MyCity » Ambulanta -> Arhiva Ambulante » Kompjuter spor

Kompjuter spor

Napisano na dan: 6.11.2009

Strana:
1
2
3

Kompjuter spor

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3

Vuk0125 Poslao: 06 Nov 2009 20:31 Idi na vrh
offline Vuk0125 Građanin Pridružio: 26 Maj 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: E ovako,, kompjuter mi je veoma spor i strasno koci.. Pogotovo internet.. Prije jedno 3-4 mijeseca sam na nekom forumu nasao uputstvi kako ubrzati kompjuter.. I posle te ispravke kompjuter je normalno radio ali posle 5-6 dana je poceo da strasno koci.. Tj. on ne koci onako da ne mogu nista da radim,, vec je Spor i internet je takodje veoma spor(sto je i najveci problem) ne mogu da igram igrice preko interneta koje sam mogao igrati prije..(cs, dofus, evony i ostale online igrice).. Nadam se da cete mi pomoci..Mnogo hvala.. DDS (Ver_09-10-26.01) - NTFSx86 Run by kasalica at 17:54:58,81 on ??? 06.11.2009 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.510.31 [GMT 1:00] AV: AVG Internet Security On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\AVG\AVG8\avgam.exe C:\WINDOWS\system32\nvsvc32.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\CyberLink\PowerCinema\PCMService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\kasalica\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearch Page = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR uSearch Bar = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR uURLSearchHooks: H - No File uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\mpk\MPK.exe mWinlogon: Taskman=c:\recycler\s-1-5-21-2854715588-4667741251-357706565-9810\wingn.exe BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: {2bae58c2-79f9-45d1-a286-81f911301c3a} - P2P Energy Toolbar BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: P2P Energy Toolbar: {2bae58c2-79f9-45d1-a286-81f911301c3a} - TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [DriverUpdaterPro] c:\program files\xpc tools\driver updater pro\DriverUpdaterPro.exe -t mRun: [RTHDCPL] RTHDCPL.EXE mRun: [SkyTel] SkyTel.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe" mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe" mRun: [WinampAgent] "c:\program files\winamp\winampa.exe" mRun: [tsnpstd3] c:\windows\tsnpstd3.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: Visit in &3D using ExitReality - 3d.exitreality.com/TransmogrifyPage.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\windows\system32\imon.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: {8E2CEDB7-F93C-4358-8EA8-B6E2943C7FE1} = 195.66.160.1 195.66.160.2 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\ievony\Skype4COM.dll Notify: avgrsstarter - avgrsstx.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {28ABC5C0-4FCB-11CF-AAX5-81CX1C635612} - c:\recycler\s-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\kasalica\applic~1\mozilla\firefox\profiles\6irdwhxp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15015&l=dis FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q= FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\docume~1\kasalica\applic~1\powerc~1\nppowerloader.dll FF - plugin: c:\program files\opera 10 preview\program\plugins\npdsplay.dll FF - plugin: c:\program files\opera 10 preview\program\plugins\npwmsdrm.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-9-17 12552] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-1-31 11264] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-17 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-17 108552] R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-17 297752] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2009-9-26 2831232] S2 spoolsv.exe;spoolsv.exe;c:\windows\system32\drivers\etc\services.exe /name:"spoolsv.exe" /start:"install.exe" --> c:\windows\system32\drivers\etc\Services.exe [?] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [2009-1-31 751104] ============== File Associations =============== regfile="regedit.exe" "%1" =============== Created Last 30 ================ 2010-03-25 11:45:15 0 d-----w- C:\hlds 2010-03-25 07:21:56 0 d-----w- c:\docume~1\kasalica\applic~1\uTorrent 2010-03-21 10:51:03 0 d-----w- c:\program files\VirtualDJ 2010-03-18 11:10:48 0 d-----w- c:\program files\Guitar Pro 5 2010-03-12 18:27:38 424 ----a-w- c:\windows\(zabranjeno)pdf.INI 2010-03-06 11:09:17 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-02 15:22:49 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite 2010-03-02 15:22:41 0 d-----w- c:\program files\DAEMON Tools Toolbar 2010-03-02 15:22:34 0 d-----w- c:\program files\DAEMON Tools Lite 2010-03-02 15:22:25 0 d-----w- c:\docume~1\kasalica\applic~1\DAEMON Tools Lite 2010-03-02 12:19:11 0 d-----w- c:\program files\DAEMON Tools Pro 2010-03-02 12:19:11 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro 2010-03-02 12:14:38 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-02 12:14:33 0 d-----w- c:\docume~1\kasalica\applic~1\DAEMON Tools Pro 2010-02-28 21:55:47 0 d-----w- c:\program files\Robster Productions 2010-02-24 20:37:12 0 d-----w- c:\program files\ExitReality 2010-02-24 10:24:27 0 d-----w- c:\windows\system32\appmgmt 2010-02-23 14:28:54 0 d-----w- c:\program files\Winampa 2010-02-23 14:28:54 0 d-----w- c:\docume~1\kasalica\applic~1\Winampa 2010-02-23 14:19:45 82 ----a-w- c:\windows\mafosav.INI 2010-02-23 14:08:15 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-02-23 14:08:15 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-02-23 14:08:15 129784 ------w- c:\windows\system32\pxafs.dll 2010-02-23 12:17:32 0 d-sh--w- c:\documents and settings\kasalica\UserData 2009-11-06 13:43:52 0 d-----w- c:\program files\iEvony 2009-11-01 12:47:58 266360 ----a-w- c:\windows\system32\TweakUI.exe 2009-11-01 12:47:58 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf 2009-10-27 15:11:46 151 ----a-w- c:\windows\PhotoSnapViewer.INI 2009-10-23 14:21:49 0 d-----w- c:\program files\Carambis 2009-10-20 20:20:46 0 d-----w- c:\program files\Direct MIDI to MP3 Converter 2009-10-20 20:12:26 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-10-18 09:08:04 0 d-----w- c:\docume~1\kasalica\applic~1\Sports Interactive 2009-10-18 09:03:06 0 d--h--w- c:\program files\Zero G Registry 2009-10-18 09:03:06 0 d-----w- c:\program files\Sports Interactive 2009-10-18 09:02:46 0 d--h--w- c:\documents and settings\kasalica\InstallAnywhere 2009-10-12 20:22:50 0 d-----w- C:\DriveKey ==================== Find3M ==================== 2009-10-03 22:57:28 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2009-10-03 22:57:27 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-09-17 14:45:51 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 14:45:51 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-17 14:45:50 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 14:45:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-11 14:33:52 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-08 17:20:51 94208 --sh--r- c:\windows\system32\optyhww0.dll 2009-09-04 20:45:26 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-08-29 07:36:27 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36:24 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36:24 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-26 08:16:37 247326 ----a-w- c:\windows\system32\strmdll.dll ============= FINISH: 17:55:36,45 =============== mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png mycity.rs/must-login.png

