MyCity » Ambulanta -> Arhiva Ambulante » pomagajte ljudi-usporen komp

pomagajte ljudi-usporen komp

Napisano na dan: 24.7.2009

Strana:
1
2
3

pomagajte ljudi-usporen komp

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

biloxi Poslao: 26 Jul 2009 20:02 Idi na vrh
offline biloxi Novi MyCity građanin Pridružio: 15 Jul 2009 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam sve

Profil

dr_Bora Poslao: 26 Jul 2009 20:29 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\vsnpstd3.exe c:\windows\system32\$NtUninstallKB9\update.exe c:\windows\system32\$NtUninstallKB9\alg.exe DirLook:: c:\windows\system32\$NtUninstallKB9 Registry:: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "update.dll"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BEE6818-80CE-52F9-4A3B-4A96100BABC0}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7E988172-BF51-8785-D7C6-19BEEAC234E3}] [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{DED0715F-0B03-9A01-2CF0-AC2116E3D4BD}] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

biloxi Poslao: 26 Jul 2009 20:58 Idi na vrh
offline biloxi Novi MyCity građanin Pridružio: 15 Jul 2009 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-25.08 - Bojan Suvajac 07/26/2009 20:39.2.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.530 [GMT 2:00] Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bojan Suvajac\Desktop\CFScript.txt AV: ESET Smart Security 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} FILE :: "c:\windows\system32\$NtUninstallKB9\alg.exe" "c:\windows\system32\$NtUninstallKB9\update.exe" "c:\windows\system32\vsnpstd3.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Bojan Suvajac\Application Data\addons.dat c:\windows\system32\$NtUninstallKB9\alg.exe c:\windows\system32\$NtUninstallKB9\update.exe c:\windows\system32\vsnpstd3.exe . ((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 ))))))))))))))))))))))))))))))) . 2009-07-26 16:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-26 16:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll 2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security 2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared 2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2 2009-07-17 08:58 . 2009-07-26 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft 2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache 2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE 2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache 2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates 2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8 2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack 2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET 2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET 2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx 2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK 2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll 2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll 2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO 2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle 2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat 2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS 2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe 2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support 2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data 2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube 2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp 2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe 2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp 2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft 2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR 2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache 2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works 2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log 2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log 2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio 2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES 2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground 2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno 2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA 2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp 2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google 2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy 2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal 2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson 2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro 2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS 2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America 2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information 2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos 2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-05-28 14:51 . 2009-05-28 14:50 -------- d-----w- c:\program files\Ahead 2009-05-28 14:50 . 2009-05-28 14:50 -------- d-----w- c:\program files\Common Files\Ahead 2009-05-27 20:42 . 2009-05-27 20:41 -------- d-----w- c:\program files\CDex_150 2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys 2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys 2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat 2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe 2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT 2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT 2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT 2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-04-28 09:47 . 2009-04-28 09:47 499712 ----a-w- c:\windows\system32\msvcp71.dll 2009-04-28 09:47 . 2009-04-28 09:47 348160 ----a-w- c:\windows\system32\msvcr71.dll 2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\$NtUninstallKB9 ---- 2009-07-26 10:08 . 2009-07-26 18:35 7312 ---ha-w- c:\windows\system32\$NtUninstallKB9\logg.dat 2002-08-29 01:41 . 2009-07-26 18:39 93669 ---ha-w- c:\windows\system32\$NtUninstallKB9\alg.exe 2002-08-29 01:41 . 2009-07-26 18:39 93669 ---ha-w- c:\windows\system32\$NtUninstallKB9\update.exe ------- Sigcheck ------- [7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll [-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll [-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll [7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll [7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll [7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe [-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe [7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe [-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe [7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe [-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe [7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe [-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe [7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll [-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll [-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll [7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll [7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll [7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-26 17:48 . 2009-07-26 17:48 16384 c:\windows\Temp\Perflib_Perfdata_6a8.dat + 2009-07-26 10:08 . 2009-07-26 18:35 7312 c:\windows\system32\$NtUninstallKB9\logg.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP::Disabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP::Disabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP::Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP::Disabled:@xpsp2res.dll,-22002 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416] S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224] S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648] S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-26 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] 2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04] 2009-07-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 421.420.422:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-07-26 20:45 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... c:\program files\Internet Explorer\iexplore.exe [1772] 0x85739350 scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1036) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1116) c:\windows\system32\SETUPAPI.dll . Completion time: 2009-07-26 20:49 ComboFix-quarantined-files.txt 2009-07-26 18:48 ComboFix2.txt 2009-07-26 16:20 Pre-Run: 11,199,897,600 bytes free Post-Run: 11,173,396,480 bytes free 338 --- E O F --- 2009-05-10 15:26

