MyCity » Ambulanta -> Arhiva Ambulante » CPU 100%

CPU 100%

Napisano na dan: 29.12.2009

CPU 100%

Sledeća strana

Pagination

Odgovori

Anonymous358 Poslao: 29 Dec 2009 20:37 Idi na vrh
offline Anonymous358 Gost	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Od prije dva dana mi se dešava ovo ali sam tek danas to primijetio kada sam sa Diskepperom defragmentirao D Disk i izbacio mi je da na D Particiji ima prostora koji koristi neki program.Onda sam na toj particiji uočio neku aplikaciju update.exe, a procesor je non stop na 100% i uvijek je pokrenuto od 32 do 35 procesa. Na D Particiji imam samo svoje dokumente tako da sam siguran da to nije moje.Onda sam primijetio da su prilikom restarta računara uvijek otkriveni skriveni fajlovi mada ih ja uvijek čekiram po defaultu. Onda Malwarebytes nemogu da pokrenem u normalnom režimu rada nego samo u Safe Mode mada on ništa ne pronalazi. Kada taj fajl update.exe u Safe mode obrišem nakon restarta se opet pojavi i skriveni fajlovi su opet otkriveni.Pošto sam preko Unlockera pokušao da obrišem tu aplikaciju na D Particiji nakon restarta mi je počeo izbacivati ove prozorčiće: Sada mi pokazuje samo ovu kada restartam računar A evo kako to izgleda kada na update.exe kliknem na propertis DDS (Ver_09-12-01.01) - NTFSx86 Run by Administrator at 19:10:35,31 on uto 29.12.2009 Internet Explorer: 6.0.2900.5512 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.562 [GMT 1:00] AV: AntiVir Desktop On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} ============== Running Processes =============== C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\TUProgSt.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Documents and Settings\Administrator\Application Data\update.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Administrator\Desktop\dds.scr ============== Pseudo HJT Report =============== uInternet Settings,ProxyServer = socks= uURLSearchHooks: IMBooster4web-en Toolbar: {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbIMBo.dll mWinlogon: UIHost=c:\documents and settings\all users\application data\tuneup software\tuneup utilities\winstyler\tu_logonui.exe BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll BHO: IMBooster4web-en Toolbar: {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbIMBo.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL BHO: Windows Live Pomoc za prijavu: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll TB: IMBooster4web-en Toolbar: {346de098-61f9-4b42-89da-6dfba7091bb6} - c:\program files\imbooster4web-en\tbIMBo.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [SoundMan] SOUNDMAN.EXE mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H mRun: [USB Antivirus] c:\program files\usb disk security\USBGuard.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [csrsx.exe] c:\documents and settings\administrator\application data\update.exe mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\documents and settings\all users\start menu\programs\startup\update.exe IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm IE: Download with IDM - c:\program files\internet download manager\IEExt.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab TCP: {A9A54010-1D2E-4CBB-9034-FEF0F560B82D} = 77.78.192.10 77.78.192.20 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~1\office12\GR99D3~1.DLL Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office12\GRA8E1~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\l0gp97os.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search FF - prefs.js: browser.startup.homepage - google.ba FF - component: c:\documents and settings\administrator\application data\idm\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\FFExternalAlert.dll FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\RadioWMPCore.dll FF - component: c:\program files\mozilla firefox\components\FFComm.dll FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-25 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-25 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-25 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-9-30 56816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-29 276816] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-12-7 10752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-29 19160] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S1 HWiNFO32;HWiNFO32 Kernel Driver; [x] =============== Created Last 30 ================ 2009-12-29 17:13:44 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 17:13:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 17:13:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 16:24:40 6074 ----a-w- c:\windows\system32\RW_AppData.dat 2009-12-29 16:24:40 56 ----a-w- c:\windows\system32\RW_{A3250EAA-ADB1-11DE-8B94-806D6172696F}.dat 2009-12-29 16:24:40 56 ----a-w- c:\windows\system32\RW_{A3250EA9-ADB1-11DE-8B94-806D6172696F}.dat 2009-12-29 16:24:40 2560 ----a-w- c:\windows\system32\RW_FileType.dat 2009-12-29 16:24:40 204 ----a-w- c:\windows\system32\RW_FileFlag.dat 2009-12-29 16:18:07 265247 --s---w- c:\docume~1\admini~1\applic~1\update.exe 2009-12-28 11:24:44 0 d-----w- c:\documents and settings\administrator\DoctorWeb 2009-12-25 19:44:46 0 d-----w- c:\program files\Avira 2009-12-25 19:44:46 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira 2009-12-25 18:19:08 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender 2009-12-25 18:18:26 0 d-----w- c:\program files\common files\BitDefender 2009-12-25 17:39:16 0 d-----w- c:\program files\Windows Live SkyDrive 2009-12-24 18:11:31 0 d-----w- c:\docume~1\admini~1\applic~1\BitTorrent 2009-12-24 18:11:20 0 d-----w- c:\program files\BitTorrent 2009-12-24 09:11:29 0 d-----w- c:\windows\system32\wbem\Repository 2009-12-23 21:48:51 6455296 ----a-w- c:\documents and settings\administrator\NTUSER.DAT_tureg_old 2009-12-22 19:49:26 0 d-----w- c:\program files\Your Uninstaller 2010 2009-12-22 19:13:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Innovative Solutions 2009-12-20 18:57:19 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2009-12-18 21:07:22 0 d-----w- c:\program files\PDF Suite 2009-12-18 17:15:04 265247 --s---w- c:\docume~1\admini~1\applic~1\j9Q.exe 2009-12-17 09:54:22 0 d-----w- c:\program files\USB Disk Security 2009-12-16 15:05:00 0 d-----w- c:\windows\hi_548BDC41 2009-12-16 15:04:56 0 ----a-w- c:\windows\{BG05583A-3WSI-8D38-MO0R-X13Q8PK0JQD1} 2009-12-16 10:54:43 265728 -c----w- c:\windows\system32\dllcache\http.sys 2009-12-14 12:56:48 0 ----a-w- c:\windows\XXLGSC 2009-12-14 12:55:59 2455 ----a-w- c:\windows\TRNCOM.INI 2009-12-14 12:54:37 0 d-----w- c:\docume~1\alluse~1\applic~1\LangSoft 2009-12-14 12:54:36 0 d-----w- c:\docume~1\admini~1\applic~1\LangSoft 2009-12-10 18:30:14 50274 ----a-w- c:\windows\system32\oemlogo.bmp 2009-12-09 11:51:56 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-12-09 11:14:42 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software 2009-12-08 11:10:00 608448 ----a-w- c:\windows\system32\comctl32.ocx 2009-12-08 11:09:45 0 d-----w- c:\program files\Total Video Converter 2009-12-07 16:53:46 180224 ----a-w- c:\windows\system32\WinVd32.sys 2009-12-07 16:53:42 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2009-12-07 16:53:42 10752 ----a-w- c:\windows\system32\WinFLdrv.sys 2009-12-07 16:53:41 0 d-sh--w- c:\docume~1\admini~1\applic~1\.# 2009-12-07 16:53:26 33982 ----a-w- c:\windows\system32\flk-icon.ico 2009-12-06 17:05:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro 2009-12-04 17:27:11 3247 ----a-w- c:\windows\system32\wbem\Outlook_01ca75070375469e.mof 2009-12-03 16:37:08 0 d-----w- c:\program files\RegistryFix7 2009-12-03 13:51:35 0 d-----w- c:\docume~1\admini~1\applic~1\IDM 2009-12-03 13:50:42 0 d-----w- c:\program files\Internet Download Manager 2009-12-03 13:27:20 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-12-03 13:27:20 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-12-03 13:27:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-12-03 13:27:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-30 12:10:26 0 d-----w- c:\program files\TuneUp Utilities 2010 ==================== Find3M ==================== 2009-12-24 09:27:08 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-12-17 20:19:42 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2009-12-09 12:23:01 2328960 ----a-w- c:\windows\system32\TUKernel.exe 2009-11-27 12:26:33 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-11-27 12:26:27 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-25 10:19:02 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-10-27 13:01:07 88 --sh--r- c:\docume~1\alluse~1\applic~1\115CBE059C.sys 2009-10-22 06:05:44 81984 ----a-w- c:\windows\system32\bdod.bin 2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-14 10:23:58 61440 ----a-w- c:\windows\system32\flcss.exe 2009-10-13 10:38:09 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 17:58:48 150016 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:28:47 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-12 13:21:37 39800 ----a-w- c:\windows\fonts\Square 721 extended bt.ttf 2009-10-12 13:21:24 46864 ----a-w- c:\windows\fonts\Digital.TTF 2009-09-30 09:49:17 16384 --sha-w- c:\windows\system32\config\systemprofile\cookies\index.dat 2009-09-30 11:14:39 245760 --sha-w- c:\windows\system32\config\systemprofile\ietldcache\index.dat 2009-09-30 09:49:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\index.dat 2009-09-30 09:49:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009093020091001\index.dat 2009-09-30 09:49:17 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\temporary internet files\content.ie5\index.dat ============= FINISH: 19:11:13,39 =============== Aviru sam morao isključiti jer je Gmer detektovala kao virus. mycity.rs/must-login.png Evo i Gmer logova: mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

