MyCity » Ambulanta -> Arhiva Ambulante » pomoc

pomoc

Napisano na dan: 4.8.2009

pomoc

Odgovori

uros2002 Poslao: 04 Avg 2009 19:53 Idi na vrh
offline uros2002 Novi MyCity građanin Pridružio: 10 Nov 2005 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:50:38 PM, on 8/4/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\windowsupdate.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Opera\opera.exe C:\Documents and Settings\UROS2002\My Documents\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = search.conduit.com/?SearchSource=10&ctid=CT1750559 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q= R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Windows Live pomagac za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [reader_s] C:\WINDOWS\System32\reader_s.exe O4 - HKLM\..\Run: [ms18_word] C:\WINDOWS\system32\ms18_word.exe O4 - HKLM\..\Run: [Microsoft Internet Explorer] C:\WINDOWS\system32\iexplore.exe O4 - HKLM\..\Run: [Windows Update] windowsupdate.exe O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [reader_s] C:\Documents and Settings\UROS2002\reader_s.exe O4 - HKCU\..\Run: [ms18_word] C:\Documents and Settings\UROS2002\ms18_word.exe O4 - HKUS\S-1-5-18\..\Run: [reader_s] C:\Documents and Settings\UROS2002\reader_s.exe (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [UROS2002] C:\Documents and Settings\UROS2002\UROS2002.exe /i (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [ms18_word] C:\Documents and Settings\UROS2002\ms18_word.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [reader_s] C:\Documents and Settings\UROS2002\reader_s.exe (User 'Default user') O4 - Startup: uTorrent.lnk = C:\Program Files\uTorrent\uTorrent.exe O8 - Extra context menu item: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Google Update Service (gupdate1c9d4e03d969994) (gupdate1c9d4e03d969994) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\WINDOWS\system32\spoolsv.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Unknown owner - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (file missing) -- End of file - 5071 bytes

Profil

helen1 Poslao: 04 Avg 2009 20:13 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Vidim probleme, ali bi i ti mogao da mi kazes nesto o problemu?

Profil

uros2002 Poslao: 04 Avg 2009 20:24 Idi na vrh
offline uros2002 Novi MyCity građanin Pridružio: 10 Nov 2005 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Napisano: 04 Avg 2009 20:21 Prilikom paljenja kompa nemogu da dignem sistem. Kada sam digao sistem preko safe moda i ugasio racunar normalno,prilikom sledeceg paljenja kompa poceo je da glavi. U task menageru su mi se pojavile sumljivi procesi: reader_s.exe ms18_word.exe IEXPLORE.EXE i svchost.exe 22puta to jest negde oko 50 procesa ukupno mada je do skoro bilo od 37 do 41 proces Pozdrav Dopuna: 04 Avg 2009 20:24 Instalirao sam RegistryBooster i nasao oko 840 gresaka obrisao i sada radi malo bolje nego sto je radio glavi manje

Profil

helen1 Poslao: 04 Avg 2009 20:31 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zarazen si izmedju ostalog i virutom, a to je file infektor, nisu velike sanse, ali potrudicemo se: Preuzmi Dr.Web CureIt (~13 MB). Restartuj kompjuter u Safe Mode (uputstvo za Safe Mode) Dvoklikom pokreni launch.exe, nakon čega će se pojaviti uvodni prozor - klikni Start Pojaviće se obaveštenje o započinjanju uvodnog skeniranja - klikni OK Sačekaj nekoliko minuta da Dr.Web CureIt izvrši Express Scan; ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Klikni Options > Change settings F9; u prozoru koji će se otvoriti, dečekiraj opciju Heuristic Analysis a zatim klikni OK U glavnom prozoru obeleži opciju Complete scan a zatim klikni i Dr.Web CureIt će započeti skeniranje Ukoliko malware bude pronađen, klikom na taster Yes to All u prozoru koji se pojavi dozvoli programu da izvrši dezinfekciju Kada skeniranje bude završeno, klikni Select all taster (ukoliko je dostupan), a zatim klikni Cure i, u meniju koji se otvori, klikni Move incurable: Po završetku procesa, klikni File > Save report list i sačuvaj log na Desktopu Iskopiraj sadržaj Dr.Web CureIt loga u temu na forumu.