Profil

dr_Bora Poslao: 26 Jul 2009 21:22 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-uj file: c:\windows\system32CmdLineExt.dll [Link mogu videti samo ulogovani korisnici] Proveri da li postoje ova dva file-a (ne treba upload): c:\windows\system32\$NtUninstallKB9\alg.exe c:\windows\system32\$NtUninstallKB9\update.exe

Profil

biloxi Poslao: 28 Jul 2009 11:38 Idi na vrh
offline biloxi Novi MyCity građanin Pridružio: 15 Jul 2009 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploadovao sam a ona dva fajla nepostoje

Profil

dr_Bora Poslao: 28 Jul 2009 11:54 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upload-ovao si ovaj file: c:\windows\system32\CmdLineExt.dll Mene zanima ovaj: c:\windows\system32CmdLineExt.dll Vidiš li razliku? File se nalazi u Windows folderu i zove se system32CmdLineExt.dll . Čekam novi upload...

Profil

biloxi Poslao: 28 Jul 2009 12:26 Idi na vrh
offline biloxi Novi MyCity građanin Pridružio: 15 Jul 2009 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini Sad sam uploadovao...

Profil

dr_Bora Poslao: 28 Jul 2009 13:48 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Nema potrebe za izvinjavanje. File ima vrlo neobičan naziv i takva greška nije za čuditi. Otvoriti Notepad i iskopirati sledeci tekst: `Folder:: c:\windows\system32\$NtUninstallKB9` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

