Zlob.DNSChanger i Autorun trojan

1

Zlob.DNSChanger i Autorun trojan

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 7

Dakle stanje je sledece:

Imam instaliran Nod32 v3 sa najnovijim definicijama isto kao i Spybot S&D (update-ovan). Na particijama mi se pojavio Autorun koji nisam uspeo rucno da odstranim (pokusao sam sa resenjima kao sto je brisanje iz Command prompt-a i momentalnog restarta i sl. Medjutim opet se posle restarti pojavljuje i svaki put mi se particija otvara preko autorun-a. Takodje svaki fles koji se ubaci u racunar biva zarazen istim virusom.

Sledeci problem je ZlobDNSChanger koji mi menja DNS podesavanja, pa tokom "krstarenja" po internetu izlacu pop-up-ovi.

Sve ovo sam pokusao da otklonim skeniranjem Spybot S&D-om i NOD-om, i ova su ga nasli i navodno uklonili, ali posle restarta ista prica.

Sa HijackThis-om uspeo sam da nadjem 6-7 redova u kome vidim da se menjaju DNS adrese, ali nisam smeo da ih ukloni bez vase pomoci.

Hvala unapred

HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:46:49, on 7.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F437F58-6308-430B-A019-B701B05827A9}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CS1\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 85.255.116.59,85.255.112.188
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.59,85.255.112.188
O18 - Protocol: bw+0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 21047 bytes

SPYBOT S&D


--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}\NameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #3 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9F437F58-6308-430B-A019-B701B05827A9}\NameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #4 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9F437F58-6308-430B-A019-B701B05827A9}\DhcpNameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #5 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}\NameServer=208.67.220.220,208.67.222.222

Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #6 (Undefined) (Registry change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}\DhcpNameServer=208.67.220.220,208.67.222.222

Win32.Agent.sd: [SBI $72640A46] Program directory (Directory, nothing done)
c:\resycled\

Win32.Agent.sd: [SBI $8DCCA8F7] Data (File, nothing done)
c:\resycled\boot.com

Win32.Agent.sd: [SBI $58009CA6] Installer (File, nothing done)
c:\autorun.inf


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.Cool
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.Cool
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2009-01-07 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-07-07 SDHelper.dll (1.6.0.12)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-29 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2009-01-06 Includes\Dialer.sbi (*)
2009-01-06 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2009-01-05 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2009-01-06 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2009-01-06 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-29 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2009-01-06 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2009-01-05 Includes\Trojans.sbi (*)
2009-01-06 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)


--- Startup entries list ---
Located: HK_LM:Run, AdobeCS4ServiceManager
command: "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
file: C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
size: 611712
MD5: E43A851F7B12DE589424D6C656155CFC

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 178688
MD5: BDD28D9E21FA87D4313142D266B4F780

Located: HK_LM:Run, CTDVDDET
command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: DB20FCE248D269E1C396E70A91E587C8

Located: HK_LM:Run, CTHelper
command: CTHELPER.EXE
file: C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: F404518F75CF78C0A74B6F83D376E064

Located: HK_LM:Run, CTSysVol
command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 57344
MD5: E7D1D8179FE03E2BC569A92B56509414

Located: HK_LM:Run, egui
command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 1447168
MD5: F87040E63A04812E2435806A3B917C00

Located: HK_LM:Run, GrooveMonitor
command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31016
MD5: 38D198A2DD54A67120040566A38103BA

Located: HK_LM:Run, KeyBoard
command: C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
file: C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
size: 49152
MD5: BCF590A3702E08D1D5F1F7539BAC6ED3

Located: HK_LM:Run, Logitech Hardware Abstraction Layer
command: KHALMNPR.EXE
file: C:\WINDOWS\KHALMNPR.EXE
size: 28160
MD5: 06D5A9AD6EE1A674939D3DA635B1DCAF

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
file: C:\WINDOWS\system32\NvCpl.dll
size: 13574144
MD5: 315A6E9D2114D67C75F684A9F8638413

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
file: C:\WINDOWS\system32\NvMcTray.dll
size: 86016
MD5: C4170F4788F0A5BE48B1307DB1647958

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
file: C:\WINDOWS\system32\nwiz.exe
size: 1630208
MD5: D76B1D340C6C8F5A676DC717919B319A

Located: HK_LM:Run, SBDrvDet
command: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
file: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe
size: 45056
MD5: 90720864FC1C6FFF46A9390564D9FEAD

Located: HK_LM:Run, Smapp
command: C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
file: C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
size: 143360
MD5: 2D765E811B6FFEA9F91D4425E34B8461

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345

Located: HK_LM:Run, UpdReg
command: C:\WINDOWS\UpdReg.EXE
file: C:\WINDOWS\UpdReg.EXE
size: 90112
MD5: C419DF63E0121D72411285780C2FC6CC

Located: HK_LM:Run, WinFastDTV
command: C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
file: C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
size: 90112
MD5: A34AE8E30D766F36E87ED7F0AD96E563

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-1343024091-412668190-682003330-1003...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, LDM
where: S-1-5-21-1343024091-412668190-682003330-1003...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 32768
MD5: 5588812731C64305F2579DD8215037E0

Located: HK_CU:Run, LightScribe Control Panel
where: S-1-5-21-1343024091-412668190-682003330-1003...
command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: 6ABDF99221594E7698DE1ECBFF57D904