Profil

uros2002 Poslao: 05 Avg 2009 18:25 Idi na vrh
offline uros2002 Novi MyCity građanin Pridružio: 10 Nov 2005 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Imam problem nemogu da skinem Dr.Web CureIt sa datog linka skinuo sam neku verziju koju sam nasao na netu. kada uradim sve kako si mi rekao i kada pokrenem Complete scan racunar mi se na kraju resetuje posle naka 3 sata skeniranja nemogu da snimim report i da okacim. Nocas sam ga ostavio da skenira i jutros kada sem ustao program je bio ugasen. sta da radim?

Profil

helen1 Poslao: 05 Avg 2009 18:43 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Probaj ovo: Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

uros2002 Poslao: 05 Avg 2009 21:56 Idi na vrh
offline uros2002 Novi MyCity građanin Pridružio: 10 Nov 2005 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-08-04.04 - UROS2002 08/05/2009 21:47.1.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2047.1580 [GMT 2:00] Running from: c:\documents and settings\UROS2002\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\UROS2002\ms18_word.exe c:\documents and settings\UROS2002\oashdihasidhasuidhiasdhiashdiuasdhasd c:\documents and settings\UROS2002\reader_s.exe c:\documents and settings\UROS2002\UROS2002.exe c:\windows\system32\iexplore.exe c:\windows\system32\ms18_word.exe c:\windows\system32\reader_s.exe c:\windows\windowsupdate.exe Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected Restored copy from - The cat ate it . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_PROTECT ((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 ))))))))))))))))))))))))))))))) . 2009-08-04 18:51 . 2009-08-04 21:21 -------- d-----w- c:\documents and settings\UROS2002\DoctorWeb 2009-08-04 17:57 . 2009-08-05 19:45 -------- d-----w- c:\windows\system32\config\systemprofile\Tracing 2009-08-04 16:51 . 2009-07-21 11:05 2568454 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe 2009-08-04 16:51 . 2008-08-26 16:48 99624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe 2009-08-04 16:51 . 2008-08-26 16:48 757760 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll 2009-08-04 16:51 . 2008-08-26 16:48 6676480 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll 2009-08-04 16:51 . 2008-08-26 16:48 497496 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll 2009-08-04 16:51 . 2008-08-26 16:48 413696 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll 2009-08-04 16:51 . 2008-08-26 16:48 2019624 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe 2009-08-04 16:51 . 2008-08-26 16:48 111912 -c--a-w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe 2009-08-04 16:51 . 2009-08-04 16:51 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1} 2009-08-04 16:35 . 2009-08-05 00:13 47616 ----a-w- c:\windows\system32\caxl.exe 2009-07-31 17:51 . 2009-07-31 17:51 -------- d-----w- c:\documents and settings\UROS2002\Local Settings\Application Data\CutePDF Writer 2009-07-31 17:50 . 2009-07-31 17:50 -------- d-----w- c:\program files\GPLGS 2009-07-31 17:49 . 2007-07-12 20:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll 2009-07-31 17:49 . 2009-07-31 17:49 -------- d-----w- c:\program files\Acro Software 2009-07-30 18:33 . 2009-07-30 18:33 -------- d-----w- c:\documents and settings\UROS2002\Application Data\DAEMON Tools Pro 2009-07-30 18:32 . 2009-07-30 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2009-07-30 18:31 . 