Bogdan-Tc Poslao: 29 Dec 2009 21:15 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Anonymous358 Poslao: 30 Dec 2009 11:20 Idi na vrh
offline Anonymous358 Gost	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Koliko mogu da primijetimsada je sve u redu, prozorčići ne iskaču, pokrenuo sam evo i Malwarebytes Anti Malware. Evo i log od Combofixa: ComboFix 09-12-29.05 - Administrator 30.12.2009 10:53:37.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.669 [GMT 1:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop On-access scanning disabled (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7} AV: ESET NOD32 Antivirus 4.0 On-access scanning disabled (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Administrator\Application Data\.# c:\documents and settings\Administrator\Application Data\j9Q.exe c:\documents and settings\Administrator\Application Data\update.exe c:\documents and settings\All Users\Start Menu\Programs\Startup\update.exe c:\windows\system32\404Fix.exe c:\windows\system32\Agent.OMZ.Fix.exe c:\windows\system32\dumphive.exe c:\windows\system32\IEDFix.C.exe c:\windows\system32\IEDFix.exe c:\windows\system32\logs c:\windows\system32\o4Patch.exe c:\windows\system32\Process.exe c:\windows\system32\SrchSTS.exe c:\windows\system32\VACFix.exe c:\windows\system32\VCCLSID.exe c:\windows\system32\WS2Fix.exe D:\update.exe . ((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-30 ))))))))))))))))))))))))))))))) . 2009-12-29 17:13 . 2009-12-03 15:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-29 17:13 . 2009-12-29 17:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-29 17:13 . 2009-12-03 15:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-29 16:24 . 2009-12-29 16:24 6074 ----a-w- c:\windows\system32\RW_AppData.dat 2009-12-29 16:24 . 2009-12-29 16:24 56 ----a-w- c:\windows\system32\RW_{A3250EAA-ADB1-11DE-8B94-806D6172696F}.dat 2009-12-29 16:24 . 2009-12-29 16:24 56 ----a-w- c:\windows\system32\RW_{A3250EA9-ADB1-11DE-8B94-806D6172696F}.dat 2009-12-29 16:24 . 2009-12-29 16:24 2560 ----a-w- c:\windows\system32\RW_FileType.dat 2009-12-29 16:24 . 2009-12-29 16:24 204 ----a-w- c:\windows\system32\RW_FileFlag.dat 2009-12-28 18:51 . 2009-12-23 16:57 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\FFExternalAlert.dll 2009-12-28 18:51 . 2009-12-23 16:57 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\RadioWMPCore.dll 2009-12-28 17:43 . 2009-12-29 16:56 -------- dc----w- c:\windows\system32\DRVSTORE 2009-12-28 11:24 . 2009-12-28 11:24 -------- d-----w- c:\documents and settings\Administrator\DoctorWeb 2009-12-25 19:44 . 2009-03-30 08:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys 2009-12-25 19:44 . 2009-02-13 10:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2009-12-25 19:44 . 2009-02-13 10:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2009-12-25 19:44 . 2009-12-25 19:44 -------- d-----w- c:\program files\Avira 2009-12-25 19:44 . 2009-12-25 19:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2009-12-25 18:19 . 2009-12-25 19:39 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2009-12-25 18:18 . 2009-12-25 19:39 -------- d-----w- c:\program files\Common Files\BitDefender 2009-12-25 17:39 . 2009-12-25 17:39 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-12-25 17:39 . 2009-12-25 17:40 -------- d-----w- c:\program files\Windows Live 2009-12-24 18:11 . 2009-12-26 16:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitTorrent 2009-12-24 18:11 . 2009-12-24 18:13 -------- d-----w- c:\program files\BitTorrent 2009-12-24 16:33 . 2009-12-24 16:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Temp 2009-12-24 09:28 . 2009-12-24 09:28 -------- d-----w- c:\program files\CyberLink 2009-12-24 09:11 . 2009-12-24 09:11 -------- d-----w- c:\windows\system32\wbem\Repository 2009-12-23 18:58 . 2009-12-28 18:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google 2009-12-22 19:49 . 2009-12-22 19:49 -------- d-----w- c:\program files\Your Uninstaller 2010 2009-12-22 19:13 . 2009-12-22 19:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Innovative Solutions 2009-12-22 19:13 . 