MyCity » Ambulanta -> Arhiva Ambulante » Zlob.DNSChanger i Autorun trojan

Zlob.DNSChanger i Autorun trojan

Napisano na dan: 7.1.2009

Strana:
1
2

Zlob.DNSChanger i Autorun trojan

Sledeća strana

Pagination

Odgovori

Strana:
1
2

NemesisTT Poslao: 07 Jan 2009 20:08 Idi na vrh
offline NemesisTT Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Dakle stanje je sledece: Imam instaliran Nod32 v3 sa najnovijim definicijama isto kao i Spybot S&D (update-ovan). Na particijama mi se pojavio Autorun koji nisam uspeo rucno da odstranim (pokusao sam sa resenjima kao sto je brisanje iz Command prompt-a i momentalnog restarta i sl. Medjutim opet se posle restarti pojavljuje i svaki put mi se particija otvara preko autorun-a. Takodje svaki fles koji se ubaci u racunar biva zarazen istim virusom. Sledeci problem je ZlobDNSChanger koji mi menja DNS podesavanja, pa tokom "krstarenja" po internetu izlacu pop-up-ovi. Sve ovo sam pokusao da otklonim skeniranjem Spybot S&D-om i NOD-om, i ova su ga nasli i navodno uklonili, ali posle restarta ista prica. Sa HijackThis-om uspeo sam da nadjem 6-7 redova u kome vidim da se menjaju DNS adrese, ali nisam smeo da ih ukloni bez vase pomoci. Hvala unapred HIJACKTHIS: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:46:49, on 7.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE C:\WINDOWS\system32\CTHELPER.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [KeyBoard] C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 85.255.116.59,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip\..\{9F437F58-6308-430B-A019-B701B05827A9}: NameServer = 85.255.116.59,85.255.112.188 O17 - HKLM\System\CCS\Services\Tcpip\..\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}: NameServer = 85.255.116.59,85.255.112.188 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.59,85.255.112.188 O17 - HKLM\System\CS1\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 85.255.116.59,85.255.112.188 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\..\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.59,85.255.112.188 O18 - Protocol: bw+0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: offline-8876480 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 21047 bytes SPYBOT S&D --- Search result list --- Hint of the Day: Click the bar at the right of this to see more information! () Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #1 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer=208.67.220.220,208.67.222.222 Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #2 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{048F7FDB-AFA0-4DB3-A032-0828EB5840C8}\NameServer=208.67.220.220,208.67.222.222 Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #3 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9F437F58-6308-430B-A019-B701B05827A9}\NameServer=208.67.220.220,208.67.222.222 Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #4 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9F437F58-6308-430B-A019-B701B05827A9}\DhcpNameServer=208.67.220.220,208.67.222.222 Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #5 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}\NameServer=208.67.220.220,208.67.222.222 Zlob.DNSChanger: [SBI $041D1396] TCP/IP Settings #6 (Undefined) (Registry change, nothing done) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F3D57800-68ED-4176-84B4-CECFB5BDDCEE}\DhcpNameServer=208.67.220.220,208.67.222.222 Win32.Agent.sd: [SBI $72640A46] Program directory (Directory, nothing done) c:\resycled\ Win32.Agent.sd: [SBI $8DCCA8F7] Data (File, nothing done) c:\resycled\boot.com Win32.Agent.sd: [SBI $58009CA6] Installer (File, nothing done) c:\autorun.inf --- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) --- 2008-07-07 blindman.exe (1.0.0. 