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-1343024091-412668190-682003330-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, WinFast Schedule
where: S-1-5-21-1343024091-412668190-682003330-1003...
command: C:\Program Files\WinFast\WFDTV\WFWIZ.exe
file: C:\Program Files\WinFast\WFDTV\WFWIZ.exe
size: 2916352
MD5: CB1D6AC7914D77865614801EEB086054

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: Startup (common), Bluetooth.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
file: C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
size: 577597
MD5: 582B7231703D80E87CB397F15E1584A5

Located: Startup (common), Logitech Desktop Messenger.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
size: 450560
MD5: 9C964C7C72FD732B1A0EEC80421EDAED

Located: Startup (common), Logitech SetPoint.lnk
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Logitech\SetPoint\SetPoint.exe
file: C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 528384
MD5: E74024A1E4F36A2476A11764DD1E283B

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Groove GFS Browser Helper
Path: C:\PROGRA~1\MICROS~2\Office12\
Long name: GrooveShellExtensions.dll
Short name: GRA8E1~1.DLL
Date (created): 27.10.2006 0:48:42
Date (last access): 7.1.2009 19:21:08
Date (last write): 27.10.2006 0:48:42
Filesize: 2210608
Attributes: archive
MD5: 786DD1892B553EFE5A004AC39775C851
CRC32: AAD965C9
Version: 12.0.4518.1014

{7E853D72-626A-48EC-A868-BA8D5E23E045} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 7.1.2009 16:15:40
Date (last access): 7.1.2009 19:45:36
Date (last write): 7.1.2009 16:15:40
Filesize: 34816
Attributes: archive
MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162
CRC32: D7C13FB2
Version: 6.0.110.3

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: JQSIEStartDetectorImpl
CLSID name: JQSIEStartDetectorImpl Class
Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\
Long name: jqs_plugin.dll
Short name: JQS_PL~1.DLL
Date (created): 7.1.2009 16:15:40
Date (last access): 7.1.2009 19:42:00
Date (last write): 7.1.2009 16:15:40
Filesize: 73728
Attributes: archive
MD5: F68EDAFE003F2B3523C0742CD3B8D673
CRC32: 9C709350
Version: 6.0.110.3



--- ActiveX list ---
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 7.1.2009 16:15:40
Date (last access): 7.1.2009 18:21:14
Date (last write): 7.1.2009 16:15:40
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_07
Installer:
Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
Path: C:\Program Files\Java\jre1.6.0_07\bin\
Long name: npjpi160_07.dll
Short name: NPJPI1~1.DLL
Date (created): 10.6.2008 2:32:34
Date (last access): 7.1.2009 18:20:38
Date (last write): 10.6.2008 4:27:02
Filesize: 132496
Attributes: archive
MD5: 7C83A2809E13950359189767AC9D5DB8
CRC32: 925C2A88
Version: 6.0.70.6

{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 7.1.2009 16:15:40
Date (last access): 7.1.2009 19:57:10
Date (last write): 7.1.2009 16:15:40
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_11
Installer:
Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files\Java\jre6\bin\
Long name: npjpi160_11.dll
Short name: NPJPI1~1.DLL
Date (created): 7.1.2009 16:15:40
Date (last access): 7.1.2009 19:57:10
Date (last write): 7.1.2009 16:15:40
Filesize: 132504
Attributes: archive
MD5: D400116F6776ACB6EDB6B1F5EEB9F92D
CRC32: CECB5751
Version: 6.0.110.3



