03-15 11:51 . 2009-03-15 11:51 213504 c:\windows\Installer\503d28.msi + 2009-03-22 16:37 . 2009-03-22 16:37 549888 c:\windows\Installer\4f33b03.msi + 2009-03-22 16:37 . 2009-03-22 16:37 519168 c:\windows\Installer\4f33afc.msi + 2009-03-22 16:37 . 2009-03-22 16:37 968704 c:\windows\Installer\4f33af5.msi + 2009-03-22 16:37 . 2009-03-22 16:37 570368 c:\windows\Installer\4f33aee.msi + 2009-03-22 16:37 . 2009-03-22 16:37 183296 c:\windows\Installer\4f33ae7.msi + 2009-03-22 16:36 . 2009-03-22 16:36 727040 c:\windows\Installer\4f33a22.msi + 2009-03-22 16:36 . 2009-03-22 16:36 483328 c:\windows\Installer\4f33a1b.msi + 2009-03-22 16:36 . 2009-03-22 16:36 781824 c:\windows\Installer\4f33a0c.msi + 2009-03-22 16:36 . 2009-03-22 16:36 464896 c:\windows\Installer\4f33a05.msi + 2009-03-22 16:36 . 2009-03-22 16:36 891904 c:\windows\Installer\4f339fe.msi + 2009-03-22 16:35 . 2009-03-22 16:35 736768 c:\windows\Installer\4f339f7.msi + 2009-03-22 16:34 . 2009-03-22 16:34 431104 c:\windows\Installer\4f3399c.msi + 2009-03-22 16:34 . 2009-03-22 16:34 140288 c:\windows\Installer\4f33985.msi + 2009-03-22 16:34 . 2009-03-22 16:34 202752 c:\windows\Installer\4f33976.msi + 2009-03-22 16:34 . 2009-03-22 16:34 152576 c:\windows\Installer\4f3396f.msi + 2009-03-22 16:33 . 2009-03-22 16:33 107008 c:\windows\Installer\4f3395a.msi + 2009-03-22 16:33 . 2009-03-22 16:33 301056 c:\windows\Installer\4f33953.msi + 2009-04-10 22:09 . 2009-04-10 22:09 808448 c:\windows\Installer\2a6aa5a.msi + 2009-03-15 10:41 . 2009-03-15 10:41 410112 c:\windows\Installer\22b08.msi + 2009-03-15 10:31 . 2009-03-15 10:31 472064 c:\windows\Installer\22aa2.msi + 2009-03-15 08:00 . 2009-03-15 08:00 264704 c:\windows\Installer\1e7d1.msi + 2004-08-04 01:07 . 2004-08-04 01:07 1326080 c:\windows\system32\webfldrs.msi + 2009-03-20 19:03 . 2007-01-02 04:14 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi + 2009-03-20 19:02 . 2007-04-03 08:12 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi + 2009-03-15 20:49 . 2009-03-15 20:49 7336960 c:\windows\Installer\bad60.msi + 2009-03-15 20:49 . 2009-03-15 20:49 3650048 c:\windows\Installer\bad5a.msi + 2009-03-15 20:48 . 2009-03-15 20:48 1046528 c:\windows\Installer\bad50.msi + 2009-03-15 20:44 . 2009-03-15 20:44 2109440 c:\windows\Installer\babdd.msi + 2009-04-13 00:06 . 2009-04-13 00:06 2682368 c:\windows\Installer\b2529.msi + 2009-03-21 19:41 . 2009-03-21 19:41 8256000 c:\windows\Installer\77bd5c.msi + 2009-03-21 17:28 . 2009-03-21 17:28 2893312 c:\windows\Installer\6bbc85.msi + 2009-03-22 10:10 . 2009-03-22 10:10 1602048 c:\windows\Installer\39499dd.msi + 2009-07-03 19:09 . 2009-07-03 19:09 6563328 c:\windows\Installer\2c3063d.msi + 2009-05-02 00:22 . 2009-05-02 00:22 8242688 c:\windows\Installer\2b1717c.msp + 2009-01-15 11:35 . 2009-01-15 11:35 4830720 c:\windows\Installer\22a9e.msp + 2009-04-18 09:11 . 2009-04-18 09:11 1828352 c:\windows\Installer\1b222fe.msi + 2009-05-14 09:17 . 2009-05-14 09:17 2150400 c:\windows\Installer\1031d31.msp + 2005-09-23 15:48 . 2005-09-23 15:48 24863744 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\netfx.msi + 2009-03-15 11:50 . 2007-01-19 21:20 16633344 c:\windows\Installer\MSN Messenger 8.1.0178\MsnMsgs.Msi + 2009-03-25 11:03 . 2009-03-25 11:03 21084160 c:\windows\Installer\2e67359.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] 2009-07-11 09:39 2215960 ----a-w- c:\program files\BS_Player\tbBS_1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_1.dll" [2009-07-11 2215960] [HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-29 94208] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528] "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-05-27 4351216] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440] "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648] "FG_Monitor"="c:\program files\Folder Guard Pro\FGKey.exe" [2008-01-05 118600] "rfagent"="c:\program files\RFA\rfagent.exe" [2008-11-24 916800] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-04-13 206088] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-06-01 148888] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-04-28 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2009-04-28 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-05-08 75048] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-05 16380416] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "e:\\??????????? ????????\\Pro.Evolution.Soccer.2009.Full-Rip.Skullptura\\PES 2009\\pes2009.exe"= "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "57457:TCP"= 57457:TCP:Pando Media Booster "57457:UDP"= 57457:UDP:Pando Media Booster R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/03 12:09];c:\program files\CyberLink\PowerDVD9\000.fcl [5/7/2009 9:05 PM 87536] R2 FGUARD32;FGUARD32;c:\program files\Folder Guard Pro\FGUARD32.SYS [3/15/2009 4:31 AM 54008] R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/22/2009 9:37 AM 55152] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [5/1/2009 5:22 PM 604416] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 6:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592] S3 AtiHdmiService;ATI Function Driver for HDMI Service;c:\windows\system32\drivers\AtiHdmi.sys [3/15/2009 1:44 PM 93696] S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-13 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] . . ------- Supplementary Scan ------- . uStart Page = hxxp://google.rs/ mStart Page = hxxp://www.yahoo.com/ mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/http://www.yahoo.com/ext/search/search.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/http://www.yahoo.com IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: Crawler Search - tbr:iemenu IE: E&xport to Microsoft Excel IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?06eab7b4073a4e97bad8e53154277e26 IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?06eab7b4073a4e97bad8e53154277e26 Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Crawler\Toolbar\ctbr.dll FF - ProfilePath - c:\documents and settings\Dragan Zdravkovic\Application Data\Mozilla\Firefox\Profiles\6yx89i8d.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - BS Player Customized Web Search FF - prefs.js: browser.startup.homepage - hxxp://google.rs FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1750559&SearchSource=2&q= FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll FF - component: c:\documents and settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metricsloader.dll FF - component: c:\documents and settings\Dragan Zdravkovic\Application Data\Mozilla\Firefox\Profiles\6yx89i8d.default\extensions\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\components\FFAlert.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xcomm.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xshared.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xsupport.dll FF - component: c:\program files\Crawler\Toolbar\firefox\components\xwsg.dll FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: yahoo.homepage.dontask - true. ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-07-12 22:51 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(252) c:\windows\system32\ieframe.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\windows\system32\wscntfy.exe . ************************************************************************ . Completion time: 2009-07-13 22:53 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-13 05:53 ComboFix2.txt 2009-07-13 05:09 Pre-Run: 5.757.562.880 bytes free Post-Run: 5.684.137.984 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer 365