Profil

helen1 Poslao: 06 Nov 2009 21:48 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Zdravo, Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop: Bleeping Computer Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu); Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save. Kada preuzimanje programa bude završeno: deaktiviraj zaštitni softver (uputstvo); zatvori pokrenute programe; dvoklikom pokreni program ComboFix. U toku rada, ComboFix će:proveriti postoji li novija verzija programa: klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE: klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju: obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja: prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta); na kraju rada, otvoriti Notepad sa izveštajem o skeniranju. Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu: klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All; klikni desnim tasterom miša na obeleženi tekst i izaberi Copy; klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste. Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt); Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

Profil

Vuk0125 Poslao: 07 Nov 2009 11:21 Idi na vrh
offline Vuk0125 Građanin Pridružio: 26 Maj 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-11-05.05 - kasalica 06.11.2009 22:13.1.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.510.265 [GMT 1:00] Running from: c:\documents and settings\kasalica\Desktop\ComboFix.exe AV: AVG Internet Security On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\recycler\S-1-5-21-0405235811-3222045411-179475991-3554 c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013 c:\recycler\S-1-5-21-1824400047-0531905410-253595950-2973 c:\recycler\S-1-5-21-2854715588-4667741251-357706565-9810 c:\recycler\S-1-5-21-3860964362-1577623042-745435558-9594 c:\recycler\S-1-5-21-5740590603-1893623174-163803042-4005 C:\restore c:\restore\k-1-3542-4232123213-7676767-8888886\Desktop.ini c:\windows\system32\Ijl11.dll c:\windows\system32\optyhww0.dll D:\Autorun.inf D:\d1vmq.exe . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KAVSYS ((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 ))))))))))))))))))))))))))))))) . 2010-03-25 11:45 . 2010-03-25 11:45 -------- d-----w- C:\hlds 2010-03-25 07:21 . 2009-10-03 10:52 -------- d-----w- c:\documents and settings\kasalica\Application Data\uTorrent 2010-03-21 10:51 . 2009-06-19 12:59 -------- d-----w- c:\program files\VirtualDJ 2010-03-18 11:10 . 2010-03-18 11:10 -------- d-----w- c:\program files\Guitar Pro 5 2010-03-14 12:55 . 2010-03-14 12:55 -------- d-----w- c:\documents and settings\vuk\Local Settings\Application Data\Ahead 2010-03-12 19:09 . 2010-03-12 19:09 -------- d-----w- c:\windows\Sun 2010-03-06 11:09 . 2010-03-06 11:09 503808 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcp71.dll 2010-03-06 11:09 . 2010-03-06 11:09 499712 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\jmc.dll 2010-03-06 11:09 . 2010-03-06 11:09 348160 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcr71.dll 2010-03-06 11:09 . 2009-09-17 11:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-02 15:24 . 2009-05-18 11:53 -------- d-----w- c:\documents and settings\kasalica\Local Settings\Application Data\Aspyr 2010-03-02 15:24 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools 2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-03-02 15:22 . 2010-03-03 10:00 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-03-02 15:22 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Lite 2010-03-02 12:19 . 2010-03-02 15:20 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-03-02 12:19 . 2010-03-02 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2010-03-02 12:14 . 2010-03-02 12:14 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-02 12:14 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Pro 2010-02-28 21:55 . 2010-02-28 21:55 -------- d-----w- c:\program files\Robster Productions 2010-02-27 15:06 . 2010-02-27 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-27 10:11 . 2010-02-27 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-02-27 10:11 . 2009-09-14 08:47 -------- d-----w- c:\program files\Google 2010-02-24 20:37 . 2010-03-01 20:04 -------- d-----w- c:\program files\ExitReality 2010-02-23 17:55 . 2010-02-23 17:56 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winamp 2010-02-23 14:28 . 2010-02-23 14:31 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winampa 2010-02-23 14:28 . 2010-02-23 14:29 -------- d-----w- c:\program files\Winampa 2010-02-23 14:08 . 2007-03-07 23:51 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-02-23 14:08 . 2007-03-07 23:51 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-02-23 14:08 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll 2010-02-23 12:17 . 2009-05-10 15:48 -------- d-sh--w- c:\documents and settings\kasalica\UserData 2009-11-06 21:30 . 2006-02-23 03:39 11264 ----a-r- c:\windows\system32\drivers\xfilt_2.sys 2009-11-06 13:43 . 