2009-07-30 18:32 -------- d-----w- c:\program files\DAEMON Tools Pro 2009-07-29 20:21 . 2009-07-29 20:21 -------- d-s---w- c:\windows\system32\config\systemprofile\UserData 2009-07-29 20:17 . 2009-07-29 20:17 -------- d-----w- c:\program files\XericDesign 2009-07-29 19:59 . 2009-07-29 20:16 -------- d-----w- c:\program files\Yahoo! 2009-07-29 19:43 . 2009-07-29 20:10 -------- d-----w- c:\program files\The Weather Channel FW 2009-07-26 21:04 . 2009-07-26 21:04 -------- d-----w- C:\temp 2009-07-24 18:10 . 2009-07-27 10:49 -------- d-----w- c:\program files\Windows Desktop Search 2009-07-20 22:29 . 2009-07-20 22:29 410984 ----a-w- c:\windows\system32\deploytk.dll 2009-07-18 23:20 . 2009-07-18 23:20 1303144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-18 18:15 . 2009-08-04 16:51 -------- d-----w- c:\documents and settings\UROS2002\Application Data\uniblue 2009-07-18 18:14 . 2008-08-30 13:08 2834693 -c----w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}\SpeedUpMyPC.exe 2009-07-18 18:14 . 2009-08-04 16:51 -------- d-----w- c:\program files\Uniblue 2009-07-18 18:12 . 2009-07-18 18:26 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0} 2009-07-18 18:07 . 2009-07-18 18:13 -------- d-----w- c:\windows\SxsCaPendDel 2009-07-18 17:53 . 2009-07-18 17:53 -------- d--h--r- C:\AHCache 2009-07-17 22:33 . 2009-07-17 22:34 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Ulead Systems 2009-07-17 22:32 . 2009-07-17 22:32 -------- d-----w- c:\program files\Common Files\InterVideo 2009-07-17 22:32 . 2009-07-17 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\InterVideo 2009-07-17 22:32 . 2007-03-06 09:58 210456 ----a-w- c:\windows\system32\IVIresizeW7.dll 2009-07-17 22:32 . 2007-03-06 09:58 194072 ----a-w- c:\windows\system32\IVIresizePX.dll 2009-07-17 22:32 . 2007-03-06 09:58 198168 ----a-w- c:\windows\system32\IVIresizeP6.dll 2009-07-17 22:32 . 2007-03-06 09:58 198168 ----a-w- c:\windows\system32\IVIresizeM6.dll 2009-07-17 22:32 . 2007-03-06 09:58 206360 ----a-w- c:\windows\system32\IVIresizeA6.dll 2009-07-17 22:32 . 2007-03-06 09:58 26136 ----a-w- c:\windows\system32\IVIresize.dll 2009-07-17 22:32 . 2009-07-17 22:32 -------- d-----w- c:\program files\Windows Media Components 2009-07-17 22:31 . 2009-07-17 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-07-17 22:31 . 2009-07-17 22:32 -------- d-----w- c:\program files\Common Files\Ulead Systems 2009-07-17 22:31 . 2009-07-17 22:31 -------- d-----w- c:\program files\Ulead Systems 2009-07-17 18:28 . 2009-07-19 08:47 -------- d-----w- c:\program files\DV MPEG4 Maker 2009-07-17 18:28 . 2003-07-16 17:09 626688 ----a-w- c:\windows\system32\xvid.dll 2009-07-17 18:28 . 2000-12-19 07:36 414272 ----a-w- c:\windows\system32\DivXc32f.dll 2009-07-17 18:28 . 2000-12-19 07:36 414272 ----a-w- c:\windows\system32\DivXc32.dll 2009-07-16 21:27 . 2009-07-16 21:27 -------- d--h--r- c:\documents and settings\UROS2002\Application Data\SecuROM 2009-07-14 15:58 . 2009-07-14 15:58 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Activision 2009-07-12 21:57 . 2009-07-26 20:26 146 ----a-w- c:\windows\DelMR.bat 2009-07-12 18:15 . 2009-07-12 18:15 -------- d-----w- c:\program files\Common Files\PCSuite 2009-07-12 18:14 . 2009-07-12 18:14 33773208 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng.exe 2009-07-12 18:14 . 