biloxi Poslao: 28 Jul 2009 14:37 Idi na vrh
offline biloxi Novi MyCity građanin Pridružio: 15 Jul 2009 Poruke: 25	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-07-27.04 - Bojan Suvajac 07/28/2009 14:19.3.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.991.672 [GMT 2:00] Running from: c:\documents and settings\Bojan Suvajac\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Bojan Suvajac\Desktop\CFScript.txt AV: ESET Smart Security 4.0 On-access scanning disabled (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall enabled {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\$NtUninstallKB9 c:\windows\system32\$NtUninstallKB9\logg.dat . ((((((((((((((((((((((((( Files Created from 2009-06-28 to 2009-07-28 ))))))))))))))))))))))))))))))) . 2009-07-26 16:26 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-07-26 16:26 . 2009-07-26 16:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-26 16:26 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-07-26 10:54 . 2009-07-26 10:54 98304 ----a-w- c:\windows\system32CmdLineExt.dll 2009-07-24 20:09 . 2008-06-19 15:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-07-24 20:07 . 2009-07-24 20:07 -------- d-----w- c:\program files\Panda Security 2009-07-21 09:20 . 2009-07-21 09:20 -------- d-----w- c:\program files\Common Files\Autodata Limited Shared 2009-07-21 09:20 . 2009-07-21 19:21 -------- d-----w- C:\Adcda2 2009-07-17 08:58 . 2009-07-26 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft 2009-07-17 08:58 . 2009-07-17 08:58 -------- d-----w- c:\program files\Lavasoft 2009-07-17 08:52 . 2009-07-17 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-07-17 08:52 . 2009-07-17 08:52 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-07-15 16:53 . 2009-07-15 16:53 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2009-07-15 15:55 . 2009-07-15 16:39 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-15 12:00 . 2009-07-15 12:00 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IECompatCache 2009-07-15 10:47 . 2009-07-15 10:47 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\PrivacIE 2009-07-15 10:45 . 2009-07-15 10:45 -------- d-sh--w- c:\documents and settings\Bojan Suvajac\IETldCache 2009-07-15 10:27 . 2009-07-15 10:27 -------- d-----w- c:\windows\ie8updates 2009-07-15 10:22 . 2009-07-15 10:22 -------- dc-h--w- c:\windows\ie8 2009-07-15 10:12 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll 2009-07-15 10:11 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-15 10:11 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-15 09:58 . 2009-07-17 13:26 -------- d--h--w- c:\windows\NiwradSoft Shell Pack 2009-07-14 09:05 . 2009-07-14 09:05 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\ESET 2009-07-14 09:04 . 2009-07-14 09:04 -------- d-----w- c:\program files\ESET 2009-07-09 12:26 . 2009-07-09 12:26 -------- d-----w- c:\program files\directx 2009-07-09 12:15 . 2009-07-09 12:15 -------- d-----w- c:\program files\TDK 2009-07-06 11:26 . 2009-07-01 16:22 52224 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll 2009-07-06 11:26 . 2009-07-01 16:22 114688 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\npmozax.dll 2009-07-04 08:48 . 2009-07-04 09:10 -------- d-----w- c:\program files\UltraISO 2009-07-03 10:00 . 2009-07-03 10:02 -------- d-----w- c:\program files\Urban Jungle 2009-07-01 12:36 . 2008-10-16 12:06 268648 ----a-w- c:\windows\system32\mucltui.dll 2009-07-01 12:36 . 2008-10-16 12:06 208744 ----a-w- c:\windows\system32\muweb.dll 2009-06-30 09:32 . 2004-09-09 16:36 20661 ----a-w- c:\program files\config.dat 2009-06-30 09:22 . 2004-02-25 04:41 12528 ----a-w- c:\program files\SECDRV.SYS 2009-06-30 09:22 . 2004-10-08 17:51 3985408 ------w- c:\program files\fifa2005.exe 2009-06-30 09:21 . 2006-08-08 14:41 -------- d-----w- c:\program files\Support 2009-06-30 09:21 . 2004-10-10 10:48 -------- d-----w- c:\program files\data 2009-06-29 09:21 . 2009-06-30 08:58 -------- d-----w- c:\program files\Elltube . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-07-22 08:43 . 2009-06-25 13:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-07-21 19:20 . 2009-07-21 09:21 566784 ----a-w- c:\windows\~de74bc.tmp 2009-07-17 12:58 . 2002-08-29 01:41 218624 ----a-w- c:\windows\system32\uxtheme.dll 2009-07-15 11:12 . 2009-06-03 09:20 2320640 ----a-w- c:\windows\system32\TUKernel.exe 2009-07-15 09:29 . 2009-06-14 08:49 -------- d-----w- c:\program files\Winamp 2009-07-14 14:03 . 2009-05-10 15:23 -------- d-----w- c:\program files\TuneUp Utilities 2009 2009-07-14 09:04 . 2009-05-10 14:25 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET 2009-07-13 19:33 . 2009-05-20 16:50 -------- d-----w- c:\program files\Common Files\Adobe 2009-07-06 11:03 . 2009-05-11 09:23 -------- d-----w- c:\program files\Microsoft 2009-06-27 16:44 . 2009-05-11 16:47 -------- d-----w- c:\program files\CODTR 2009-06-27 16:18 . 2009-06-27 16:18 -------- d-----w- c:\program files\UlisesSoft 2009-06-26 09:01 . 2009-06-26 09:01 -------- d-----w- c:\program files\Microsoft Office Outlook Connector 2009-06-26 09:00 . 2009-06-26 09:00 -------- d-----w- c:\program files\MSECache 2009-06-25 14:08 . 2009-05-10 15:22 69232 ----a-w- c:\documents and settings\Bojan Suvajac\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-06-25 14:00 . 2009-06-25 14:00 -------- d-----w- c:\program files\Microsoft Works 2009-06-25 10:28 . 2009-06-25 10:19 6028 ----a-w- c:\windows\system32\drivers\kwflower.log 2009-06-25 10:26 . 2009-06-25 10:19 2965 ----a-w- c:\windows\system32\drivers\kwfupper.log 2009-06-25 10:20 . 2009-06-25 10:20 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Kerio 2009-06-23 10:43 . 2009-05-12 18:03 -------- d-----w- c:\program files\EA GAMES 2009-06-23 09:20 . 2009-06-23 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\NFS Underground 2009-06-22 16:17 . 2009-06-22 16:17 -------- d-----w- c:\program files\Na_Kosovo_ravno 2009-06-18 21:20 . 