2009-12-22 19:13 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Innovative Solutions 2009-12-21 16:54 . 2009-12-21 16:54 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Help 2009-12-20 18:57 . 2009-12-17 20:14 30024 ----a-w- c:\windows\system32\uxtuneup.dll 2009-12-19 17:29 . 2009-12-19 17:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Xenocode 2009-12-18 21:07 . 2009-12-18 21:12 -------- d-----w- c:\program files\PDF Suite 2009-12-17 11:02 . 2009-12-17 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype 2009-12-17 09:54 . 2009-12-17 10:29 -------- d-----w- c:\program files\USB Disk Security 2009-12-16 15:05 . 2009-12-16 15:05 -------- d-----w- c:\windows\hi_548BDC41 2009-12-16 10:54 . 2009-10-20 16:20 265728 -c----w- c:\windows\system32\dllcache\http.sys 2009-12-14 12:54 . 2009-12-14 12:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LangSoft 2009-12-14 12:54 . 2009-12-14 12:58 -------- d-----w- c:\documents and settings\Administrator\Application Data\LangSoft 2009-12-09 12:20 . 2009-12-09 12:20 2755072 ----a-w- c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe 2009-12-09 11:51 . 2009-12-09 11:51 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2009-12-09 11:14 . 2009-12-09 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2009-12-08 11:09 . 2009-12-11 16:28 -------- d-----w- c:\program files\Total Video Converter 2009-12-07 16:53 . 2009-12-07 16:53 180224 ----a-w- c:\windows\system32\WinVd32.sys 2009-12-07 16:53 . 2009-12-07 16:53 7680 ----a-w- c:\windows\system32\WinFLsrv.exe 2009-12-07 16:53 . 2009-12-07 16:53 10752 ----a-w- c:\windows\system32\WinFLdrv.sys 2009-12-06 19:34 . 2009-12-06 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2009-12-06 17:05 . 2009-12-06 17:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro 2009-12-03 16:37 . 2009-12-29 16:57 -------- d-----w- c:\program files\RegistryFix7 2009-12-03 13:51 . 2009-12-03 13:51 198064 ----a-w- c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll 2009-12-03 13:51 . 2009-12-27 18:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\IDM 2009-12-03 13:50 . 2009-12-03 13:50 -------- d-----w- c:\program files\Internet Download Manager 2009-12-03 13:27 . 2001-08-17 12:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys 2009-12-03 13:27 . 2001-08-17 12:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys 2009-12-03 13:27 . 2008-04-13 23:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys 2009-12-03 13:27 . 2008-04-13 23:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys 2009-11-30 12:10 . 2009-12-20 18:57 -------- d-----w- c:\program files\TuneUp Utilities 2010 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-12-30 09:49 . 2009-09-30 14:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\DMCache 2009-12-29 17:31 . 2009-09-30 12:41 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-12-28 15:15 . 2009-10-06 14:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall 2009-12-25 19:35 . 2009-10-19 11:41 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2009-12-24 09:27 . 2009-09-30 19:16 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-12-24 09:27 . 2009-09-30 19:16 53319 ----a-w- c:\documents and settings\All Users\Application Data\TEMP\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\PostBuild.exe 2009-12-24 09:09 . 2009-09-30 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\CyberLink 2009-12-24 09:09 . 2009-09-30 19:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\CyberLink 2009-12-24 09:09 . 2009-09-30 19:18 -------- d-----w- c:\program files\Common Files\CyberLink 2009-12-19 17:29 . 2009-11-06 18:06 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero 2009-12-17 20:19 . 2009-10-31 15:11 30536 ----a-w- c:\windows\system32\TURegOpt.exe 2009-12-17 09:55 . 2009-09-30 14:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab 2009-12-11 17:58 . 2009-09-30 13:49 -------- d-----w- c:\program files\Unlocker 2009-12-11 16:27 . 2009-11-17 19:34 -------- d-----w- c:\program files\PhotoScape 2009-12-10 19:06 . 2009-09-30 12:38 -------- d-----w- c:\program files\Foxit Software 2009-12-09 12:23 . 