2009-07-12 18:14 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe 2009-07-12 18:14 . 2009-07-12 18:14 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstCCD.exe 2009-07-12 18:14 . 2009-07-12 18:14 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-07-12 18:14 . 2009-07-12 18:14 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe 2009-07-12 18:05 . 2004-08-03 21:10 38016 -c--a-w- c:\windows\system32\dllcache\bthmodem.sys 2009-07-12 18:05 . 2004-08-03 21:10 38016 ----a-w- c:\windows\system32\drivers\bthmodem.sys 2009-07-12 18:03 . 2004-08-03 20:58 100992 -c--a-w- c:\windows\system32\dllcache\bthpan.sys 2009-07-12 18:03 . 2004-08-03 20:58 100992 ----a-w- c:\windows\system32\drivers\bthpan.sys 2009-07-12 18:03 . 2004-08-03 21:10 59648 -c--a-w- c:\windows\system32\dllcache\rfcomm.sys 2009-07-12 18:03 . 2004-08-03 21:10 59648 ----a-w- c:\windows\system32\drivers\rfcomm.sys 2009-07-12 18:03 . 2009-08-05 00:15 152576 ----a-w- c:\windows\system32\irftp.exe 2009-07-12 18:03 . 2004-08-03 22:56 152576 -c--a-w- c:\windows\system32\dllcache\irftp.exe 2009-07-12 18:03 . 2004-08-03 22:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2009-07-12 18:03 . 2004-08-03 22:56 8192 ----a-w- c:\windows\system32\wshirda.dll 2009-07-12 18:03 . 2004-08-03 22:56 27136 -c--a-w- c:\windows\system32\dllcache\irmon.dll 2009-07-12 18:03 . 2004-08-03 22:56 27136 ----a-w- c:\windows\system32\irmon.dll 2009-07-12 18:03 . 2004-08-03 21:10 17024 -c--a-w- c:\windows\system32\dllcache\bthenum.sys 2009-07-12 18:03 . 2004-08-03 21:10 17024 ----a-w- c:\windows\system32\drivers\BthEnum.sys 2009-07-12 18:02 . 2004-08-03 21:10 274304 -c--a-w- c:\windows\system32\dllcache\bthport.sys 2009-07-12 18:02 . 2004-08-03 21:10 274304 ----a-w- c:\windows\system32\drivers\bthport.sys 2009-07-12 18:02 . 2004-08-03 21:10 18944 -c--a-w- c:\windows\system32\dllcache\bthusb.sys 2009-07-12 18:02 . 2004-08-03 21:10 18944 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-05 19:53 . 2009-05-15 16:53 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Skype 2009-08-05 19:44 . 2004-08-04 12:00 182912 ----a-w- c:\windows\system32\drivers\ndis.sys 2009-08-05 19:39 . 2009-05-06 21:33 -------- d-----w- c:\documents and settings\UROS2002\Application Data\uTorrent 2009-08-05 18:47 . 2004-08-04 12:00 76800 ----a-w- c:\windows\system32\nslookup.exe 2009-08-05 18:47 . 2004-08-04 12:00 86016 ----a-w- c:\windows\system32\netsh.exe 2009-08-05 18:47 . 2004-08-04 12:00 36864 ----a-w- c:\windows\system32\netstat.exe 2009-08-05 18:47 . 2004-08-04 12:00 331776 ----a-w- c:\windows\system32\netsetup.exe 2009-08-05 18:47 . 2004-08-04 12:00 42496 ----a-w- c:\windows\system32\net.exe 2009-08-05 18:47 . 2004-08-04 12:00 4096 ----a-w- c:\windows\system32\nddeapir.exe 2009-08-05 18:47 . 2004-08-04 12:00 124928 ----a-w- c:\windows\system32\net1.exe 2009-08-05 18:47 . 2009-05-04 16:22 12288 ----a-w- c:\windows\system32\mstinit.exe 2009-08-05 18:47 . 2004-08-04 12:00 6656 ----a-w- c:\windows\system32\msswchx.exe 2009-08-05 04:48 . 2009-05-04 16:21 13312 ----a-w- c:\windows\system32\wbem\winmgmt.exe 2009-08-05 04:48 . 2004-08-04 12:00 24576 ----a-w- c:\windows\system32\userinit.exe 2009-08-05 04:48 . 2004-08-04 12:00 31744 ----a-w- c:\windows\system32\ntsd.exe 2009-08-05 04:47 . 2009-02-25 21:27 602112 ----a-w- c:\windows\system32\ati2evxx.exe 2009-08-05 04:47 . 2009-05-04 16:40 16208896 ----a-w- c:\windows\RTHDCPL.exe 2009-08-05 01:14 . 