--- Process list ---
PID: 0 ( 0) [System]
PID: 524 ( 4) \SystemRoot\System32\smss.exe
size: 50688
PID: 796 ( 524) \??\C:\WINDOWS\system32\csrss.exe
size: 6144
PID: 820 ( 524) \??\C:\WINDOWS\system32\winlogon.exe
size: 502272
PID: 864 ( 820) C:\WINDOWS\system32\services.exe
size: 108032
MD5: C6CE6EEC82F187615D1002BB3BB50ED4
PID: 876 ( 820) C:\WINDOWS\system32\lsass.exe
size: 13312
MD5: 84885F9B82F4D55C6146EBF6065D75D2
PID: 1036 ( 864) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1092 ( 864) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1248 ( 864) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1296 ( 864) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1336 ( 864) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 1880 ( 864) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
size: 109056
MD5: 127532EE2DE2333E1B72A7482B739A82
PID: 1896 ( 864) C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
size: 258103
MD5: A1E2ED3E0640999DE683367A4F716F61
PID: 1908 ( 864) C:\WINDOWS\system32\CTsvcCDA.exe
size: 44032
MD5: 3C8B6609712F4FF78E521F6DCFC4032B
PID: 1932 ( 864) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
size: 468224
MD5: 65BB49DDE576CC824FBA1BE0DAD07E5B
PID: 1972 ( 864) C:\Program Files\Java\jre6\bin\jqs.exe
size: 152984
MD5: 32192B4EBE8720ED8D49A455C962CB91
PID: 2008 ( 864) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
size: 73728
MD5: 4AF65F3A2253DF7D0B8D80812EAE7A7C
PID: 2036 ( 864) C:\WINDOWS\system32\nvsvc32.exe
size: 163908
MD5: 42321AC5448078131903B272E6C49024
PID: 252 ( 864) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
size: 185632
MD5: A6A7AD767BF5141665F5C675F671B3E1
PID: 420 ( 864) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
size: 45056
MD5: 3978F082274F723AD5A0A8058C2417DD
PID: 472 ( 864) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
size: 49152
MD5: 332D341D92B933600D41953B08360DFB
PID: 1512 (1404) C:\WINDOWS\Explorer.EXE
size: 1032192
MD5: A0732187050030AE399B241436565E64
PID: 1612 (1512) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
size: 143360
MD5: 2D765E811B6FFEA9F91D4425E34B8461
PID: 1620 (1512) C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe
size: 49152
MD5: BCF590A3702E08D1D5F1F7539BAC6ED3
PID: 1632 (1512) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
size: 57344
MD5: E7D1D8179FE03E2BC569A92B56509414
PID: 1640 (1512) C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
size: 45056
MD5: DB20FCE248D269E1C396E70A91E587C8
PID: 1648 (1512) C:\WINDOWS\system32\CTHELPER.EXE
size: 24576
MD5: F404518F75CF78C0A74B6F83D376E064
PID: 1804 (1512) C:\WINDOWS\system32\RUNDLL32.EXE
size: 33280
MD5: DA285490BBD8A1D0CE6623577D5BA1FF
PID: 436 (1512) C:\Program Files\Java\jre6\bin\jusched.exe
size: 136600
MD5: B98FFA8288EFAABC436C30D198608345
PID: 560 (1512) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
size: 31016
MD5: 38D198A2DD54A67120040566A38103BA
PID: 588 (1512) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
size: 1447168
MD5: F87040E63A04812E2435806A3B917C00
PID: 600 ( 864) C:\WINDOWS\System32\alg.exe
size: 44544
MD5: F1958FBF86D5C004CF19A5951A9514B7
PID: 640 (1512) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
size: 90112
MD5: A34AE8E30D766F36E87ED7F0AD96E563
PID: 1184 (1512) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 178688
MD5: BDD28D9E21FA87D4313142D266B4F780
PID: 1684 (1512) C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
PID: 1420 (1512) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
size: 2363392
MD5: 6ABDF99221594E7698DE1ECBFF57D904
PID: 2332 (1512) C:\Program Files\WinFast\WFDTV\WFWIZ.exe
size: 2916352
MD5: CB1D6AC7914D77865614801EEB086054
PID: 2960 (1512) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
size: 32768
MD5: 5588812731C64305F2579DD8215037E0
PID: 2464 (1512) C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
size: 577597
MD5: 582B7231703D80E87CB397F15E1584A5
PID: 2848 (1512) C:\Program Files\Logitech\SetPoint\SetPoint.exe
size: 528384
MD5: E74024A1E4F36A2476A11764DD1E283B
PID: 1348 (1036) C:\Program Files\MSI\Star Key Bluetooth Software\BTStackServer.exe
size: 1265748
MD5: 487AEE3F8BB4207838CA9FAB8DF90A33
PID: 2860 ( 864) C:\WINDOWS\System32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 3112 (2848-) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
size: 28160
MD5: 06D5A9AD6EE1A674939D3DA635B1DCAF
PID: 3080 ( 864) C:\WINDOWS\system32\spoolsv.exe
size: 57856
MD5: 7435B108B935E42EA92CA94F59C8E717
PID: 3644 (1512) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 4891472
MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855
PID: 4044 ( 864) C:\WINDOWS\system32\svchost.exe
size: 14336
MD5: 8F078AE4ED187AAABC0A305146DE6716
PID: 4 ( 0) System


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 7.1.2009 19:57:09

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
(AddressBook)

Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin)
uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
publisher: Adobe Systems Incorporated

Adobe Dreamweaver CS4 10.0 (Adobe_acce07fd2c8fe7f9e3f26243e626578-)
estimated size: 693434
uninstall cmd: C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1
publisher: Adobe Systems Incorporated
help link: adobe.com/support

Adobe Photoshop CS4 11.0 (Adobe_faf656ef605427ee2f42989c3ad31b8-)
estimated size: 1116162
uninstall cmd: C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1
publisher: Adobe Systems Incorporated
help link: adobe.com/go/ps_support
help telephone: adobe.com/go/ps_support

AIMP2 (AIMP2)
uninstall cmd: C:\Program Files\AIMP2\UnInstall.exe

Ashampoo Burning Studio 8.04 8.0.4 (Ashampoo Burning Studio 8_is1)
install date: 20090107
install location: C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\
uninstall cmd: "C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe"
publisher: ashampoo GmbH & Co. KG
help link: ashampoo.com/support

(Audio Console)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 /remove

(Branding)

(Connection Manager)

(Creative MediaSource DVD-Audio Player)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove

(Creative MiniDisc Center)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove

(Creative WaveStudio)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove

(Diagnostics_Audigy2)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove

(DirectAnimation)

(DirectDrawEx)

(DXM_Runtime)

(EAX)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE)
install location: C:\Program Files\Microsoft Office
uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
publisher: Microsoft Corporation

(EQUALIZER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove

(Fontcore)

Foxit Reader (Foxit Reader)
uninstall cmd: C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

Haali Media Splitter (HaaliMkx)
uninstall cmd: "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe"

HijackThis 2.0.2 2.0.2 (HijackThis)
uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
publisher: TrendMicro

(ICW)

(IE40)

(IE4Data)

(IE5BAKEX)

(IEData)

(InstallShield Uninstall Information)

EasyRecovery Professional 6.04.08 (InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B})
version: 100925448
version (major): 6
version (minor): 4
estimated size: 56068
install date: 20090107
install source: C:\DOCUME~1\Nemesis\LOCALS~1\Temp\_is1F7\
uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033
publisher: Ontrack Data Recovery, Inc.