2008-07-07 SDFiles.exe (1.6.0.4) 2008-07-07 SDMain.exe (1.0.0.6) 2008-07-07 SDShred.exe (1.0.2.3) 2008-07-07 SDUpdate.exe (1.6.0. 2008-07-07 SDWinSec.exe (1.0.0.12) 2008-07-07 SpybotSD.exe (1.6.0.30) 2008-09-16 TeaTimer.exe (1.6.3.25) 2009-01-07 unins000.exe (51.49.0.0) 2008-07-07 Update.exe (1.6.0.7) 2008-10-22 advcheck.dll (1.6.2.13) 2007-04-02 aports.dll (2.1.0.0) 2008-06-14 DelZip179.dll (1.79.11.1) 2008-07-07 SDHelper.dll (1.6.0.12) 2008-06-19 sqlite3.dll 2008-07-07 Tools.dll (2.1.5.7) 2008-11-04 Includes\Adware.sbi () 2008-12-29 Includes\AdwareC.sbi () 2008-06-03 Includes\Cookies.sbi () 2009-01-06 Includes\Dialer.sbi () 2009-01-06 Includes\DialerC.sbi () 2008-07-23 Includes\HeavyDuty.sbi () 2008-11-18 Includes\Hijackers.sbi () 2009-01-05 Includes\HijackersC.sbi () 2008-12-09 Includes\Keyloggers.sbi () 2008-12-22 Includes\KeyloggersC.sbi () 2004-11-29 Includes\LSP.sbi () 2008-11-18 Includes\Malware.sbi () 2009-01-06 Includes\MalwareC.sbi () 2008-12-16 Includes\PUPS.sbi () 2009-01-06 Includes\PUPSC.sbi () 2007-11-07 Includes\Revision.sbi () 2008-06-18 Includes\Security.sbi () 2008-12-29 Includes\SecurityC.sbi () 2008-06-03 Includes\Spybots.sbi () 2008-06-03 Includes\SpybotsC.sbi () 2008-12-10 Includes\Spyware.sbi () 2009-01-06 Includes\SpywareC.sbi () 2008-06-03 Includes\Tracks.uti 2009-01-05 Includes\Trojans.sbi () 2009-01-06 Includes\TrojansC.sbi () 2008-03-04 Plugins\Chai.dll 2008-03-05 Plugins\Fennel.dll 2008-02-26 Plugins\Mate.dll 2007-12-24 Plugins\TCPIPAddress.dll --- System information --- Windows XP (Build: 2600) Service Pack 2 (5.1.2600) / Windows XP / SP3: Windows Installer 3.1 (KB893803) --- Startup entries list --- Located: HK_LM:Run, AdobeCS4ServiceManager command: "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin file: C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe size: 611712 MD5: E43A851F7B12DE589424D6C656155CFC Located: HK_LM:Run, ArcSoft Connection Service command: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe file: C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe size: 178688 MD5: BDD28D9E21FA87D4313142D266B4F780 Located: HK_LM:Run, CTDVDDET command: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE file: C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE size: 45056 MD5: DB20FCE248D269E1C396E70A91E587C8 Located: HK_LM:Run, CTHelper command: CTHELPER.EXE file: C:\WINDOWS\system32\CTHELPER.EXE size: 24576 MD5: F404518F75CF78C0A74B6F83D376E064 Located: HK_LM:Run, CTSysVol command: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r file: C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe size: 57344 MD5: E7D1D8179FE03E2BC569A92B56509414 Located: HK_LM:Run, egui command: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice file: C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe size: 1447168 MD5: F87040E63A04812E2435806A3B917C00 Located: HK_LM:Run, GrooveMonitor command: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" file: C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38D198A2DD54A67120040566A38103BA Located: HK_LM:Run, KeyBoard command: C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe file: C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe size: 49152 MD5: BCF590A3702E08D1D5F1F7539BAC6ED3 Located: HK_LM:Run, Logitech Hardware Abstraction Layer command: KHALMNPR.EXE file: C:\WINDOWS\KHALMNPR.EXE size: 28160 MD5: 06D5A9AD6EE1A674939D3DA635B1DCAF Located: HK_LM:Run, NvCplDaemon