2009-05-07 20:00 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-05 00:21 . 2004-08-04 12:00 30720 ----a-w- c:\windows\system32\xcopy.exe 2009-08-05 00:21 . 2004-08-04 12:00 32256 ----a-w- c:\windows\system32\wupdmgr.exe 2009-08-05 00:18 . 2004-08-04 12:00 49664 ----a-w- c:\windows\system32\w32tm.exe 2009-08-05 00:17 . 2004-08-04 12:00 9216 ----a-w- c:\windows\system32\scrnsave.scr 2009-08-05 00:16 . 2009-05-04 16:21 407552 ----a-w- c:\windows\system32\mstsc.exe 2009-08-05 00:15 . 2004-08-04 12:00 100864 ----a-w- c:\windows\system32\logagent.exe 2009-08-05 00:14 . 2004-08-04 12:00 39424 ----a-w- c:\windows\system32\esentutl.exe 2009-08-05 00:13 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\cscript.exe 2009-08-05 00:12 . 2008-10-21 18:51 118784 ----a-w- c:\windows\system32\atibrtmon.exe 2009-08-05 00:12 . 2009-02-25 21:29 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe 2009-08-05 00:12 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\at.exe 2009-08-05 00:12 . 2004-08-04 12:00 32768 ----a-w- c:\windows\system32\asr_pfu.exe 2009-08-05 00:12 . 2004-08-04 12:00 32256 ----a-w- c:\windows\system32\asr_ldm.exe 2009-08-05 00:12 . 2004-08-04 12:00 30208 ----a-w- c:\windows\system32\asr_fmt.exe 2009-08-05 00:12 . 2004-08-04 12:00 19456 ----a-w- c:\windows\system32\arp.exe 2009-08-05 00:12 . 2004-08-04 12:00 98304 ----a-w- c:\windows\system32\ahui.exe 2009-08-05 00:12 . 2004-08-04 12:00 4096 ----a-w- c:\windows\system32\actmovie.exe 2009-08-05 00:12 . 2009-05-04 16:21 183808 ----a-w- c:\windows\system32\accwiz.exe 2009-08-05 00:11 . 2009-05-04 16:23 743936 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpSvc.exe 2009-08-05 00:11 . 2009-05-04 16:23 768512 ----a-w- c:\windows\pchealth\helpctr\binaries\HelpCtr.exe 2009-08-04 23:57 . 2009-05-04 16:40 364544 ----a-w- c:\windows\RtlUpd.exe 2009-08-04 23:57 . 2004-08-04 12:00 146432 ----a-w- c:\windows\regedit.exe 2009-08-04 23:57 . 2009-05-04 18:13 69120 ----a-w- c:\windows\NOTEPAD.EXE 2009-08-04 23:57 . 2009-05-04 16:40 2159616 ----a-w- c:\windows\MicCal.exe 2009-08-04 23:57 . 2009-05-22 21:00 305152 ----a-w- c:\windows\IsUn040a.exe 2009-08-04 23:57 . 2004-08-04 12:00 10752 ----a-w- c:\windows\hh.exe 2009-08-04 23:57 . 2009-05-04 16:40 2810880 ----a-w- c:\windows\alcwzrd.exe 2009-08-04 23:57 . 2009-05-04 16:40 69632 ----a-w- c:\windows\Alcmtr.exe 2009-08-04 20:08 . 2004-08-04 12:00 10752 ----a-w- c:\windows\system32\dumprep.exe 2009-08-04 19:19 . 2009-05-13 20:20 61440 ----a-w- c:\documents and settings\UROS2002\Application Data\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\NewShortcut1_3668F00AED454A6E8105AD5B99FD99C6.exe 2009-08-04 19:19 . 2009-05-13 20:20 61440 ----a-w- c:\documents and settings\UROS2002\Application Data\Microsoft\Installer\{26621E14-A45B-45CD-9ED9-7A0A9B585DB4}\ARPPRODUCTICON.exe 2009-08-04 19:19 . 2009-05-13 19:18 335872 ----a-w- c:\documents and settings\UROS2002\Application Data\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\NewShortcut1_5135BE5531E34696827B50FE43E48CC2_1.exe 2009-08-04 19:19 . 2009-05-13 19:18 335872 ----a-w- c:\documents and settings\UROS2002\Application Data\Microsoft\Installer\{06379784-4648-46BF-9426-0B10817F0AF5}\ARPPRODUCTICON.exe 2009-08-04 19:19 . 2009-04-09 11:38 89088 ----a-w- c:\documents and settings\UROS2002\Application Data\Desktopicon\eBayShortcuts.exe 2009-08-04 19:18 . 