(KB884016)

(KB893803)

Windows Installer 3.1 (KB893803) 3.1 (KB893803v2)
uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
publisher: Microsoft Corporation
help link: go.microsoft.com/fwlink/?LinkId=42467

K-Lite Mega Codec Pack 4.4.2 4.4.2 (KLiteCodecPack_is1)
install date: 20090107
install location: C:\Program Files\K-Lite Codec Pack\
uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe"

LimeWire PRO 4.18.8 4.18.8 (LimeWire)
uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe"
publisher: Lime Wire, LLC
help link: limewire.com/support

(MobileOptionPack)

Mozilla Firefox (2.0.0.20) 2.0.0.20 (en-US) (Mozilla Firefox (2.0.0.20))
install location: C:\Program Files\Mozilla Firefox
uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Firefox

Mozilla Thunderbird (2.0.0.19) 2.0.0.19 (en-US) (Mozilla Thunderbird (2.0.0.19))
install location: C:\Program Files\Mozilla Thunderbird
uninstall cmd: C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe
publisher: Mozilla
comments: Mozilla Thunderbird

(MPlayer2)

(MSI30-Beta1)

(MSI30-Beta2)

(MSI30-KB884016)

(MSI30-RC1)

(MSI30-RC2)

(MSI30a-KB884016)

(MSI31-Beta)

(MSI31-RC1)

(NetMeeting)

NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (NOD32 v3.x FiX 1.1 by TemDono_is1)
install location: C:\Program Files\ESET\ESET NOD32 Antivirus\
uninstall cmd: "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe"

NVIDIA Drivers (NVIDIA Drivers)
uninstall cmd: C:\WINDOWS\system32\nvuninst.exe UninstallGUI

OJOsoft Total Video Converter 2.5.0.1009 (OJOsoft Total Video Converter2.5.0.1009)
uninstall cmd: "C:\Program Files\OJOsoft\uninstall.exe" "/U:C:\Program Files\OJOsoft\OJOsoft Total Video Converter\Uninstall\uninstall.xml"
publisher: OJOsoft Corporation
contact: support@ojosoft.com
help link: ojosoft.com/video-converter/total-video-converter.html

(OutlookExpress)

(PCHealth)
uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Samsung ML-1710 Series (Samsung ML-1710 Series)
uninstall cmd: C:\WINDOWS\Samsung\ML-1710\SETUP.EXE

(SchedulingAgent)

(SFBM)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

(Smart Recorder)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove

(Sound Blaster Audigy 2)

(Sound Blaster Audigy 2 Windows Drivers)
uninstall cmd: "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /W /U /S

(SPEAKER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

(SPKR_CALIBRATOR)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

(SURMIXER)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove

Creative System Information (SysInfo)
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove

The KMPlayer (remove only) (The KMPlayer)
uninstall cmd: "C:\Program Files\The KMPlayer\uninstall.exe"

Total Commander (Remove or Repair) (Totalcmd)
uninstall cmd: C:\Program Files\Total Commander\tcuninst.exe

totalvid (totalvid)
install location: C:\Program Files\totalvid
uninstall cmd: "C:\Program Files\totalvid\Uninstall.exe"

Scientific Atlanta WebSTAR 2000 series Cable Modem (WebSTAR DPX2100 Uninstall)
uninstall cmd: UNDPX2K.EXE

WinRAR archiver (WinRAR archiver)
uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

YouTubeGet 4.9.6 (YouTubeGet_is1)
install date: 20090107
install location: C:\Program Files\YouTubeGet\
uninstall cmd: "C:\Program Files\YouTubeGet\unins000.exe"
publisher: YouTubeGet Developer Team
help link: YouTubeGet.com/support.html

CorelDRAW(R) Graphics Suite X4 (_{7F05E704-30A6-421A-97A7-8EEB1C7FF010})
version (major): 14
install location: c:\Program Files\Corel\CorelDRAW Graphics Suite X4\
uninstall cmd: c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp
publisher: Corel Corporation

CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (_{CE2DA11A-917F-4CF5-AB55-755EC115DD10})
version (major): 1
estimated size: 3000
install location: c:\Program Files\Common Files\Corel\Shared\Shell Extension\
uninstall cmd: c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe
publisher: Corel Corporation

Adobe Color NA Recommended Settings CS4 2.0 ({00ADFB20-AE75-46F4-AD2C-F48B15AC3100})
version: 33554432
version (major): 2
estimated size: 1673
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorNA_Recommended2-mul\
uninstall cmd: MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}
publisher: Adobe Systems Incorporated

Adobe Update Manager CS4 6.0.0 ({05308C4E-7285-4066-BAE3-6B50DA6ED755})
version: 100663296
version (major): 6
estimated size: 8628
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeAUM6.0All\
uninstall cmd: MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755}
publisher: Adobe Systems Incorporated

kuler 2.0 ({098727E1-775A-4450-B573-3F441F1CA243})
version: 33554432
version (major): 2
estimated size: 737
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\kuler2.0-mul\
uninstall cmd: MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243}
publisher: Adobe Systems Incorporated

Adobe Color JA Extra Settings CS4 2.0 ({0D6013AB-A0C7-41DC-973C-E93129C9A29F})
version: 33554432
version (major): 2
estimated size: 2793
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorJA_ExtraSettings2-mul\
uninstall cmd: MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F}
publisher: Adobe Systems Incorporated

Adobe Setup 2.0 ({0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23})
version: 33554432
version (major): 2
estimated size: 49073
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\
uninstall cmd: MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}
publisher: Adobe Systems Incorporated