command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup file: C:\WINDOWS\system32\NvCpl.dll size: 13574144 MD5: 315A6E9D2114D67C75F684A9F8638413 Located: HK_LM:Run, NvMediaCenter command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit file: C:\WINDOWS\system32\NvMcTray.dll size: 86016 MD5: C4170F4788F0A5BE48B1307DB1647958 Located: HK_LM:Run, nwiz command: nwiz.exe /install file: C:\WINDOWS\system32\nwiz.exe size: 1630208 MD5: D76B1D340C6C8F5A676DC717919B319A Located: HK_LM:Run, SBDrvDet command: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r file: C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe size: 45056 MD5: 90720864FC1C6FFF46A9390564D9FEAD Located: HK_LM:Run, Smapp command: C:\Program Files\Analog Devices\SoundMAX\SMTray.exe file: C:\Program Files\Analog Devices\SoundMAX\SMTray.exe size: 143360 MD5: 2D765E811B6FFEA9F91D4425E34B8461 Located: HK_LM:Run, SunJavaUpdateSched command: "C:\Program Files\Java\jre6\bin\jusched.exe" file: C:\Program Files\Java\jre6\bin\jusched.exe size: 136600 MD5: B98FFA8288EFAABC436C30D198608345 Located: HK_LM:Run, UpdReg command: C:\WINDOWS\UpdReg.EXE file: C:\WINDOWS\UpdReg.EXE size: 90112 MD5: C419DF63E0121D72411285780C2FC6CC Located: HK_LM:Run, WinFastDTV command: C:\Program Files\WinFast\WFDTV\DTVSchdl.exe file: C:\Program Files\WinFast\WFDTV\DTVSchdl.exe size: 90112 MD5: A34AE8E30D766F36E87ED7F0AD96E563 Located: HK_CU:Run, CTFMON.EXE where: .DEFAULT... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-19... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-20... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-21-1343024091-412668190-682003330-1003... command: C:\WINDOWS\system32\ctfmon.exe file: C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: HK_CU:Run, LDM where: S-1-5-21-1343024091-412668190-682003330-1003... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe size: 32768 MD5: 5588812731C64305F2579DD8215037E0 Located: HK_CU:Run, LightScribe Control Panel where: S-1-5-21-1343024091-412668190-682003330-1003... command: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden file: C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe size: 2363392 MD5: 6ABDF99221594E7698DE1ECBFF57D904 Located: HK_CU:Run, SpybotSD TeaTimer where: S-1-5-21-1343024091-412668190-682003330-1003... command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe size: 1833296 MD5: 63B3FF83B87AFCEBA89CED54695DA0F6 Located: HK_CU:Run, WinFast Schedule where: S-1-5-21-1343024091-412668190-682003330-1003... command: C:\Program Files\WinFast\WFDTV\WFWIZ.exe file: C:\Program Files\WinFast\WFDTV\WFWIZ.exe size: 2916352 MD5: CB1D6AC7914D77865614801EEB086054 Located: HK_CU:Run, CTFMON.EXE where: S-1-5-18... command: C:\WINDOWS\system32\CTFMON.EXE file: C:\WINDOWS\system32\CTFMON.EXE size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 Located: Startup (common), Bluetooth.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe file: C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe size: 577597 MD5: 582B7231703D80E87CB397F15E1584A5 Located: Startup (common), Logitech Desktop Messenger.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe file: C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe size: 450560 MD5: 9C964C7C72FD732B1A0EEC80421EDAED Located: Startup (common), Logitech SetPoint.lnk where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup... command: C:\Program Files\Logitech\SetPoint\SetPoint.exe file: C:\Program Files\Logitech\SetPoint\SetPoint.exe size: 528384 MD5: E74024A1E4F36A2476A11764DD1E283B Located: WinLogon, crypt32chain command: crypt32.dll file: crypt32.