2009-11-06 16:28 2328960 ----a-w- c:\windows\system32\TUKernel.exe 2009-12-09 10:25 . 2009-09-30 12:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\URSoft 2009-12-04 20:23 . 2009-09-30 11:56 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{66E2F539-12B6-4870-A500-7689CDE75C5E} 2009-12-01 10:19 . 2009-09-30 10:20 73952 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-30 12:10 . 2009-09-30 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2009-11-30 12:07 . 2009-09-30 11:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-11-30 11:57 . 2009-09-30 11:38 -------- d-----w- c:\program files\Microsoft Visual Studio 8 2009-11-28 09:06 . 2009-09-30 12:20 -------- d-----w- c:\program files\Opera 2009-11-27 12:26 . 2009-11-27 12:26 604488 ----a-w- c:\windows\system32\TUProgSt.exe 2009-11-27 12:26 . 2009-11-27 12:26 361288 ----a-w- c:\windows\system32\TuneUpDefragService.exe 2009-11-27 12:22 . 2009-09-30 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\TuneUp Software 2009-11-25 20:16 . 2009-11-25 20:16 0 ----a-w- c:\windows\Infob.dat 2009-11-25 20:16 . 2009-11-25 20:16 0 ----a-w- c:\windows\Infoa.dat 2009-11-25 19:50 . 2009-10-27 15:59 -------- d-----w- c:\program files\IMBooster4web-en 2009-11-25 10:19 . 2009-09-30 14:31 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-11-24 16:14 . 2009-09-30 09:27 -------- d-----w- c:\program files\Windows Desktop Search 2009-11-21 15:51 . 2008-04-14 15:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll 2009-11-20 10:43 . 2009-09-30 12:23 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-11-17 19:16 . 2009-11-17 19:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Free Photo Converter 2009-11-17 19:02 . 2009-11-17 19:02 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\IrfanView (remove only)\40000014400002i\i_view32.exe 2009-11-17 18:57 . 2009-11-17 18:57 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\IrfanView (remove only)\4000008000002i\Splash Screen.exe 2009-11-13 16:57 . 2009-11-13 16:57 -------- d-----w- c:\program files\Common Files\Adobe 2009-11-11 16:50 . 2009-09-30 11:47 -------- d-----w- c:\program files\Microsoft Works 2009-11-11 16:23 . 2009-11-11 16:23 -------- d-----w- c:\program files\MSECache 2009-11-10 18:09 . 2009-11-10 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverCure 2009-11-10 18:01 . 2009-11-10 18:01 1105920 ----a-w- c:\documents and settings\All Users\Application Data\ParetoLogic\UUS2\DriverCure\Temp\Update.exe 2009-11-10 16:09 . 2009-11-10 16:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\DriverCure 2009-11-10 16:09 . 2009-11-10 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\ParetoLogic 2009-11-03 16:36 . 2009-11-03 16:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\HideIP 2009-11-02 09:57 . 2009-11-02 09:57 303104 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Virus Cleaner\10000002200002i\wmiapsrv.exe 2009-11-02 09:56 . 2009-11-02 09:56 303104 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Virus Cleaner\4000008000002i\Splash Screen.exe 2009-11-02 09:56 . 2009-11-02 09:56 303104 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Virus Cleaner\40000035200002i\last MCleaner.exe 2009-10-31 16:00 . 2009-10-31 16:00 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software 2009-10-31 15:26 . 2009-09-30 19:11 -------- d-----w- c:\program files\Ashampoo 2009-10-31 15:09 . 2009-10-31 15:09 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-10-27 19:43 . 2009-10-27 19:43 39936 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\RegCure 1.6.0.0\10000006600002i\regedit.exe 2009-10-27 19:24 . 2009-10-27 19:24 0 ----a-w- c:\windows\diskpt.dat 2009-10-27 13:01 . 2009-10-05 08:34 88 --sh--r- c:\documents and settings\All Users\Application Data\115CBE059C.sys 2009-10-27 13:01 . 2009-10-05 08:34 88 --sh--r- c:\documents and settings\All Users\Application Data\115CBE059C.sys 2009-10-26 18:23 . 2009-10-26 18:23 7680 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Driver Genius Professional Edition\4000005100002i\Liveupdate.exe 2009-10-22 06:05 . 