Adobe CSI CS4 1 ({0F723FC1-7606-4867-866C-CE80AD292DAF})
version: 16777216
version (major): 1
estimated size: 89866
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeCSIAll\
uninstall cmd: MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF}
publisher: Adobe Systems Incorporated

({1494984B-9AC5-4F16-B61A-C21D5EFCC1C4})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9

Adobe Setup 2.0 ({14AFE241-FC6E-4FDB-BCA0-7AD6F4974171})
version: 33554432
version (major): 2
estimated size: 36637
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Dreamweaver CS4\setup\Adobe CS4\
uninstall cmd: MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}
publisher: Adobe Systems Incorporated

Adobe Anchor Service CS4 2.0 ({1618734A-3957-4ADD-8199-F973763109A8})
version: 33554432
version (major): 2
estimated size: 989
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeALMAnchorService2-mul\
uninstall cmd: MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8}
publisher: Adobe Systems Incorporated

({169F8893-C1C5-4847-972C-EA1E008112AC})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9

AdobeColorCommonSetRGB 2.0 ({16E6D2C1-7C90-4309-8EC4-D2212690AAA4})
version: 33554432
version (major): 2
estimated size: 41
install date: 20090107
install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorCommonSetRGB2-mul\
uninstall cmd: MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}
publisher: Adobe Systems Incorporated

Adobe AIR 1.1.0.5790 ({197A3012-8C85-4FD3-AB66-9EC7E13DB92E})
version: 16842752
version (major): 1
version (minor): 1
estimated size: 26739
install date: 20090107
install source: c:\documents and settings\nemesis\desktop\adobe photoshop cs4 extended\payloads\adobeair1.0\
uninstall cmd: MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}
publisher: Adobe Systems Inc.

({236FADD8-58FD-11D6-A285-00A0CC51B2FE})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9

({266F8C74-5DC6-4405-B79B-4EB82B2FC684})
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9

EasyRecovery Professional 6.04.08 ({268723B7-A994-4286-9F85-B974D5CAFC7B})
version: 100925448
version (major): 6
version (minor): 4
estimated size: 56068
install date: 20090107
install source: C:\DOCUME~1\Nemesis\LOCALS~1\Temp\_is1F7\
publisher: Ontrack Data Recovery, Inc.

Java(TM) 6 Update 11 6.0.110 ({26A24AE4-039D-4CA4-87B4-2F83216011FF})
version: 100663406
version (major): 6
estimated size: 92660
install date: 20090107
install location: C:\Program Files\Java\jre6\
install source: C:\Documents and Settings\Nemesis\Application Data\Sun\Java\jre1.6.0_11\
uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
publisher: Sun Microsystems, Inc.
contact: java.com
help link: java.com
readme: C:\Program Files\Java\jre6\README.txt

WinFast Codec-TS SDK ({28FB7853-A6ED-4F67-8635-9F0E863FC0AD})
version (major): 1
install location: C:\Program Files\Common Files\ArcSoft\Mpeg Engine
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9
publisher: ArcSoft

Logitech SetPoint 2.42 ({2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3})
version: 36306944
install date: 20090107
install location: C:\Program Files\Logitech\SetPoint
install source: E:\1-SetPoint\
uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
publisher: Logitech

ACDSee Photo Manager 2009 11.0.85 ({300578F9-9EFF-4B93-9AB1-C0E5707EF463})
version: 184549461
version (major): 11
estimated size: 92784
install date: 20090107
install location: C:\Program Files\ACD Systems\
install source: C:\Documents and Settings\Nemesis\Local Settings\Application Data\Downloaded Installations\{87A37D8F-F491-4D64-BB10-289535F0BEF3}\
uninstall cmd: MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463}
publisher: ACD Systems International
comments: This database contains the necessary files and logic to install ACDSee and additional support programs and plug-ins where appropria

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 7

ComboFix 09-01-07.01 - Nemesis 2009-01-07 20:33:29.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.721 [GMT 1:00]
Running from: c:\documents and settings\Nemesis\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Nemesis\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\Nemesis\LOCALS~1\Temp\tmp2.tmp
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
c:\windows\system32\drivers\msqpdxethoewmr.sys
c:\windows\system32\drivers\msqpdxiajkqnow.sys
c:\windows\system32\drivers\msqpdxrkisnbmu.sys
c:\windows\system32\drivers\msqpdxxmdbyuer.sys
c:\windows\system32\Dvbpws.dll
c:\windows\system32\msqpdxrntymrms.dll
c:\windows\system32\msssc.dll
c:\windows\Temp\tmp3.tmp
D:\Autorun.inf
D:\resycled
d:\resycled\boot.com