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cryptnet command: cryptnet.dll file: cryptnet.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, cscdll command: cscdll.dll file: cscdll.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, ScCertProp command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, Schedule command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, sclgntfy command: sclgntfy.dll file: sclgntfy.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, SensLogn command: WlNotify.dll file: WlNotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, termsrv command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! Located: WinLogon, wlballoon command: wlnotify.dll file: wlnotify.dll size: 0 MD5: D41D8CD98F00B204E9800998ECF8427E Warning: if the file is actually larger than 0 bytes, the checksum could not be properly calculated! --- Browser helper object list --- {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Groove GFS Browser Helper Path: C:\PROGRA~1\MICROS~2\Office12\ Long name: GrooveShellExtensions.dll Short name: GRA8E1~1.DLL Date (created): 27.10.2006 0:48:42 Date (last access): 7.1.2009 19:21:08 Date (last write): 27.10.2006 0:48:42 Filesize: 2210608 Attributes: archive MD5: 786DD1892B553EFE5A004AC39775C851 CRC32: AAD965C9 Version: 12.0.4518.1014 {7E853D72-626A-48EC-A868-BA8D5E23E045} () location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: CLSID name: Java(tm) Plug-In 2 SSV Helper Path: C:\Program Files\Java\jre6\bin\ Long name: jp2ssv.dll Short name: Date (created): 7.1.2009 16:15:40 Date (last access): 7.1.2009 19:45:36 Date (last write): 7.1.2009 16:15:40 Filesize: 34816 Attributes: archive MD5: 5D57FD3DF32DC69CEC3D1D54B4C43162 CRC32: D7C13FB2 Version: 6.0.110.3 {E7E6F031-17CE-4C07-BC86-EABFE594F69C} (JQSIEStartDetectorImpl) location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ BHO name: JQSIEStartDetectorImpl CLSID name: JQSIEStartDetectorImpl Class Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\ Long name: jqs_plugin.dll Short name: JQS_PL~1.DLL Date (created): 7.1.2009 16:15:40 Date (last access): 7.1.2009 19:42:00 Date (last write): 7.1.2009 16:15:40 Filesize: 73728 Attributes: archive MD5: F68EDAFE003F2B3523C0742CD3B8D673 CRC32: 9C709350 Version: 6.0.110.3 --- ActiveX list --- {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab description: Sun Java classification: Legitimate known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll info link: info source: Patrick M. Kolla Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 7.1.2009 16:15:40 Date (last access): 7.1.2009 18:21:14 Date (last write): 7.1.2009 16:15:40 Filesize: 132504 Attributes: archive MD5: D400116F6776ACB6EDB6B1F5EEB9F92D CRC32: CECB5751 Version: 6.0.110.3 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_07 Installer: Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab Path: C:\Program Files\Java\jre1.6.0_07\bin\ Long name: npjpi160_07.dll Short name: NPJPI1~1.DLL Date (created): 10.6.2008 2:32:34 Date (last access): 7.1.2009 18:20:38 Date (last write): 10.6.2008 4:27:02 Filesize: 132496 Attributes: archive MD5: 7C83A2809E13950359189767AC9D5DB8 CRC32: 925C2A88 Version: 6.0.70.6 {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 7.1.2009 16:15:40 Date (last access): 7.1.2009 19:57:10 Date (last write): 7.1.2009 16:15:40 Filesize: 132504 Attributes: archive MD5: D400116F6776ACB6EDB6B1F5EEB9F92D CRC32: CECB5751 Version: 6.0.110.3 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0) DPF name: Java Runtime Environment 1.6.0 CLSID name: Java Plug-in 1.6.0_11 Installer: Codebase: java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab description: classification: Legitimate known filename: npjpi150_06.dll info link: info source: Safer Networking Ltd. Path: C:\Program Files\Java\jre6\bin\ Long name: npjpi160_11.dll Short name: NPJPI1~1.DLL Date (created): 7.1.2009 16:15:40 Date (last access): 7.1.2009 19:57:10 Date (last write): 7.1.2009 16:15:40 Filesize: 132504 Attributes: archive MD5: D400116F6776ACB6EDB6B1F5EEB9F92D CRC32: CECB5751 Version: 6.0.110.3 --- Process list --- PID: 0 ( 0) [System] PID: 524 ( 4) \SystemRoot\System32\smss.exe size: 50688 PID: 796 ( 524) \??\C:\WINDOWS\system32\csrss.exe size: 6144 PID: 820 ( 524) \??\C:\WINDOWS\system32\winlogon.exe size: 502272 PID: 864 ( 820) C:\WINDOWS\system32\services.exe size: 108032 MD5: C6CE6EEC82F187615D1002BB3BB50ED4 PID: 876 ( 820) C:\WINDOWS\system32\lsass.exe size: 13312 MD5: 84885F9B82F4D55C6146EBF6065D75D2 PID: 1036 ( 864) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1092 ( 864) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1248 ( 864) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1296 ( 864) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1336 ( 864) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 1880 ( 864) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe size: 109056 MD5: 127532EE2DE2333E1B72A7482B739A82 PID: 1896 ( 864) C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe size: 258103 MD5: A1E2ED3E0640999DE683367A4F716F61 PID: 1908 ( 864) C:\WINDOWS\system32\CTsvcCDA.exe size: 44032 MD5: 3C8B6609712F4FF78E521F6DCFC4032B PID: 1932 ( 864) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe size: 468224 MD5: 65BB49DDE576CC824FBA1BE0DAD07E5B PID: 1972 ( 864) C:\Program Files\Java\jre6\bin\jqs.exe size: 152984 MD5: 32192B4EBE8720ED8D49A455C962CB91 PID: 2008 ( 864) C:\Program Files\Common Files\LightScribe\LSSrvc.exe size: 73728 MD5: 4AF65F3A2253DF7D0B8D80812EAE7A7C PID: 2036 ( 864) C:\WINDOWS\system32\nvsvc32.exe size: 163908 MD5: 42321AC5448078131903B272E6C49024 PID: 252 ( 864) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe size: 185632 MD5: A6A7AD767BF5141665F5C675F671B3E1 PID: 420 ( 864) C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe size: 45056 MD5: 3978F082274F723AD5A0A8058C2417DD PID: 472 ( 864) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe size: 49152 MD5: 332D341D92B933600D41953B08360DFB PID: 1512 (1404) C:\WINDOWS\Explorer.EXE size: 1032192 MD5: A0732187050030AE399B241436565E64 PID: 1612 (1512) C:\Program Files\Analog Devices\SoundMAX\SMTray.exe size: 143360 MD5: 2D765E811B6FFEA9F91D4425E34B8461 PID: 1620 (1512) C:\PROGRA~1\Labtec\LABTEC~1\Keyboard.exe size: 49152 MD5: BCF590A3702E08D1D5F1F7539BAC6ED3 PID: 1632 (1512) C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe size: 57344 MD5: E7D1D8179FE03E2BC569A92B56509414 PID: 1640 (1512) C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE size: 45056 MD5: DB20FCE248D269E1C396E70A91E587C8 PID: 1648 (1512) C:\WINDOWS\system32\CTHELPER.EXE size: 24576 MD5: F404518F75CF78C0A74B6F83D376E064 PID: 1804 (1512) C:\WINDOWS\system32\RUNDLL32.EXE size: 33280 MD5: DA285490BBD8A1D0CE6623577D5BA1FF PID: 436 (1512) C:\Program Files\Java\jre6\bin\jusched.exe size: 136600 MD5: B98FFA8288EFAABC436C30D198608345 PID: 560 (1512) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe size: 31016 MD5: 38D198A2DD54A67120040566A38103BA PID: 588 (1512) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe size: 1447168 MD5: F87040E63A04812E2435806A3B917C00 PID: 600 ( 864) C:\WINDOWS\System32\alg.exe size: 44544 MD5: F1958FBF86D5C004CF19A5951A9514B7 PID: 640 (1512) C:\Program