Profil

dr_Bora Poslao: 13 Jul 2009 16:44 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ovako... Ovde ni traga malware-u. Otvori Control Panel, Date and Time i pregledaj podešavanja (prvenstveno proveri vremensku zonu; treba da bude GMT+01:00 i čekiran Automatically adjust clock for daylight saving changes). Ako se problem ne krije tu, onda otvori temu u Windows forumu i pojasni šta se dešava, možda će neko znati o čemu se radi. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Možeš obrisati i ostale korišćene programe.

Profil

Cyrax Poslao: 13 Jul 2009 17:46 Idi na vrh
offline Cyrax Građanin Pridružio: 13 Maj 2008 Poruke: 113	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok hvala ti u svakom slucaju!!!

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zbog virusa kasni mi sat na kompu i usporen rad racunara

Ko je trenutno na forumu

Ukupno su 895 korisnika na forumu :: 31 registrovanih, 7 sakrivenih i 857 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 8u47, A.R.Chafee.Jr., antonije64, Apok, Ben Roj, bojcistv, BRATORIII, draganca, drimer, Georgius, ILGromovnik, kihot, Kubovac, mercedesamg, Misirac, Mixelotti, operniki, opt1, pein, raptorsi, S.Palestinac, sasa87, Sirius, stalja, stegonosa, Toper, Trpe Grozni, Tvrtko I, vukdra, x9, ZetaMan

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by