2009-11-06 13:43 -------- d-----w- c:\program files\iEvony 2009-11-01 12:47 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2009-10-23 14:21 . 2009-10-24 08:17 -------- d-----w- c:\program files\Carambis 2009-10-20 20:20 . 2009-10-20 20:20 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter 2009-10-20 20:12 . 2009-10-20 20:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-10-18 09:08 . 2009-10-18 09:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\Sports Interactive 2009-10-18 09:06 . 2009-10-18 09:06 -------- d--h--r- c:\documents and settings\kasalica\Application Data\SecuROM 2009-10-18 09:03 . 2009-10-18 09:05 -------- d--h--w- c:\program files\Zero G Registry 2009-10-18 09:03 . 2009-10-18 09:03 -------- d-----w- c:\program files\Sports Interactive 2009-10-18 09:02 . 2009-10-18 09:02 -------- d--h--w- c:\documents and settings\kasalica\InstallAnywhere 2009-10-12 20:22 . 2009-10-12 20:22 -------- d-----w- C:\DriveKey . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-17 17:03 . 2009-02-13 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-03-17 17:00 . 2009-02-13 13:42 -------- d-----w- c:\program files\Norton Security Scan 2010-03-01 20:06 . 2009-02-05 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-02-24 10:23 . 2009-02-20 11:27 -------- d-----w- c:\program files\Sprite Explorer 2010-02-23 17:55 . 2009-01-31 07:38 -------- d-----w- c:\program files\Winamp 2009-11-06 21:32 . 2009-01-31 21:04 -------- d-----w- c:\documents and settings\kasalica\Application Data\Skype 2009-11-06 21:31 . 2009-01-31 21:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\skypePM 2009-11-06 21:29 . 2009-09-06 11:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK 2009-11-05 21:57 . 2009-08-21 12:30 -------- d-----w- c:\program files\Valve 2009-10-24 08:17 . 2009-01-31 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-23 21:17 . 2009-09-25 23:20 156384 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-23 14:05 . 2009-09-23 14:17 -------- d-----w- c:\documents and settings\kasalica\Application Data\Audacity 2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-10-03 22:52 . 2009-10-03 22:52 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-09-29 09:51 . 2009-04-17 12:42 -------- d-----w- c:\program files\Dofus 2009-09-25 23:06 . 2009-09-25 21:13 -------- d-----w- c:\documents and settings\kasalica\Application Data\Uniblue 2009-09-25 22:53 . 2009-09-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D} 2009-09-25 22:16 . 2009-09-25 21:13 -------- d-----w- c:\program files\Uniblue 2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B} 2009-09-25 22:14 . 2009-09-25 22:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2009-09-21 15:46 . 2009-09-21 15:46 200704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\8BF7B6507D32426F8EC9FCF43520397D\PluginLauncher.exe 2009-09-20 12:44 . 2009-09-20 12:44 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\39725A2B354444EF9747FDB782032EA5\swt-win32-3232.dll 2009-09-17 20:59 . 2009-09-17 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-17 15:14 . 2009-09-17 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-17 14:45 . 2009-09-17 14:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 14:45 . 2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-17 14:45 . 2009-09-17 14:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 14:45 . 2009-09-17 14:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 14:45 . 2009-09-17 14:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-17 14:44 . 2009-09-17 14:44 -------- d-----w- c:\program files\AVG 2009-09-17 11:54 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live 2009-09-17 11:45 . 2009-09-17 11:45 152576 ----a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-09-16 16:39 . 2009-01-31 07:10 66160 ----a-w- c:\documents and settings\kasalica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-16 16:36 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-16 13:02 . 2009-09-16 13:02 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-15 13:57 . 2009-09-15 13:57 -------- d-----w- c:\program files\MSI 2009-09-14 14:08 . 2009-09-14 14:08 -------- d-----w- c:\program files\Ask.com 2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\DVDVideoSoft 2009-09-14 13:41 . 2009-09-12 15:01 -------- d-----w- c:\program files\ASIO4ALL v2 2009-09-13 22:19 . 2009-02-03 13:21 -------- d-----w- c:\program files\Cheat Engine 2009-09-13 22:00 . 2009-09-12 14:56 -------- d-----w- c:\program files\Image-Line 2009-09-13 21:59 . 2009-07-08 13:20 -------- d-----w- c:\program files\Super Mario All-Stars & World 2009-09-13 21:59 . 2009-05-27 09:37 -------- d-----w- c:\program files\AtomixMP3 2009-09-13 21:56 . 2009-09-12 15:01 -------- d-----w- c:\program files\VstPlugins 2009-09-12 15:37 . 2009-09-12 15:37 -------- d-----w- c:\documents and settings\kasalica\Application Data\Deckadance 2009-09-12 14:59 . 2009-09-12 14:59 -------- d-----w- c:\program files\Outsim 2009-09-11 14:33 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 14:52 . 2009-09-03 14:52 148 ----a-w- c:\windows\tmp.tmp.tmp 2009-08-29 07:36 . 