2009-06-17 10:29 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\DNA 2009-06-18 20:29 . 2009-05-20 17:22 -------- d-----w- c:\documents and settings\Bojan Suvajac\Application Data\Dev-Cpp 2009-06-17 16:26 . 2009-06-17 13:02 -------- d-----w- c:\program files\Google 2009-06-17 06:27 . 2009-06-17 06:26 -------- d-----w- c:\program files\18 Wheels of Steel Convoy 2009-06-16 11:32 . 2009-06-04 13:30 -------- d-----w- c:\program files\18 WoS Pedal to the Metal 2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ggsemc_01007.Wdf 2009-06-14 13:16 . 2009-06-14 13:16 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2009-06-14 13:10 . 2009-06-14 13:10 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2009-06-14 13:10 . 2009-06-14 13:10 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys 2009-06-14 13:10 . 2009-06-14 13:10 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2009-06-14 13:06 . 2009-05-13 11:14 -------- d-----w- c:\program files\Sony Ericsson 2009-06-07 14:56 . 2009-06-07 14:55 -------- d-----w- c:\program files\Dream Match Tennis Pro 2009-06-07 14:27 . 2009-06-07 14:24 -------- d-----w- c:\program files\VIRTUA TENNIS 2009-06-04 13:15 . 2009-06-02 16:36 -------- d-----w- c:\program files\18 WoS Across America 2009-06-03 07:38 . 2009-06-03 07:38 604416 ----a-w- c:\windows\system32\TUProgSt.exe 2009-06-03 07:38 . 2009-06-03 07:38 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-06-02 16:36 . 2009-05-24 16:54 -------- d-----w- c:\program files\InstallShield Installation Information 2009-06-01 15:05 . 2009-06-01 15:05 -------- d-----w- c:\program files\Ligos 2009-06-01 14:56 . 2009-06-01 14:56 4608 ----a-w- c:\windows\system32\w95inf32.dll 2009-06-01 14:56 . 2009-06-01 14:56 2272 ----a-w- c:\windows\system32\w95inf16.dll 2009-05-24 17:28 . 2009-05-24 17:28 721904 ----a-w- c:\windows\system32\drivers\sptd.sys 2009-05-22 20:43 . 2009-05-22 20:43 971552 ----a-w- c:\windows\system32\drivers\tdrpm174.sys 2009-05-22 20:43 . 2009-05-22 20:43 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys 2009-05-22 20:43 . 2009-05-22 20:43 540000 ----a-w- c:\windows\system32\drivers\timntr.sys 2009-05-21 10:44 . 2009-05-21 10:44 107888 ----a-w- c:\windows\system32\CmdLineExt.dll 2009-05-20 16:51 . 2009-05-20 16:53 38200 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2009-05-19 19:35 . 2009-05-19 19:35 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-05-19 19:34 . 2009-05-19 19:34 152576 ----a-w- c:\documents and settings\Bojan Suvajac\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys 2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys 2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys 2009-05-14 13:47 . 2009-02-06 12:23 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys 2009-05-14 13:41 . 2008-07-01 06:56 114472 ----a-w- c:\windows\system32\drivers\eamon.sys 2009-05-13 18:11 . 2009-05-13 18:11 0 ----a-w- c:\windows\nsreg.dat 2009-05-13 16:09 . 2009-05-13 16:09 720896 ----a-w- c:\windows\iun6002.exe 2009-05-10 15:00 . 2009-05-10 14:11 86327 ----a-w- c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TR13DVRF.DAT 2009-05-10 14:12 . 2009-05-10 14:12 558142 ----a-w- c:\windows\java\Packages\5Z3TB97D.ZIP 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\TBTFJVZ1.DAT 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\WCTRT7J7.DAT 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\BP3PJPJR.DAT 2009-05-10 14:12 . 2009-05-10 14:12 155995 ----a-w- c:\windows\java\Packages\3B9N5R1V.ZIP 2009-05-10 14:12 . 2009-05-10 14:12 2678 ----a-w- c:\windows\java\Packages\Data\NVB3TB79.DAT 2009-05-10 14:09 . 2009-05-10 14:09 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-07-16 01:53 . 2009-05-13 18:10 137208 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ------- Sigcheck ------- [7] 2004-08-03 22:56 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\NiwradSoft Shell Pack\Backup\user32.dll [-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\ServicePackFiles\i386\user32.dll [-] 2004-08-03 22:56 576512 939DF837B04A85963D295E25CBE449AD c:\windows\system32\user32.dll [7] 2009-03-03 00:17 828416 C8667854873938CA13C986F16B0CD183 c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\wininet.dll [7] 2009-05-13 05:10 915456 C0EB6850C8A02A154281749DC61FAF22 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll [7] 2004-08-03 22:56 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\ie7\wininet.dll [7] 2007-08-13 16:54 818688 A4A0FC92358F39538A6494C42EF99FE9 c:\windows\ie7updates\KB963027-IE7\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ie8\wininet.dll [7] 2009-03-08 02:34 914944 6CE32F7778061CCC5814D5E0F282D369 c:\windows\ie8updates\KB969897-IE8\wininet.dll [7] 2009-03-03 00:18 826368 28775945CCD53DEE280EF58DEA1A94C4 c:\windows\NiwradSoft Shell Pack\Backup\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\ServicePackFiles\i386\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\wininet.dll [-] 2009-03-03 00:18 892928 5E2147D1178FD65B707060313541B265 c:\windows\system32\dllcache\wininet.dll [7] 2004-08-03 22:56 502272 01C3346C241652F43AED8E2149881BFE c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe [-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\ServicePackFiles\i386\winlogon.exe [-] 2004-08-03 22:56 541696 55ACA85EB80E2155E20211AAADDD711A c:\windows\system32\winlogon.exe [7] 2004-08-03 20:59 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\NiwradSoft Shell Pack\Backup\ntkrnlpa.exe [-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\ServicePackFiles\i386\ntkrnlpa.exe [-] 2004-08-03 20:59 2219392 7C1A605F4CB69848662ECAAAF6A8D02D c:\windows\system32\ntkrnlpa.exe [7] 2004-08-03 21:20 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\NiwradSoft Shell Pack\Backup\ntoskrnl.exe [-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\ServicePackFiles\i386\ntoskrnl.exe [-] 2004-08-03 21:20 2343552 6BC846EE7B53C526D2A1C6E6676C4726 c:\windows\system32\ntoskrnl.exe [-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\explorer.exe [7] 2004-08-03 22:56 1032192 A0732187050030AE399B241436565E64 c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe [-] 2004-08-03 22:56 1539072 A8E5C63DC67BD7B78F72FB3819EB07C2 c:\windows\ServicePackFiles\i386\explorer.exe [7] 2004-08-03 22:56 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe [-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\ServicePackFiles\i386\ctfmon.exe [-] 2004-08-03 22:56 40448 E00DFA816FA5521EB44C5D63109DE2A9 c:\windows\system32\ctfmon.exe [7] 2004-08-03 22:56 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\NiwradSoft Shell Pack\Backup\comres.dll [-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\ServicePackFiles\i386\comres.dll [-] 2004-08-03 22:56 1493504 843EB0A73E327BE505F44A27CBB757F8 c:\windows\system32\comres.dll [7] 2004-08-03 22:56 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll [-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\ServicePackFiles\i386\comctl32.dll [-] 2004-08-03 22:56 636928 4F625DB27C33EB26CC883E952C4E10A3 c:\windows\system32\comctl32.dll [7] 2001-08-23 11:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll [-] 2002-08-29 01:41 921600 76B90BD220F1B1CC9E183C6B1AE9FBB4 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll [7] 2004-08-03 22:57 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll . ((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-28 12:10 . 2009-07-28 12:10 16384 c:\windows\Temp\Perflib_Perfdata_72c.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 40448] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] "NVIEW"="nview.dll" - c:\windows\system32\nview.dll [2002-12-27 774213] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2004-12-20 33792] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2002-12-27 315392] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-7-13 113664] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" -autorun "Yodm3D"=c:\documents and settings\Bojan Suvajac\Desktop\Ubuntu_XP_by_ShamusHand\3D Desktop\yodm3D\Yodm3D.exe "SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" "NeroFilterCheck"=c:\windows\system32\NeroCheck.exe "NvCplDaemon"=RUNDLL32.EXE c:\windows\System32\NvCpl.dll,NvStartup [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Na_Kosovo_ravno\\Na Kosovo ravno\\hl.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "139:TCP"= 139:TCP::Disabled:@xpsp2res.dll,-22004 "445:TCP"= 445:TCP::Disabled:@xpsp2res.dll,-22005 "137:UDP"= 137:UDP::Disabled:@xpsp2res.dll,-22001 "138:UDP"= 138:UDP::Disabled:@xpsp2res.dll,-22002 R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [7/24/2009 10:09 PM 28544] R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2/6/2009 2:23 PM 107256] R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 3:47 PM 731840] R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [6/3/2009 9:38 AM 604416] S2 gupdate1c9ef4c2f326b9a;Google Update Service (gupdate1c9ef4c2f326b9a);c:\program files\Google\Update\GoogleUpdate.exe [6/17/2009 3:04 PM 133104] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [6/14/2009 3:10 PM 13224] S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [5/13/2009 1:14 PM 11648] S3 kvpndev;Kerio VPN adapter;c:\windows\system32\drivers\kvpndrv.sys [6/24/2008 10:36 AM 65024] S3 kwflower;Kerio WinRoute Firewall Driver - Lower Layer;c:\windows\system32\DRIVERS\kwflower.sys --> c:\windows\system32\DRIVERS\kwflower.sys [?] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{2BEE6818-80CE-52F9-4A3B-4A96100BABC0}] c:\windows\system32\$NtUninstallKB9\update.exe s . Contents of the 'Scheduled Tasks' folder 2009-07-28 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37] 2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04] 2009-07-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-06-17 13:04] . . ------- Supplementary Scan ------- . uStart Page = [Link mogu videti samo ulogovani korisnici] uInternet Settings,ProxyServer = 421.420.422:80 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: I&zvezi u program Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 DPF: DirectAnimation Java Classes - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\dajava.cab DPF: Microsoft XML Parser for Java - [Link mogu videti samo ulogovani korisnici]\windows\Java\classes\xmldso.cab FF - ProfilePath - c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\ FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]{searchTerms} FF - prefs.js: browser.search.selectedEngine - RapidSerbia 2 Customized Web Search FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici] FF - component: c:\documents and settings\Bojan Suvajac\Application Data\Mozilla\Firefox\Profiles\ed19s0zo.default\extensions\{88b7dfed-4320-425d-a023-f224863916f0}\components\FFExternalAlert.dll FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews..wholeText", "noAccess"); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120); c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1); c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072); c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json"); . *********************************************************************** driver loading error catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici] Rootkit scan 2009-07-28 14:23 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1024) c:\windows\system32\SETUPAPI.dll c:\windows\system32\sfc_os.dll c:\windows\system32\cscui.dll - - - - - - - > 'lsass.exe'(1092) c:\windows\system32\setupapi.dll . Completion time: 2009-07-28 14:27 ComboFix-quarantined-files.txt 2009-07-28 12:26 ComboFix2.txt 2009-07-26 18:49 ComboFix3.txt 2009-07-26 16:20 Pre-Run: 11,148,128,256 bytes free Post-Run: 11,121,922,048 bytes free 323 --- E O F --- 2009-05-10 15:26