2009-09-30 13:18 81984 ----a-w- c:\windows\system32\bdod.bin 2009-10-21 05:38 . 2008-04-14 15:00 75776 ----a-w- c:\windows\system32\strmfilt.dll 2009-10-21 05:38 . 2008-04-14 15:00 25088 ----a-w- c:\windows\system32\httpapi.dll 2009-10-20 16:20 . 2008-04-14 15:00 265728 ----a-w- c:\windows\system32\drivers\http.sys 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\wsbl.dat 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\ph_white.dat 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\ph_summ.dat 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\ph_black.dat 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\pcwords2.dat 2009-10-19 15:29 . 2009-10-19 15:29 0 ----a-w- c:\windows\system32\pcwords.dat 2009-10-19 11:51 . 2009-10-19 11:51 4 ----a-w- c:\windows\system32\aspdict-en.dat 2009-10-19 11:51 . 2009-10-19 11:51 16 ----a-w- c:\windows\system32\asdict.dat 2009-10-15 18:33 . 2009-10-15 18:33 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\400000c00002i\jqsnotify.exe 2009-10-15 18:33 . 2009-10-15 18:33 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\400000df00002i\firefox.exe 2009-10-15 18:11 . 2009-10-15 18:23 148872 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\%ProgramFilesDir%\Spyware Doctor\filehlpr.dll 2009-10-15 18:10 . 2009-10-15 18:23 116616 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\%ProgramFilesDir%\Spyware Doctor\commhlpr.dll 2009-10-15 18:09 . 2009-10-15 18:23 825224 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\%ProgramFilesDir%\Spyware Doctor\commlib.dll 2009-10-15 18:09 . 2009-10-15 18:23 923528 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\%ProgramFilesDir%\Spyware Doctor\commom.dll 2009-10-15 18:08 . 2009-10-15 18:08 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\4000002a100002i\pctsGui.exe 2009-10-15 18:08 . 2009-10-15 18:08 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\4000003200002i\sdloader.exe 2009-10-15 17:51 . 2009-10-15 17:51 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\4000003bf00002i\update.exe 2009-10-15 17:51 . 2009-10-15 17:51 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\40000011400002i\pctsTray.exe 2009-10-15 17:50 . 2009-10-15 17:50 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\400000ee00002i\pctsSvc.exe 2009-10-15 17:50 . 2009-10-15 17:50 7168 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\Spyware Doctor 5.5\400000bd00002i\pctsAuxs.exe 2009-10-14 10:23 . 2009-10-14 10:24 61440 ----a-w- c:\windows\system32\flcss.exe 2009-10-13 10:38 . 2009-01-27 20:04 270336 ----a-w- c:\windows\system32\oakley.dll 2009-10-12 17:58 . 2009-03-20 16:07 150016 ----a-w- c:\windows\system32\rastls.dll 2009-10-12 13:28 . 2008-04-14 15:00 79872 ----a-w- c:\windows\system32\raschap.dll 2009-10-06 14:03 . 2009-10-06 14:03 39936 ----a-w- c:\documents and settings\Administrator\Application Data\Thinstall\RegCure 1.6.0.0\4000008000002i\Splash Screen.exe 2009-10-05 11:06 . 2009-10-05 10:00 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2009-10-01 12:24 . 2009-09-30 09:33 86327 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat 2009-12-25 18:33 . 2009-12-25 18:24 47104 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll . ------- Sigcheck ------- [-] 2009-04-18 . 25A740D70E8007814A48D3FA1B34FA34 . 361600 . . [5.1.2600.5649] . . c:\windows\system32\drivers\tcpip.sys [-] 2009-04-18 . C951DB3D9B6EF3CF4B82454D30A8BF59 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMBo.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346de098-61f9-4b42-89da-6dfba7091bb6}] 2009-07-15 09:09 2224152 ----a-w- c:\program files\IMBooster4web-en\tbIMBo.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMBo.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{346DE098-61F9-4B42-89DA-6DFBA7091BB6}"= "c:\program files\IMBooster4web-en\tbIMBo.dll" [2009-07-15 2224152] [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2009-12-14 819200] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-12-03 429392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="c:\documents and settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD9LanguageShortcut] 2008-10-13 19:41 50472 ------w- c:\program files\CyberLink\PowerDVD9\Language\Language.