2004-08-03 23:56 832512 ----a-w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-27 09:51 . 2009-08-27 09:51 656088 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\loader.dll 2009-08-27 09:51 . 2009-08-27 09:51 266968 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\axpowerloader.dll 2009-08-27 09:51 . 2009-08-27 09:51 217816 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\nppowerloader.dll 2009-08-26 08:16 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-19 14:49 . 2009-09-25 22:16 2842613 -c--a-w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D}\PowerSuite2009.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-17 149280] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2025752] "combofix"="c:\combofix\CF2219.exe" [2009-11-06 388608] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-14 16050176] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "Alcmtr"="ALCMTR.EXE" - c:\windows\Alcmtr.exe [2005-05-03 69632] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-31 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Userinit"="c:\windows\system32\userinit.exe,c:\windows\system32\MPK\MPK.exe" "Taskman"="c:\recycler\S-1-5-21-2854715588-4667741251-357706565-9810\wingn.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "FirewallDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Valve\\hltv.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Documents and Settings\\kasalica\\Local Settings\\Application Data\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\drivers\\etc\\mirc.exe"= "c:\\Program Files\\mirc\\mirc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [17.9.2009 15:45 12552] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [31.1.2009 8:13 11264] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.9.2009 15:45 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.9.2009 15:45 108552] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17.9.2009 15:44 297752] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [26.9.2009 0:02 2831232] S2 spoolsv.exe;spoolsv.exe;c:\windows\system32\drivers\etc\Services.exe /name:"spoolsv.exe" /start:"install.exe" --> c:\windows\system32\drivers\etc\Services.exe [?] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [31.1.2009 8:40 751104] --- Other Services/Drivers In Memory --- NewlyCreated - MBR Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}] c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe . Contents of the 'Scheduled Tasks' folder 2010-03-21 c:\windows\Tasks\Norton Security Scan for kasalica.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20] 2009-11-06 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearch Page = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR uSearch Bar = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Visit in &3D using ExitReality - 3d.exitreality.com/TransmogrifyPage.htm LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\kasalica\Application Data\Mozilla\Firefox\Profiles\6irdwhxp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15015&l=dis FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - plugin: c:\docume~1\kasalica\APPLIC~1\POWERC~1\nppowerloader.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . . ------- File Associations ------- . regfile="regedit.exe" "%1" . - - - - ORPHANS REMOVED - - - - URLSearchHooks-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) BHO-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) Toolbar-{2bae58c2-79f9-45d1-a286-81f911301c3a} - (no file) WebBrowser-{2BAE58C2-79F9-45D1-A286-81F911301C3A} - (no file) HKCU-Run-MsnMsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe HKCU-Run-DriverUpdaterPro - c:\program files\XPC Tools\Driver Updater Pro\DriverUpdaterPro.exe *********************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-11-06 22:30 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x82DDD1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x82ddd1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1177238915-1604221776-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B485DBD7-FE3C-8363-952E-1581A2A0DE0C}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oabjeaagkimkichilckeacohjeghog"=hex:64,61,6f,67,6a,6a,70,69,00,7c "oankmofmhglnpnifdpohbjchognncp"=hex:6b,61,62,68,61,70,62,6a,65,6b,6d,67,69,6f, 6c,65,63,6a,61,66,6d,64,00,7c "nadjclhlpeboeodgbjhinekblhjp"=hex:6b,61,62,68,70,6f,61,67,6a,6c,6a,6c,66,65, 6f,65,62,6f,6a,6a,62,6c,00,7c . ------------------------ Other Running Processes ------------------------ . c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\progra~1\AVG\AVG8\avgam.exe c:\windows\system32\nvsvc32.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\windows\system32\javaw.exe . ************************************************************************* . Completion time: 2009-11-06 22:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-06 21:35 Pre-Run: 11.879.239.680 bytes free Post-Run: 11.952.607.232 bytes free - - End Of File - - 9FC76B36F3465DCD5BD3BBA40FF9A064