2009-08-02 15:00 1218560 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\F6DB5167\D8FFC998\FlashBack Batch Export.exe 2009-08-04 19:18 . 2009-08-02 15:00 655360 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\A7079B64\3F343B0A\Free FlashBack Player.exe 2009-08-04 19:18 . 2009-08-02 15:00 6740992 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\A2ADF0CB\D8FFC998\FlashBack Player.exe 2009-08-04 19:18 . 2009-08-02 15:00 94208 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\707BCD22\3F343B0A\RunNonElevated.exe 2009-08-04 19:18 . 2009-08-02 15:00 155648 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\557F64E6\3F343B0A\RecorderChecker.exe 2009-08-04 19:18 . 2009-08-02 15:00 3672576 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\45D559EB\D8FFC998\FlashBack Recorder.exe 2009-08-04 19:18 . 2009-08-02 15:00 612352 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\426CC403\3F343B0A\FlashBackDriverInstaller.exe 2009-08-04 19:18 . 2009-08-02 15:00 159744 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\2192626E\AD52EFF7\DefConfig.exe 2009-08-04 19:18 . 2009-08-02 15:00 1077248 -c--a-w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC}\OFFLINE\1C57B9C7\3F343B0A\LogSysServer.exe 2009-08-02 16:08 . 2009-05-04 17:22 -------- d-----w- c:\program files\Rapid-USD NoCaptcha -Th3zone.com Sep2007 2009-08-02 15:59 . 2009-05-04 16:36 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-08-02 15:11 . 2009-06-04 18:38 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Blueberry 2009-08-02 15:00 . 2009-08-02 15:00 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{8780F8A8-3F67-4CC0-873A-BFB9993B62AC} 2009-08-02 15:00 . 2009-08-02 15:00 -------- d-----w- c:\program files\Common Files\Blueberry Software 2009-08-02 15:00 . 2009-06-04 18:38 -------- d-----w- c:\program files\Blueberry Software 2009-08-02 13:12 . 2004-08-04 12:00 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS 2009-07-29 20:17 . 2009-07-29 20:17 359040 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL 2009-07-28 09:08 . 2009-05-13 20:12 -------- d-----w- c:\program files\SolidWorks 2009-07-28 09:08 . 2009-05-04 21:20 -------- d-----w- c:\documents and settings\UROS2002\Application Data\SolidWorks 2009-07-22 21:14 . 2009-05-14 18:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2009-07-18 18:14 . 2009-05-04 18:57 42632 ----a-w- c:\documents and settings\UROS2002\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-14 15:40 . 2009-06-26 17:07 -------- d-----w- c:\program files\Activision 2009-07-13 23:04 . 2009-06-04 18:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{925D0C31-5256-42ED-B53A-2E541689BD38} 2009-07-13 16:29 . 2009-06-19 21:42 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Samsung 2009-07-13 16:28 . 2009-06-15 16:28 -------- d-----w- c:\program files\Serious Sam 2 2009-07-12 18:14 . 2009-05-04 20:43 -------- d-----w- c:\program files\Common Files\Nokia 2009-07-12 18:14 . 2009-05-04 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2009-06-29 22:11 . 2009-05-04 20:44 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Nokia 2009-06-28 16:10 . 2009-06-28 16:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_07_00.Wdf 2009-06-28 16:10 . 2009-06-28 16:10 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf 2009-06-28 16:10 . 2009-05-04 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2009-06-28 15:31 . 