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl9] 2009-02-16 08:55 87336 ------w- c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "JavaQuickStarterService"=2 (0x2) "MBAMService"=2 (0x2) "wuauserv"=2 (0x2) "BITS"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\TrackMania Sunrise\\TmSunrise.exe"= "c:\\Program Files\\Opera\\opera.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [25.12.2009 20:44 108289] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [29.12.2009 18:13 276816] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [17.12.2009 21:17 1044808] R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [7.12.2009 17:53 10752] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [29.12.2009 18:13 19160] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [14.10.2009 7:24 10064] S1 HWiNFO32;HWiNFO32 Kernel Driver; [x] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . Contents of the 'Scheduled Tasks' folder 2009-12-30 c:\windows\Tasks\Automatic troubleshooting.job - c:\program files\TuneUp Utilities 2010\TuneUpSystemStatusCheck.exe [2009-12-17 20:23] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyServer = socks= IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l0gp97os.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - IMBooster4web-en Customized Web Search FF - prefs.js: browser.startup.homepage - google.ba FF - component: c:\documents and settings\Administrator\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\FFExternalAlert.dll FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\l0gp97os.default\extensions\{346de098-61f9-4b42-89da-6dfba7091bb6}\components\RadioWMPCore.dll FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-connections-per-server - 6 FF - user.js: network.http.max-persistent-connections-per-server - 3 FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - FF - user.js: browser.blink_allowed - true FF - user.js: network.prefetch-next - true FF - user.js: nglayout.initialpaint.delay - 50 FF - user.js: layout.spellcheckDefault - 1 FF - user.js: browser.search.openintab - false FF - user.js: browser.tabs.closeButtons - 1 FF - user.js: browser.tabs.opentabfor.middleclick - true FF - user.js: browser.tabs.tabMinWidth - 100 . - - - - ORPHANS REMOVED - - - - Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKLM-Run-csrsx.exe - c:\documents and settings\Administrator\Application Data\update.exe AddRemove-HijackThis - c:\documents and settings\Administrator\Desktop\Maid\HijackThis.exe ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-12-30 10:58 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... c:\windows\system32\sys_drv.dat 6024 bytes c:\windows\system32\sys_drv_2.dat 5020 bytes scan completed successfully hidden files: 2 ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-796845957-651377827-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (Administrator) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,cf,55,3e,b4,ad,8b,47,a8,cc,6f,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7a,cf,55,3e,b4,ad,8b,47,a8,cc,6f,\ [HKEY_USERS\S-1-5-21-796845957-651377827-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F476597-023C-CC7A-78B0-25754CFB4DC1}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "abjlfdfleochkeldhbmgchbamcpoideelg"=hex:61,61,00,00 "mailedbpbfffocbjdlkmehjjaj"=hex:61,61,00,00 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\software\zbshareware] @DACL=(02 0000) "times"="8" "lastcheck"="30" "Name"="ledworld" "Code"="BHJDH17937" "autorun"="1" DUMPHIVE0.003 (REGF) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(732) c:\windows\system32\Ati2evxx.dll . Completion time: 2009-12-30 11:00:52 ComboFix-quarantined-files.txt 2009-12-30 10:00 Pre-Run: 7.912.734.720 bytes free Post-Run: 7.917.752.320 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /TUTag=N8XJQS /Kernel=TUKernel.exe multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional (TuneUp Backup)" /noexecute=optin /fastdetect /TUTag=N8XJQS-BAK - - End Of File - - 84C5B1EED1B1A67ADFE2452630DF7FB7