Profil

helen1 Poslao: 07 Nov 2009 15:51 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pri izvrsenju skripte, OBAVEZNO izvrsi instaliranje Recovery Console, koju ce ti ponuditi program. Otvoriti Notepad i iskopirati sledeci tekst: `File:: c:\recycler\S-1-5-21-2854715588-4667741251-357706565-9810\wingn.exe c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe c:\windows\system32\drivers\etc\Services.exe Driver:: spoolsv.exe Registry:: [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "Taskman"=- [-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{28ABC5C0-4FCB-11CF-AAX5-81CX1C635612}]` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Profil

Vuk0125 Poslao: 07 Nov 2009 16:52 Idi na vrh
offline Vuk0125 Građanin Pridružio: 26 Maj 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-11-06.03 - kasalica 07.11.2009 16:35.2.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.510.291 [GMT 1:00] Running from: c:\documents and settings\kasalica\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\kasalica\Desktop\CFScript.txt AV: AVG Internet Security On-access scanning enabled (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: "c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\sys32.exe" "c:\recycler\S-1-5-21-2854715588-4667741251-357706565-9810\wingn.exe" "c:\windows\system32\drivers\etc\Services.exe" . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\NTSVc.ocx . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_KAVSYS -------\Legacy_SPOOLSV.EXE -------\Service_spoolsv.exe ((((((((((((((((((((((((( Files Created from 2009-10-07 to 2009-11-07 ))))))))))))))))))))))))))))))) . 2010-03-25 11:45 . 2010-03-25 11:45 -------- d-----w- C:\hlds 2010-03-25 07:21 . 2009-10-03 10:52 -------- d-----w- c:\documents and settings\kasalica\Application Data\uTorrent 2010-03-21 10:51 . 2009-06-19 12:59 -------- d-----w- c:\program files\VirtualDJ 2010-03-18 11:10 . 2010-03-18 11:10 -------- d-----w- c:\program files\Guitar Pro 5 2010-03-14 12:55 . 2010-03-14 12:55 -------- d-----w- c:\documents and settings\vuk\Local Settings\Application Data\Ahead 2010-03-12 19:09 . 2010-03-12 19:09 -------- d-----w- c:\windows\Sun 2010-03-06 11:09 . 2010-03-06 11:09 503808 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcp71.dll 2010-03-06 11:09 . 2010-03-06 11:09 499712 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\jmc.dll 2010-03-06 11:09 . 2010-03-06 11:09 348160 -c--a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\Deployment\cache\6.0\38\39ba6e6-3efdf175-n\msvcr71.dll 2010-03-06 11:09 . 2009-09-17 11:45 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-03-02 15:24 . 2009-05-18 11:53 -------- d-----w- c:\documents and settings\kasalica\Local Settings\Application Data\Aspyr 2010-03-02 15:24 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools 2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite 2010-03-02 15:22 . 2010-03-02 15:22 -------- d-----w- c:\program files\DAEMON Tools Toolbar 2010-03-02 15:22 . 2010-03-03 10:00 -------- d-----w- c:\program files\DAEMON Tools Lite 2010-03-02 15:22 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Lite 2010-03-02 12:19 . 2010-03-02 15:20 -------- d-----w- c:\program files\DAEMON Tools Pro 2010-03-02 12:19 . 2010-03-02 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro 2010-03-02 12:14 . 2010-03-02 12:14 717296 ----a-w- c:\windows\system32\drivers\sptd.sys 2010-03-02 12:14 . 2010-03-02 15:24 -------- d-----w- c:\documents and settings\kasalica\Application Data\DAEMON Tools Pro 2010-02-28 21:55 . 2010-02-28 21:55 -------- d-----w- c:\program files\Robster Productions 2010-02-27 15:06 . 2010-02-27 15:06 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google 2010-02-27 10:11 . 2010-02-27 10:11 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google 2010-02-27 10:11 . 2009-09-14 08:47 -------- d-----w- c:\program files\Google 2010-02-24 20:37 . 2010-03-01 20:04 -------- d-----w- c:\program files\ExitReality 2010-02-23 17:55 . 2010-02-23 17:56 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winamp 2010-02-23 14:28 . 2010-02-23 14:31 -------- d-----w- c:\documents and settings\kasalica\Application Data\Winampa 2010-02-23 14:28 . 2010-02-23 14:29 -------- d-----w- c:\program files\Winampa 2010-02-23 14:08 . 2007-03-07 23:51 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys 2010-02-23 14:08 . 2007-03-07 23:51 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys 2010-02-23 14:08 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll 2010-02-23 12:17 . 2009-05-10 15:48 -------- d-sh--w- c:\documents and settings\kasalica\UserData 2009-11-06 13:43 . 2009-11-06 13:43 -------- d-----w- c:\program files\iEvony 2009-11-01 12:47 . 2003-06-25 15:05 266360 ----a-w- c:\windows\system32\TweakUI.exe 2009-10-23 14:21 . 2009-10-24 08:17 -------- d-----w- c:\program files\Carambis 2009-10-20 20:20 . 2009-10-20 20:20 -------- d-----w- c:\program files\Direct MIDI to MP3 Converter 2009-10-20 20:12 . 2009-10-20 20:12 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode) 2009-10-18 09:08 . 2009-10-18 09:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\Sports Interactive 2009-10-18 09:06 . 2009-10-18 09:06 -------- d--h--r- c:\documents and settings\kasalica\Application Data\SecuROM 2009-10-18 09:03 . 2009-10-18 09:05 -------- d--h--w- c:\program files\Zero G Registry 2009-10-18 09:03 . 2009-10-18 09:03 -------- d-----w- c:\program files\Sports Interactive 2009-10-18 09:02 . 2009-10-18 09:02 -------- d--h--w- c:\documents and settings\kasalica\InstallAnywhere 2009-10-12 20:22 . 2009-10-12 20:22 -------- d-----w- C:\DriveKey . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-17 17:03 . 