2009-05-04 20:43 -------- d-----w- c:\program files\Nokia 2009-06-28 15:30 . 2009-06-28 15:30 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaMusic 2009-06-28 14:06 . 2009-06-27 20:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Nokia 2009-06-28 13:17 . 2009-05-04 20:43 -------- d-----w- c:\program files\DIFX 2009-06-28 13:16 . 2009-06-28 13:16 -------- d-----w- c:\program files\PC Connectivity Solution 2009-06-28 13:15 . 2009-06-28 13:15 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\pcswpcsi.exe 2009-06-28 13:15 . 2009-06-28 13:15 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstCCD.exe 2009-06-28 13:15 . 2009-06-28 13:15 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2009-06-28 13:15 . 2009-06-28 13:15 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Installer\CommonCustomActions\UninstPCS.exe 2009-06-28 13:15 . 2009-06-28 13:15 33775224 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{55495E65-7C5B-48E4-BC7D-DE54F3DE5ED6}\Nokia_PC_Suite_7_1_30_8_eng.exe 2009-06-27 20:03 . 2009-06-27 20:03 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe 2009-06-27 20:03 . 2009-06-27 20:03 3351812 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe 2009-06-27 20:03 . 2009-06-27 20:03 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe 2009-06-27 20:03 . 2009-06-27 20:04 24376008 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_en.exe 2009-06-27 16:21 . 2009-06-27 16:21 -------- d-----w- c:\documents and settings\UROS2002\Application Data\Salling Software AB 2009-06-27 16:21 . 2009-06-27 16:21 360580 ----a-w- c:\windows\eSellerateEngine.dll 2009-06-27 00:18 . 2009-05-04 20:44 -------- d-----w- c:\documents and settings\UROS2002\Application Data\PC Suite . ------- Sigcheck ------- [-] 2009-08-02 13:12 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\dllcache\TCPIP.SYS [-] 2009-08-02 13:12 359040 6A603809F598332DBEDD535BDBCE313E c:\windows\system32\drivers\TCPIP.SYS [-] 2009-08-04 18:53 15360 7CAEBBF9ADEE40868803F56E2AD5365B c:\windows\system32\ctfmon.exe [-] 2009-08-05 00:23 15360 7CAEBBF9ADEE40868803F56E2AD5365B c:\windows\system32\dllcache\ctfmon.exe [7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\system32\dllcache\spoolsv.exe [-] 2009-08-05 00:20 111104 E456620D5C53EF444816417E38E57370 c:\windows\system32\wuauclt.exe [7] 2004-08-04 12:00 111104 4126D27CECE4471E00E425411F7306B5 c:\windows\system32\dllcache\wuauclt.exe [-] 2009-08-05 04:48 24576 04A2AEF29134857126E5B0F096C3B288 c:\windows\system32\userinit.exe [7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\dllcache\userinit.exe [-] 2009-08-05 00:20 13824 F33FDE1A1C9A3EAD0F207AD681A438B3 c:\windows\system32\wscntfy.exe [7] 2004-08-04 12:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\dllcache\wscntfy.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-21 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2009-08-05 16208896] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408] c:\documents and settings\UROS2002\Start Menu\Programs\Startup\ uTorrent.lnk - c:\program files\uTorrent\uTorrent.exe [2009-5-6 288048] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Ubisoft Entertainment\\Wheelman\\Binaries\\WheelmanGame-Final.exe"= "c:\\Program Files\\Activision\\Prototype\\prototypef.