Profil

Bogdan-Tc Poslao: 30 Dec 2009 21:19 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: File:: c:\windows\system32\RW_AppData.dat c:\windows\system32\RW_{A3250EAA-ADB1-11DE-8B94-806D6172696F}.dat c:\windows\system32\RW_{A3250EA9-ADB1-11DE-8B94-806D6172696F}.dat c:\windows\system32\RW_FileType.dat c:\windows\system32\RW_FileFlag.dat c:\windows\system32\rezumatenoi.dat c:\documents and settings\All Users\Application Data\115CBE059C.sys c:\windows\system32\flcss.exe DirLook:: c:\windows\hi_548BDC41 Reg Lock:: [HKEY_USERS\S-1-5-21-796845957-651377827-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences] Reg Null:: [HKEY_USERS\S-1-5-21-796845957-651377827-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9F476597-023C-CC7A-78B0-25754CFB4DC1}*] Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Anonymous358 Poslao: 31 Dec 2009 21:26 Idi na vrh
offline Anonymous358 Gost	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Druže, ja sam mislio da je to gotovo i deinstalirao sam Combofix. Hvala ti u svakom slučaju. Sad zasad ne primjećujem nikakve probleme, ako bude biću slobodan da se javim. Pozdrav i sretna Nova 2010 godina.

Profil

Bogdan-Tc Poslao: 31 Dec 2009 22:19 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ok... Takođe i tebi Srećna Nova...

Profil

Anonymous358 Poslao: 12 Jan 2010 19:24 Idi na vrh
offline Anonymous358 Gost	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Poslije korištenja Combofixa ne radi mi na CD-DVD-Čitaču funkcija Autopley. U programu Tweak UI sam čekirao pokretanje međutim opet neće.U opciji Run> gpedit.msc nemam opcije za Autopley. Kako da pokrenem jer sve moram ručno pokretat.

Profil

Bogdan-Tc Poslao: 12 Jan 2010 22:11 Idi na vrh
offline Bogdan-Tc Anti Malware Fighter Rank 1 Pridružio: 04 Jan 2009 Poruke: 2168	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pročitaj na ovom linku...ima par tema "Kako uključiti Autorun" http://www.mycity.rs/Windows/Pravila-Windows-forum.....mestu.html

Profil

MyCity » Ambulanta -> Arhiva Ambulante » CPU 100%

Ko je trenutno na forumu

Ukupno su 1133 korisnika na forumu :: 41 registrovanih, 8 sakrivenih i 1084 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Asparagus, avijacija, babaroga, Bane san, Ben Roj, bokisha253, brundo65, cikadeda, Darko8, djboj, Dorcolac, dragoljub11987, dule10savic, GAGI, Georgius, GORDI, Hans Gajger, HrcAk47, Istman, jukeboxer, kokodakalo, Kruger, kybonacci, milenko crazy north, Milometer, Milos ZA, MiroslavD, Motocar, nebojsag, nemkea71, Povratak1912, Prašinar, raptorsi, Sass Drake, Tvrtko I, vasa.93, vaskrs, vathra, vladaa012, Zimbabwe, zoranis

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by