2009-02-13 13:42 -------- d-----w- c:\program files\Common Files\Symantec Shared 2010-03-17 17:00 . 2009-02-13 13:42 -------- d-----w- c:\program files\Norton Security Scan 2010-03-01 20:06 . 2009-02-05 11:31 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip 2010-02-24 10:23 . 2009-02-20 11:27 -------- d-----w- c:\program files\Sprite Explorer 2010-02-23 17:55 . 2009-01-31 07:38 -------- d-----w- c:\program files\Winamp 2009-11-07 15:48 . 2009-01-31 21:04 -------- d-----w- c:\documents and settings\kasalica\Application Data\Skype 2009-11-07 15:02 . 2009-01-31 21:08 -------- d-----w- c:\documents and settings\kasalica\Application Data\skypePM 2009-11-06 21:29 . 2009-09-06 11:33 -------- d-sh--w- c:\documents and settings\All Users\Application Data\MPK 2009-11-05 21:57 . 2009-08-21 12:30 -------- d-----w- c:\program files\Valve 2009-10-24 08:17 . 2009-01-31 07:21 -------- d--h--w- c:\program files\InstallShield Installation Information 2009-10-23 21:17 . 2009-09-25 23:20 156384 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-10-23 14:05 . 2009-09-23 14:17 -------- d-----w- c:\documents and settings\kasalica\Application Data\Audacity 2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_motmodem_01005.Wdf 2009-10-03 22:57 . 2009-10-03 22:57 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2009-10-03 22:52 . 2009-10-03 22:52 -------- d-----w- c:\program files\Common Files\Motorola Shared 2009-09-29 09:51 . 2009-04-17 12:42 -------- d-----w- c:\program files\Dofus 2009-09-25 23:06 . 2009-09-25 21:13 -------- d-----w- c:\documents and settings\kasalica\Application Data\Uniblue 2009-09-25 22:53 . 2009-09-25 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner 2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D} 2009-09-25 22:16 . 2009-09-25 21:13 -------- d-----w- c:\program files\Uniblue 2009-09-25 22:16 . 2009-09-25 22:16 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{942E4254-C25C-44BA-94FC-8777923F9E7B} 2009-09-25 22:14 . 2009-09-25 22:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{148D8B8A-8F96-4822-81EC-D510B626B7D5} 2009-09-21 15:46 . 2009-09-21 15:46 200704 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\8BF7B6507D32426F8EC9FCF43520397D\PluginLauncher.exe 2009-09-20 12:44 . 2009-09-20 12:44 323584 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\39725A2B354444EF9747FDB782032EA5\swt-win32-3232.dll 2009-09-17 20:59 . 2009-09-17 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8 2009-09-17 15:14 . 2009-09-17 14:45 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar 2009-09-17 14:45 . 2009-09-17 14:45 12552 ----a-w- c:\windows\system32\drivers\avgrkx86.sys 2009-09-17 14:45 . 2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll 2009-09-17 14:45 . 2009-09-17 14:45 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-09-17 14:45 . 2009-09-17 14:45 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-09-17 14:45 . 2009-09-17 14:45 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-09-17 14:44 . 2009-09-17 14:44 -------- d-----w- c:\program files\AVG 2009-09-17 11:54 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live 2009-09-17 11:45 . 2009-09-17 11:45 152576 ----a-w- c:\documents and settings\kasalica\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-09-16 16:39 . 2009-01-31 07:10 66160 ----a-w- c:\documents and settings\kasalica\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-09-16 16:36 . 2009-09-16 16:36 -------- d-----w- c:\program files\Windows Live SkyDrive 2009-09-16 13:02 . 2009-09-16 13:02 -------- d-----w- c:\program files\Common Files\Windows Live 2009-09-15 13:57 . 2009-09-15 13:57 -------- d-----w- c:\program files\MSI 2009-09-14 14:08 . 2009-09-14 14:08 -------- d-----w- c:\program files\Ask.com 2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\Common Files\DVDVideoSoft 2009-09-14 14:07 . 2009-09-14 14:07 -------- d-----w- c:\program files\DVDVideoSoft 2009-09-14 13:41 . 2009-09-12 15:01 -------- d-----w- c:\program files\ASIO4ALL v2 2009-09-13 22:19 . 2009-02-03 13:21 -------- d-----w- c:\program files\Cheat Engine 2009-09-13 22:00 . 2009-09-12 14:56 -------- d-----w- c:\program files\Image-Line 2009-09-13 21:59 . 2009-07-08 13:20 -------- d-----w- c:\program files\Super Mario All-Stars & World 2009-09-13 21:59 . 2009-05-27 09:37 -------- d-----w- c:\program files\AtomixMP3 2009-09-13 21:56 . 2009-09-12 15:01 -------- d-----w- c:\program files\VstPlugins 2009-09-12 15:37 . 2009-09-12 15:37 -------- d-----w- c:\documents and settings\kasalica\Application Data\Deckadance 2009-09-12 14:59 . 2009-09-12 14:59 -------- d-----w- c:\program files\Outsim 2009-09-11 14:33 . 2004-08-03 23:56 133632 ----a-w- c:\windows\system32\msv1_0.dll 2009-09-04 20:45 . 2004-08-03 23:56 58880 ----a-w- c:\windows\system32\msasn1.dll 2009-09-03 14:52 . 2009-09-03 14:52 148 ----a-w- c:\windows\tmp.tmp.tmp 2009-08-29 07:36 . 2004-08-03 23:56 832512 ------w- c:\windows\system32\wininet.dll 2009-08-29 07:36 . 2004-08-03 23:56 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-08-29 07:36 . 2004-08-03 23:56 17408 ----a-w- c:\windows\system32\corpol.dll 2009-08-27 09:51 . 2009-08-27 09:51 656088 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\loader.dll 2009-08-27 09:51 . 2009-08-27 09:51 266968 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\axpowerloader.dll 2009-08-27 09:51 . 2009-08-27 09:51 217816 ----a-w- c:\documents and settings\kasalica\Application Data\PowerChallenge\nppowerloader.dll 2009-08-26 08:16 . 2004-08-03 23:56 247326 ----a-w- c:\windows\system32\strmdll.dll 2009-08-19 14:49 . 2009-09-25 22:16 2842613 -c--a-w- c:\documents and settings\All Users\Application Data\{9DF77379-A83D-46CF-968D-03CBC652096D}\PowerSuite2009.exe . ((((((((((((((((((((((((((((( SnapShot@2009-11-06_21.30.22 ))))))))))))))))))))))))))))))))))))))))) . + 2009-11-07 15:47 . 