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "25365:TCP"= 25365:TCP:BND "27934:TCP"= 27934:TCP:BND "18759:TCP"= 18759:TCP:BND "24192:TCP"= 24192:TCP:BND "26761:TCP"= 26761:TCP:BND "21573:TCP"= 21573:TCP:BND "24197:TCP"= 24197:TCP:BND "15052:TCP"= 15052:TCP:BND "17595:TCP"= 17595:TCP:BND "20245:TCP"= 20245:TCP:BND "22795:TCP"= 22795:TCP:BND "27504:TCP"= 27504:TCP:BND "20120:TCP"= 20120:TCP:BND "1530:TCP"= 1530:TCP:BND "14980:TCP"= 14980:TCP:BND "5763:TCP"= 5763:TCP:BND "15929:TCP"= 15929:TCP:BND "28822:TCP"= 28822:TCP:BND R0 m5288;m5288;c:\windows\system32\drivers\m5288.sys [5/4/2009 6:36 PM 210304] R3 bbcap;bbcap;c:\windows\system32\drivers\bbcap.sys [6/4/2009 8:38 PM 4096] S2 gupdate1c9d4e03d969994;Google Update Service (gupdate1c9d4e03d969994);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] S3 MBLAUDRV;Mobiola Audio Service;c:\windows\system32\drivers\BTCamAudioDrv.sys [5/25/2009 11:21 PM 13312] S3 MBLAUDRVOUT;Mobiola Audio Out Service;c:\windows\system32\drivers\BTCamAudioDrvOut.sys [5/25/2009 11:21 PM 18304] S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [6/28/2009 3:16 PM 136704] S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [6/28/2009 3:16 PM 8320] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Intel Physical Routine 1.2A] c:\windows\stnetlib.exe . Contents of the 'Scheduled Tasks' folder 2009-08-02 c:\windows\Tasks\NeroLiveEpgUpdate-DEJAN-PC_UROS2002.job - c:\program files\Nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51] . - - - - ORPHANS REMOVED - - - - Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) HKU-Default-Run-reader_s - c:\documents and settings\UROS2002\reader_s.exe HKU-Default-Run-ms18_word - c:\documents and settings\UROS2002\ms18_word.exe . ------- Supplementary Scan ------- . uStart Page = hxxp://search.conduit.com/?SearchSource=10&ctid=CT1750559 IE: &Search - edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZRman000 IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-08-05 21:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-823518204-1326574676-839522115-1003\Software\SecuROM\License information] "datasecu"=hex:94,55,2f,d1,d5,ab,61,a3,6f,5e,e7,23,7b,75,b6,1c,5d,7c,7b,73,69, f5,d8,4f,1c,71,80,25,ee,02,0a,ce,96,3e,bd,35,34,5b,4f,6a,0c,1b,32,e1,67,1b,\ "rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(604) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'explorer.exe'(2068-) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\ati2evxx.exe c:\windows\system32\wscntfy.exe c:\program files\Windows Live\Contacts\wlcomm.exe . ************************************************************************* . Completion time: 2009-08-05 21:54 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-05 19:54 Pre-Run: 22,102,999,040 bytes free Post-Run: 24,580,255,744 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 339

Profil

helen1 Poslao: 05 Avg 2009 22:36 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8617 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uploaduj mi: c:\windows\system32\userinit.exe c:\windows\system32\wscntfy.exe c:\windows\system32\wuauclt.exe c:\windows\system32\caxl.exe preko sledeceg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

MyCity » Ambulanta -> Arhiva Ambulante » pomoc

Ko je trenutno na forumu

Ukupno su 859 korisnika na forumu :: 6 registrovanih, 5 sakrivenih i 848 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., Lazarus, pera12345, suton, uruk, VJ

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by