Profil

dr_Bora Poslao: 28 Jul 2009 15:27 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok, ovo je čist PC. Potrebno je deinstalirati ComboFix: klikni start (ili ), a zatim RUN. Na Visti koristiti Start Search polje ukoliko Run nije dostupan. U liniju za unos teksta ukucaj (iskopiraj) sledeće: combofix /u Primeti da postoji razmak između "ComboFix" i "/u". a zatim klikni OK (ili pritisni Enter). Sačekaj da se proces deinstalacije završi. Što se mene tiče, ovde smo gotovi...

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomagajte ljudi-usporen komp

Ko je trenutno na forumu

Ukupno su 2098 korisnika na forumu :: 117 registrovanih, 13 sakrivenih i 1968 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 5253 - dana 09 Dec 2025 16:26

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 6.5lapua, acov34, ajugovic74, alex71, alternator, amaterSRB, Aristotle2002, Avladi, Ba4e, Bbbggg1979, blue, bojan_t, bojankrstc, bokisha253, Boris BM, BraneS, Chainsaw, Cirkon, cojapop, comi, darcaud, del boy, Despot Đurađ, Dexlex, Dimitrise93, doom83, Dovla, draganl, dusanobr, Džekson, ElvisP, Fabius, Fog of War, geo.dule, GH69, Gitzherai, Glavni Oružni, goran.vvv, Goran_, gorval, GrobarPovratak, GveX, havoc995, HrcAk47, ISOF, Jeremiah, Jez Bodez, JOntra, Jose, Kalem, knutveliki, Koridor 11, Kubovac, Lance Guest, Lj_ubo, luka35, Marko Marković, mercedesamg, metallac777, Miki 84, mile.ilic75, milos.cbr, Miloskec, Milovan Dinic, Miloš Popović, misaru, Mićko, Moldovan, Mrav Obrad, mrm, N.e.m.a.nj.a., Ndsk, nebidrag, Nemanja Opalić, nenad81, neutrino, oddsock, oganj123, Paklenica, PITT, precan, Prečanin30, razumihin, RD84, royst33, sekretar, shlauf, singa, Smiljkovich, Srpska zauvjek, ssekir75, Steeeefan, Stojan Mrsavi, Tamić, tehnika, tomo2, trpche, Trpe Grozni, trutcina, ujke, uruk, VanZan, vensla, vidra boy, vladetije, Vlado82, voja64, Vrač, vrlenija, vuk77, vukan0799, Wrangler, yrraf, YugoSlav, zastavnik, Zorge, šumar bk2

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by