2009-11-07 15:47 16384 c:\windows\Temp\Perflib_Perfdata_778.dat + 2009-11-07 15:48 . 2006-02-23 03:39 11264 c:\windows\system32\drivers\xfilt_2.sys - 2009-11-06 21:30 . 2006-02-23 03:39 11264 c:\windows\system32\drivers\xfilt_2.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}] 2009-09-02 09:58 1107200 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-06-16 15:22 1144712 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-06-16 1144712] "{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-09-02 1107200] [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] [HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-04-16 24264488] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832] "PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744] "WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-09-12 36352] "tsnpstd3"="c:\windows\tsnpstd3.exe" [2005-12-20 94208] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-17 149280] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-02 2025752] "combofix"="c:\combofix\CF5055.exe" [2009-11-07 388608] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-08-14 16050176] "SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488] "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-1-31 113664] Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter] 2009-09-17 14:45 11952 ----a-w- c:\windows\system32\avgrsstx.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"= "c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Valve\\hlds.exe"= "c:\\Program Files\\Valve\\hltv.exe"= "c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"= "c:\\Documents and Settings\\kasalica\\Local Settings\\Application Data\\Chat Republic Games\\Superstar Racing\\ChatRepublicPlayer.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= "c:\\WINDOWS\\system32\\drivers\\etc\\mirc.exe"= "c:\\Program Files\\mirc\\mirc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiag.exe"= "c:\\Program Files\\AVG\\AVG8\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"= "c:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [17.9.2009 15:45 12552] R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [31.1.2009 8:13 11264] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [17.9.2009 15:45 335240] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [17.9.2009 15:45 108552] R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [17.9.2009 15:44 297752] R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [26.9.2009 0:02 2831232] S3 Cap713x;Cap713x Video Capture;c:\windows\system32\drivers\Cap713x.sys [31.1.2009 8:40 751104] --- Other Services/Drivers In Memory --- Deregistered - mbr [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . Contents of the 'Scheduled Tasks' folder 2010-03-21 c:\windows\Tasks\Norton Security Scan for kasalica.job - c:\program files\Norton Security Scan\Nss.exe [2008-09-19 19:20] 2009-11-07 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job - c:\program files\Ask.com\UpdateTask.exe [2009-06-16 15:22] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://g.msn.co.uk/0SEENWW/SAOS01?FORM=TOOLBR IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Visit in &3D using ExitReality - 3d.exitreality.com/TransmogrifyPage.htm LSP: c:\windows\system32\imon.dll FF - ProfilePath - c:\documents and settings\kasalica\Application Data\Mozilla\Firefox\Profiles\6irdwhxp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= FF - prefs.js: browser.search.selectedEngine - Yahoo! Search FF - prefs.js: browser.startup.homepage - hxxp://www.ask.com?o=15015&l=dis FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=en_US&q= FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-11-07 16:48 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, gmer.net device: opened successfully user: MBR read successfully called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys xfilt.sys ACPI.sys hal.dll >>UNKNOWN [0x82DDD1F8]<< kernel: MBR read successfully detected MBR rootkit hooks: \Driver\atapi -> 0x82ddd1f8 Warning: possible MBR rootkit infection ! user & kernel MBR OK Use "Recovery Console" command "fixmbr" to clear infection ! ************************************************************************ . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1177238915-1604221776-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{B485DBD7-FE3C-8363-952E-1581A2A0DE0C}] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oabjeaagkimkichilckeacohjeghog"=hex:64,61,6f,67,6a,6a,70,69,00,7c "oankmofmhglnpnifdpohbjchognncp"=hex:6b,61,62,68,61,70,62,6a,65,6b,6d,67,69,6f, 6c,65,63,6a,61,66,6d,64,00,7c "nadjclhlpeboeodgbjhinekblhjp"=hex:6b,61,62,68,70,6f,61,67,6a,6c,6a,6c,66,65, 6f,65,62,6f,6a,6a,62,6c,00,7c . ------------------------ Other Running Processes ------------------------ . c:\program files\CyberLink\PowerCinema\Kernel\TV\CLCapSvc.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\progra~1\AVG\AVG8\avgam.exe c:\progra~1\AVG\AVG8\avgrsx.exe c:\progra~1\AVG\AVG8\avgnsx.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\program files\CyberLink\Shared Files\RichVideo.exe c:\windows\system32\wdfmgr.exe c:\program files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe c:\windows\system32\javaw.exe . ************************************************************************* . Completion time: 2009-11-07 16:52 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-07 15:52 ComboFix2.txt 2009-11-06 21:35 Pre-Run: 11.877.756.928 bytes free Post-Run: 11.849.154.560 bytes free - - End Of File - - B4E502B47156859C0F0B999D55691692