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSQPDXSERV.SYS


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 19:36 . 2009-01-07 19:36 <DIR> d-------- c:\program files\Trend Micro
2009-01-07 19:26 . 2009-01-07 20:09 163 --a------ c:\windows\wininit.ini
2009-01-07 19:03 . 2009-01-07 20:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2009-01-07 19:03 . 2009-01-07 20:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-07 18:55 . 2009-01-07 18:55 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-01-07 18:50 . 2009-01-07 18:50 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Logitech
2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\program files\Contrast
2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Contrast
2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Contrast
2009-01-07 18:14 . 2009-01-07 18:17 3,001 --ahs---- c:\documents and settings\Nemesis\ppUser.dat
2009-01-07 18:12 . 2009-01-07 18:13 <DIR> d-------- c:\windows\system32\URTTemp
2009-01-07 18:09 . 2009-01-07 18:09 118,784 -r------- c:\windows\bwUnin-7.2.0.137-8876480SL.exe
2009-01-07 18:08 . 2005-07-22 23:41 68,864 --a------ c:\windows\system32\drivers\LMouKE.Sys
2009-01-07 18:08 . 2005-07-22 23:41 55,040 --a------ c:\windows\system32\drivers\L8042MOU.SYS
2009-01-07 18:08 . 2005-07-22 23:40 13,440 --a------ c:\windows\system32\drivers\L8042Kbd.SYS
2009-01-07 18:07 . 2005-07-22 23:25 28,160 --a------ c:\windows\KHALMNPR.Exe
2009-01-07 18:07 . 2005-07-22 23:41 26,112 --a------ c:\windows\system32\drivers\LHidKE.Sys
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- C:\WinFast WorkArea
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\program files\Common Files\Ulead Systems
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\program files\Common Files\ArcSoft
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\ArcSoft
2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft
2009-01-07 18:00 . 2005-08-04 02:42 258,352 --a------ c:\windows\system32\unicows.dll
2009-01-07 17:59 . 2009-01-07 18:00 <DIR> d-------- c:\program files\WinFast
2009-01-07 17:59 . 2009-01-07 17:59 <DIR> d-------- c:\program files\Windows Sidebar
2009-01-07 17:59 . 2009-01-07 17:59 <DIR> d-------- c:\program files\totalvid
2009-01-07 17:55 . 2009-01-07 17:55 <DIR> d-------- c:\program files\YouTubeGet
2009-01-07 17:55 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax
2009-01-07 17:55 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax
2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys
2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\MPE.sys
2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys
2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\mpe.sys
2009-01-07 17:55 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys
2009-01-07 17:55 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys
2009-01-07 17:55 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys
2009-01-07 17:55 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys
2009-01-07 17:53 . 2009-01-07 17:53 <DIR> d-------- c:\windows\system32\WinFast
2009-01-07 17:53 . 2009-01-07 17:53 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\InstallShield
2009-01-07 17:53 . 2008-09-12 16:15 434,176 --a------ c:\windows\system32\drivers\wfeaglxt.sys
2009-01-07 17:51 . 2009-01-07 17:51 <DIR> d-------- c:\program files\Google
2009-01-07 17:47 . 2009-01-07 17:48 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Corel
2009-01-07 17:47 . 2009-01-07 17:48 3,140 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2009-01-07 17:47 . 2009-01-07 17:47 8 -r-hs---- c:\documents and settings\All Users\Application Data\241582FE05.sys
2009-01-07 17:45 . 2009-01-07 17:45 <DIR> d-------- c:\program files\Common Files\Protexis
2009-01-07 17:45 . 2009-01-07 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel
2009-01-07 17:44 . 2009-01-07 17:44 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Ashampoo
2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\program files\Common Files\Corel
2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\program files\Ashampoo
2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2009-01-07 17:42 . 2009-01-07 17:42 <DIR> d-------- c:\program files\MozBackup
2009-01-07 17:42 . 2009-01-07 17:42 <DIR> d-------- c:\program files\Corel
2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\OJOsoft
2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\LightScribeTemplateLabeler
2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\Common Files\Common Share
2009-01-07 17:38 . 2009-01-07 17:38 <DIR> d-------- c:\program files\LightScribe
2009-01-07 17:38 . 2009-01-07 17:38 <DIR> d-------- c:\program files\Common Files\LightScribe
2009-01-07 17:37 . 2009-01-07 17:37 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Thunderbird
2009-01-07 17:30 . 2009-01-07 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-07 17:25 . 2009-01-07 17:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-07 17:22 . 2009-01-07 17:22 <DIR> d-------- c:\program files\Common Files\Macrovision Shared
2009-01-07 17:11 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg
2009-01-07 17:10 . 2009-01-07 17:10 <DIR> d-------- c:\program files\ESET
2009-01-07 17:10 . 2009-01-07 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-01-07 17:09 . 2009-01-07 17:09 <DIR> d-------- c:\program files\Ontrack
2009-01-07 17:08 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll
2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\MSBuild
2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\Microsoft Works
2009-01-07 17:04 . 2009-01-07 17:13 <DIR> d-------- c:\documents and settings\Nemesis\Contacts
2009-01-07 16:42 . 2009-01-07 17:07 <DIR> d-------- c:\windows\SHELLNEW
2009-01-07 16:42 . 2009-01-07 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-07 16:41 . 2009-01-07 16:41 <DIR> dr-h----- C:\MSOCache
2009-01-07 16:35 . 2009-01-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-01-07 16:35 . 2009-01-07 16:35 <DIR> d-------- c:\program files\Windows Live
2009-01-07 16:26 . 2009-01-07 16:26 <DIR> d-------- c:\program files\uTorrent
2009-01-07 16:26 . 2009-01-07 20:10 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\uTorrent
2009-01-07 16:23 . 2009-01-07 16:23 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Media Player Classic
2009-01-07 16:22 . 2009-01-07 16:22 <DIR> d-------- c:\program files\LimeWire
2009-01-07 16:22 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-07 16:18 . 2009-01-07 16:18 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-07 16:15 . 2009-01-07 16:15 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 16:11 . 2009-01-07 17:27 <DIR> d-------- c:\program files\Common Files\Adobe
2009-01-07 16:09 . 2009-01-07 16:09 0 --a------ c:\windows\nsreg.dat
2009-01-07 16:00 . 2004-06-04 17:35 135,168 -ra------ c:\windows\UNDPX2K.exe
2009-01-07 16:00 . 2004-06-04 17:34 53,693 -ra------ c:\windows\UNDPX2K.sys
2009-01-07 16:00 . 2004-06-10 21:42 15,429 -ra------ c:\windows\system32\drivers\Sacm2K.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 18:50 --------- d-----w c:\program files\Mozilla Thunderbird
2009-01-07 17:09 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-07 17:09 --------- d-----w c:\program files\Logitech
2009-01-07 17:07 --------- d-----w c:\program files\Common Files\Logitech
2009-01-07 16:49 --------- d-----w c:\program files\AIMP2
2009-01-07 16:09 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-07 15:23 --------- d-----w c:\program files\The KMPlayer
2009-01-07 15:15 --------- d-----w c:\program files\Java
2009-01-07 14:57 --------- d-----w c:\program files\Total Commander
2009-01-07 14:56 --------- d-----w c:\program files\Foxit Software
2009-01-07 14:56 --------- d-----w c:\documents and settings\Nemesis\Application Data\Foxit
2009-01-07 14:55 --------- d-----w c:\program files\Common Files\ACD Systems
2009-01-07 14:55 --------- d-----w c:\program files\ACD Systems
2009-01-07 14:55 --------- d-----w c:\documents and settings\Nemesis\Application Data\ACD Systems
2009-01-07 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems
2009-01-07 14:51 --------- d-----w c:\program files\K-Lite Codec Pack
2009-01-07 14:51 --------- d-----w c:\program files\Haali
2009-01-07 14:51 --------- d-----w c:\program files\Common Files\Java
2009-01-07 14:49 --------- d-----w c:\program files\DAEMON Tools Pro
2009-01-07 14:46 685,816 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-07 14:26 --------- d-----w c:\program files\MSI
2009-01-07 14:25 --------- d-----w c:\program files\Creative
2009-01-07 14:24 --------- d-----w c:\documents and settings\Nemesis\Application Data\Creative
2009-01-07 14:18 --------- d-----w c:\program files\Labtec
2009-01-07 14:05 --------- d-----w c:\program files\Intel
2009-01-07 14:05 --------- d-----w c:\program files\Analog Devices
2009-01-07 13:59 --------- d-----w c:\program files\microsoft frontpage
2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll
2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll
2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll
2008-11-16 15:54 81,748 ----a-w c:\windows\WinVerCheck.exe
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll
2009-01-07 16:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2009-01-07 16:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2009-01-07 16:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2009-01-07 16:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2009-01-07 16:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-07 32768]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688]
"CTHelper"="CTHELPER.EXE" [2004-03-19 c:\windows\system32\CTHELPER.EXE]
"nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-05-31 577597]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-01-07 450560]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-07 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312]
R3 WFLR6654;WinFast TV2000 XP Global/Global TV (XC2028-);c:\windows\system32\drivers\wfeaglxt.sys [2009-01-07 434176]
R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d133ee7-dcc9-11dd-8187-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
\Shell\Open\command - d:\resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d133ee9-dcc9-11dd-8187-806d6172696f}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c:
\Shell\Open\command - c:\resycled\boot.com c:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe95559a-dcce-11dd-936c-0011d86bf4d0}]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f:
\Shell\Open\command - f:\resycled\boot.com f:

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\4zwghhsd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.teamtorrents.com/browse.php
FF - component: c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\4zwghhsd.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-01-07 20:34:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-07 20:36:09
ComboFix-quarantined-files.txt 2009-01-07 19:36:06

Pre-Run: 12,003,467,264 bytes free
Post-Run: 12,004,839,424 bytes free

258

Dopuna: 07 Jan 2009 20:51

Evo, samo da kazem, posle ovog skena, program mi je javio da je obrisao par fajlova u system folderu, kao sto se vidi u izvestaju. Sad je uspesno obrisano sve. Upravo sam pustio NOD da jos jednom skenira ceo komp.

A sto se tice Zlob.DNSChanger njega sam rucno ugasio (fix-ovao) pomocu HijackThis-a, po preporuci TrendMicro sajta i njihovoj analizi izvestaja.

Hvala jos jednom.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

- Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa.
- Sacekaj koji sekund dok program izvrsi inicijalno skeniranje.
- Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi.
- Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak

Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 7

USBNoRisk by bobby

Started at 7.1.2009 21:01:15

Scanning for connected USB Mass storage...
----------------------------------------
========================================

Scanning for other storage...
----------------------------------------
D: {5d133ee7-dcc9-11dd-8187-806d6172696f}
C: {5d133ee9-dcc9-11dd-8187-806d6172696f}
========================================


Scanning fixed storage for autorun.inf files...
----------------------------------------
Autorun.inf on C: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for C:
No key found for 5d133ee9-dcc9-11dd-8187-806d6172696f
========================================

Autorun.inf on D: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for D:
No key found for 5d133ee7-dcc9-11dd-8187-806d6172696f
========================================

========================================



New device connected at 7.1.2009 21:01:25

Scanning for connected USB mass storage...
----------------------------------------
F: {fe95559a-dcce-11dd-936c-0011d86bf4d0}
Added F:
========================================

Scanning USB mass storage for files...
----------------------------------------
Autorun.inf on F: - None
----------------------------------------

Sanitizing Shell Menu...
----------------------------------------
No key found for fe95559a-dcce-11dd-936c-0011d86bf4d0
========================================

----------------------------------------

Desktop.ini on F: - None
----------------------------------------

========================================

Dopuna: 07 Jan 2009 21:09

Na taj racunar kacen je samo jedan USB disk, koji je posle zarazivanja formatiran. Tako da nista vise nije kaceno na tu masinu. Molim te pogledaj i dopunu u prethodnom mom komentaru, ako nisi video.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Skeniraj ponovo ComboFixom i postavi mi novi log.