Files\WinFast\WFDTV\DTVSchdl.exe size: 90112 MD5: A34AE8E30D766F36E87ED7F0AD96E563 PID: 1184 (1512) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe size: 178688 MD5: BDD28D9E21FA87D4313142D266B4F780 PID: 1684 (1512) C:\WINDOWS\system32\ctfmon.exe size: 15360 MD5: 24232996A38C0B0CF151C2140AE29FC8 PID: 1420 (1512) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe size: 2363392 MD5: 6ABDF99221594E7698DE1ECBFF57D904 PID: 2332 (1512) C:\Program Files\WinFast\WFDTV\WFWIZ.exe size: 2916352 MD5: CB1D6AC7914D77865614801EEB086054 PID: 2960 (1512) C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe size: 32768 MD5: 5588812731C64305F2579DD8215037E0 PID: 2464 (1512) C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe size: 577597 MD5: 582B7231703D80E87CB397F15E1584A5 PID: 2848 (1512) C:\Program Files\Logitech\SetPoint\SetPoint.exe size: 528384 MD5: E74024A1E4F36A2476A11764DD1E283B PID: 1348 (1036) C:\Program Files\MSI\Star Key Bluetooth Software\BTStackServer.exe size: 1265748 MD5: 487AEE3F8BB4207838CA9FAB8DF90A33 PID: 2860 ( 864) C:\WINDOWS\System32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 3112 (2848-) C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE size: 28160 MD5: 06D5A9AD6EE1A674939D3DA635B1DCAF PID: 3080 ( 864) C:\WINDOWS\system32\spoolsv.exe size: 57856 MD5: 7435B108B935E42EA92CA94F59C8E717 PID: 3644 (1512) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe size: 4891472 MD5: 3B1B5D09D3C9C4CD39D4DB06ED7A0855 PID: 4044 ( 864) C:\WINDOWS\system32\svchost.exe size: 14336 MD5: 8F078AE4ED187AAABC0A305146DE6716 PID: 4 ( 0) System --- Browser start & search pages list --- Spybot - Search & Destroy browser pages report, 7.1.2009 19:57:09 HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm --- Winsock Layered Service Provider list --- --- Uninstall list --- (AddressBook) Adobe Flash Player 10 Plugin 10.0.12.36 (Adobe Flash Player Plugin) uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe publisher: Adobe Systems Incorporated Adobe Dreamweaver CS4 10.0 (Adobe_acce07fd2c8fe7f9e3f26243e626578-) estimated size: 693434 uninstall cmd: C:\Program Files\Common Files\Adobe\Installers\acce07fd2c8fe7f9e3f26243e626578\Setup.exe --uninstall=1 publisher: Adobe Systems Incorporated help link: adobe.com/support Adobe Photoshop CS4 11.0 (Adobe_faf656ef605427ee2f42989c3ad31b8-) estimated size: 1116162 uninstall cmd: C:\Program Files\Common Files\Adobe\Installers\faf656ef605427ee2f42989c3ad31b8\Setup.exe --uninstall=1 publisher: Adobe Systems Incorporated help link: adobe.com/go/ps_support help telephone: adobe.com/go/ps_support AIMP2 (AIMP2) uninstall cmd: C:\Program Files\AIMP2\UnInstall.exe Ashampoo Burning Studio 8.04 8.0.4 (Ashampoo Burning Studio 8_is1) install date: 20090107 install location: C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\ uninstall cmd: "C:\Program Files\Ashampoo\Ashampoo Burning Studio 8\unins000.exe" publisher: ashampoo GmbH & Co. KG help link: ashampoo.com/support (Audio Console) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 /remove (Branding) (Connection Manager) (Creative MediaSource DVD-Audio Player) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 /remove (Creative MiniDisc Center) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AC157741-3285-4D6A-B934-9174587A3493}\setup.exe" -l0x9 /remove (Creative WaveStudio) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{435E969D-867E-4364-8E74-3DC8A69C5BDB}\setup.exe" -l0x9 /remove (Diagnostics_Audigy2) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9154ED7C-926E-49CC-B677-0CF3C5267457}\setup.exe" -l0x9 /remove (DirectAnimation) (DirectDrawEx) (DXM_Runtime) (EAX) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{DEBD7BF3-5856-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove Microsoft Office Enterprise 2007 12.0.4518.1014 (ENTERPRISE) install location: C:\Program Files\Microsoft Office uninstall cmd: "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL publisher: Microsoft Corporation (EQUALIZER) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FB2292C6-1F0A-11D7-AB2D-0090271A23A2}\setup.exe" -l0x9 /remove (Fontcore) Foxit Reader (Foxit Reader) uninstall cmd: C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe Haali Media Splitter (HaaliMkx) uninstall cmd: "C:\Program Files\Haali\MatroskaSplitter\uninstall.exe" HijackThis 2.0.2 2.0.2 (HijackThis) uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall publisher: TrendMicro (ICW) (IE40) (IE4Data) (IE5BAKEX) (IEData) (InstallShield Uninstall Information) EasyRecovery Professional 6.04.08 (InstallShield_{268723B7-A994-4286-9F85-B974D5CAFC7B}) version: 100925448 version (major): 6 version (minor): 4 estimated size: 56068 install date: 20090107 install source: C:\DOCUME~1\Nemesis\LOCALS~1\Temp\_is1F7\ uninstall cmd: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1033 publisher: Ontrack Data Recovery, Inc. (KB884016) (KB893803) Windows Installer 3.1 (KB893803) 3.1 (KB893803v2) uninstall cmd: "C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe" publisher: Microsoft Corporation help link: go.microsoft.com/fwlink/?LinkId=42467 K-Lite Mega Codec Pack 4.4.2 4.4.2 (KLiteCodecPack_is1) install date: 20090107 install location: C:\Program Files\K-Lite Codec Pack\ uninstall cmd: "C:\Program Files\K-Lite Codec Pack\unins000.exe" LimeWire PRO 4.18.8 4.18.8 (LimeWire) uninstall cmd: "C:\Program Files\LimeWire\uninstall.exe" publisher: Lime Wire, LLC help link: limewire.com/support (MobileOptionPack) Mozilla Firefox (2.0.0.20) 2.0.0.20 (en-US) (Mozilla Firefox (2.0.0.20)) install location: C:\Program Files\Mozilla Firefox uninstall cmd: C:\Program Files\Mozilla Firefox\uninstall\helper.exe publisher: Mozilla comments: Mozilla Firefox Mozilla Thunderbird (2.0.0.19) 2.0.0.19 (en-US) (Mozilla Thunderbird (2.0.0.19)) install location: C:\Program Files\Mozilla Thunderbird uninstall cmd: C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe publisher: Mozilla comments: Mozilla Thunderbird (MPlayer2) (MSI30-Beta1) (MSI30-Beta2) (MSI30-KB884016) (MSI30-RC1) (MSI30-RC2) (MSI30a-KB884016) (MSI31-Beta) (MSI31-RC1) (NetMeeting) NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (NOD32 v3.x FiX 1.1 by TemDono_is1) install location: C:\Program Files\ESET\ESET NOD32 Antivirus\ uninstall cmd: "C:\Program Files\ESET\ESET NOD32 Antivirus\unins000.exe" NVIDIA Drivers (NVIDIA Drivers) uninstall cmd: C:\WINDOWS\system32\nvuninst.exe UninstallGUI OJOsoft Total Video Converter 2.5.0.1009 (OJOsoft Total Video Converter2.5.0.1009) uninstall cmd: "C:\Program Files\OJOsoft\uninstall.exe" "/U:C:\Program Files\OJOsoft\OJOsoft Total Video Converter\Uninstall\uninstall.xml" publisher: OJOsoft Corporation contact: support@ojosoft.com help link: ojosoft.com/video-converter/total-video-converter.html (OutlookExpress) (PCHealth) uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Samsung ML-1710 Series (Samsung ML-1710 Series) uninstall cmd: C:\WINDOWS\Samsung\ML-1710\SETUP.EXE (SchedulingAgent) (SFBM) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7201B853-5833-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove (Smart Recorder) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 /remove (Sound Blaster Audigy 2) (Sound Blaster