Profil

helen1 Poslao: 07 Nov 2009 16:57 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Jel te pitao CF da instaliras Konzolu?

Profil

Vuk0125 Poslao: 07 Nov 2009 21:15 Idi na vrh
offline Vuk0125 Građanin Pridružio: 26 Maj 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Na pocetku je 3 puta pitao nesto,, jednom da update-ujem CF i prihvatio sam,, a za druga dva neznam al sam takodje prihvatio jer ste rekli da prihvatim..

Profil

helen1 Poslao: 07 Nov 2009 21:30 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Razumes li engleski? Go to Microsoft's website => http://support.microsoft.com/kb/310994 Select the download that's appropriate for your Operating System Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log. Please do not reboot your machine until we have reviewed the log.

Profil

Vuk0125 Poslao: 07 Nov 2009 22:06 Idi na vrh
offline Vuk0125 Građanin Pridružio: 26 Maj 2009 Poruke: 46	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! razumijem razumijem.. Sad cu da uradim pa se javljam...

Profil

helen1 Poslao: 07 Nov 2009 22:19 Idi na vrh
offline helen1 Anti Malware Fighter Rank 2 Master učitelj Pridružio: 27 Avg 2005 Poruke: 8620 Gde živiš: Novi Beograd	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ups, pogresno uputsvo. Microsoft je nesto tu menjao. Ne radi jos nista.

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Kompjuter spor

Ko je trenutno na forumu

Ukupno su 967 korisnika na forumu :: 41 registrovanih, 7 sakrivenih i 919 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: 357magnum, A.R.Chafee.Jr., AC-DC, Ben Roj, bokisha253, Brana01, Bubimir, Denaya, djuradj, goxin, ILGromovnik, kolle.the.kid, kunktator, kybonacci, ladro, laki_bb, Lošmi, Markovic, Mi lao shu, MiG-29M2, mik7, mikrimaus, milos.cbr, milos97, milutin134, Misirac, mocnijogurt, nenad81, Panter, pein, powSrb, procesor, raptorsi, Romibrat, skvara, Tila Painen, vargas, vathra, Vlada1389, Vlada78, zillbg

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by