Dopuna: 07 Jan 2009 21:12

Video sam dopunu, ali ComboFix i USBNoRisk su mi dali oprecne informacije, pa zelim da proverim sta ne valja.

Ja sam autor USBNoRiska, tako da bih voleo da znam da li to moj program negde brljavi, ili se nesto drugo desava.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 7

Evo su logovi:

combofixlog.txt
hijackthis.log

Samo ne znam, da li smo se razumeli, uspeo si da mi resis problem. Nema vise autorun-a na particijama, fles diskovi se ne zarazuju, a NOD ne prijavljuje viruse, kao ni Spybot.

P.S. Ako imas vremena, da mi objasnis kada jos mogu da koristim ovaj ComboFix, posto se i mojim prijateljima cesto pojavljuju virusi, a gotovo da nema nekog da nije zarazen cuvenim Autorun trojancima, koji se prenose fles diskovima.

Hvala

Dopuna: 07 Jan 2009 21:31

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:24:34, on 7.1.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bw+0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: offline-8876480 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 20160 bytes

Dopuna: 07 Jan 2009 21:32

Evo HJ loga, a gore ima link za ComboFix

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Logovi su sada OK.
Nisu ni ComboFix ni USBNoRisk zabrljavili. Promakla mi je cinjenica da je ComboFix u medjuvremenu restartovao racunar.


Sto se tice tvojih drugara - ne mogu ti nista reci o ComboFixu.
To nije magicni alat koji sve sam zavrsava (mada moze jako puno toga i sam da uradi). To je alatka koja omogucava da ti ja odavde napisem skriptove za ciscenje, a da ih ti pokreces na svom kompu, a sve to na osnovu analize log koji si postavio.
Ni u kom slucaju ne preporucujem koriscenje ComboFixa na svoju ruku jer pod odredjenim okolnostima mozes totalno zeznuti sistem sa njim.


Hajmo sada da privedemo kraju ovo ciscenje.
Potrebno je da uradis deinstalaciju ComboFixa (ovo je obavezan korak jer ce ComboFix tek pri deinstalaciji dovrsiti ono sto je zapoceo prilikom skeniranja):

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi

Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji

Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore



USBNoRisk mozes obrisati sa desktopa. Potrebno je da obrises i folder c:\USBNoRisk u kojem se nalaze logovi koje je USBNoRisk napravio.

offline
  • Pridružio: 07 Jan 2009
  • Poruke: 7

OK. Deinstalirao sam ga i kao sto pise pobrisao je sve foldere. Samo jos pitanje, da li ja na racunaru koji nema vidljivih znakova malware-a mogu da pokrenem ComboFix i da ga pustim da vidim da li ima nekih "stetocina" i da ga pustim da sam odradi sve, kao kod mene?

P.S. Malo offtopic. Skoro sam se susreo sa antivirusnim programom Dr.Web 5 koji navodno koristi ruska vojska za svoje potrebe, pa me zanima da li si imao prilike da ga testiras ili si cuo nesto o njemu.

Hvala na svemu. Srecan Bozic.

offline
  • Pridružio: 04 Sep 2003
  • Poruke: 24135
  • Gde živiš: Wien

Ljudi iz AMF tima (mi koji ovde radimo u Ambulanti) imamo pristupa mestima na kojima autor ComboFixa ostavlja svoja uputstva vezana za ovaj program.
Desi se povremeno da bude gresaka u nekoj verziji programa, pa da program ljudima unisti sistem.
Mi uvek dobijamo te informacije na vreme, pa ne koristimo taj program sve dok ne izadje popravljena verzija.

Jako puno puta se desava i da je malware napravljen tako da sabotira rad ovih i ovakvih programa, i to su opet informacije koje nisu dostupne svima.

To je ono zbog cega nikome ne preporucujemo da koristi ComboFix na svoju ruku.

Sto se tice DrWeba, u pitanju je jedna od najstarijih AV firmi koja postoji, tako da sigurno imaju neki kvalitet cim su se odrzali toliko godina.
To da ga koristi vojska za svoje potrebe, to je malko smesna informacija.
Izjem ti ja tu vojsku na cije kompove moze da stigne virus.
Pa nije valjda da na kompjuteru za upravljanje nukleranim raketama koriste Windows i da je taj kompjuter vezan na net da bi dezurni oficir mogao da gleda "crtane filmove" u nocnoj smeni? Mr. Green


Srecan Bozic Smile

Ko je trenutno na forumu
 

Ukupno su 809 korisnika na forumu :: 31 registrovanih, 1 sakriven i 777 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Apok, Arahne, Asparagus, Ben Roj, Bokiboks, Cassius Clay, Fabius, Georgius, HrcAk47, ikan, ivan1973, Još malo pa deda, Kubovac, ladro, Leonov, Luka Blažević, mercedesamg, mik7, Milos ZA, Nemanja.M, Neretva, Ripanjac, shone34, Srky Boy, stegonosa, theNedjeljko, Vlada1389, Vlada78, vladaa012, zillbg