Audigy 2 Windows Drivers) uninstall cmd: "C:\Program Files\Creative\SBAudigy2\Program\Ctzapxx.EXE" /W /U /S (SPEAKER) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5210ED6D-52A9-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove (SPKR_CALIBRATOR) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove (SURMIXER) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A1185190-514F-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 /remove Creative System Information (SysInfo) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{87499F38-FD69-4A2B-B41A-BAB8DE9B94FE}\setup.exe" -l0x9 /remove The KMPlayer (remove only) (The KMPlayer) uninstall cmd: "C:\Program Files\The KMPlayer\uninstall.exe" Total Commander (Remove or Repair) (Totalcmd) uninstall cmd: C:\Program Files\Total Commander\tcuninst.exe totalvid (totalvid) install location: C:\Program Files\totalvid uninstall cmd: "C:\Program Files\totalvid\Uninstall.exe" Scientific Atlanta WebSTAR 2000 series Cable Modem (WebSTAR DPX2100 Uninstall) uninstall cmd: UNDPX2K.EXE WinRAR archiver (WinRAR archiver) uninstall cmd: C:\Program Files\WinRAR\uninstall.exe YouTubeGet 4.9.6 (YouTubeGet_is1) install date: 20090107 install location: C:\Program Files\YouTubeGet\ uninstall cmd: "C:\Program Files\YouTubeGet\unins000.exe" publisher: YouTubeGet Developer Team help link: YouTubeGet.com/support.html CorelDRAW(R) Graphics Suite X4 (_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}) version (major): 14 install location: c:\Program Files\Corel\CorelDRAW Graphics Suite X4\ uninstall cmd: c:\Program Files\Corel\CorelDRAW Graphics Suite X4\Setup\SetupARP.exe /arp publisher: Corel Corporation CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension (_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}) version (major): 1 estimated size: 3000 install location: c:\Program Files\Common Files\Corel\Shared\Shell Extension\ uninstall cmd: c:\Program Files\Common Files\Corel\Shared\Shell Extension\Uninst.exe publisher: Corel Corporation Adobe Color NA Recommended Settings CS4 2.0 ({00ADFB20-AE75-46F4-AD2C-F48B15AC3100}) version: 33554432 version (major): 2 estimated size: 1673 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorNA_Recommended2-mul\ uninstall cmd: MsiExec.exe /I{00ADFB20-AE75-46F4-AD2C-F48B15AC3100} publisher: Adobe Systems Incorporated Adobe Update Manager CS4 6.0.0 ({05308C4E-7285-4066-BAE3-6B50DA6ED755}) version: 100663296 version (major): 6 estimated size: 8628 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeAUM6.0All\ uninstall cmd: MsiExec.exe /I{05308C4E-7285-4066-BAE3-6B50DA6ED755} publisher: Adobe Systems Incorporated kuler 2.0 ({098727E1-775A-4450-B573-3F441F1CA243}) version: 33554432 version (major): 2 estimated size: 737 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\kuler2.0-mul\ uninstall cmd: MsiExec.exe /I{098727E1-775A-4450-B573-3F441F1CA243} publisher: Adobe Systems Incorporated Adobe Color JA Extra Settings CS4 2.0 ({0D6013AB-A0C7-41DC-973C-E93129C9A29F}) version: 33554432 version (major): 2 estimated size: 2793 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorJA_ExtraSettings2-mul\ uninstall cmd: MsiExec.exe /I{0D6013AB-A0C7-41DC-973C-E93129C9A29F} publisher: Adobe Systems Incorporated Adobe Setup 2.0 ({0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}) version: 33554432 version (major): 2 estimated size: 49073 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\ uninstall cmd: MsiExec.exe /I{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23} publisher: Adobe Systems Incorporated Adobe CSI CS4 1 ({0F723FC1-7606-4867-866C-CE80AD292DAF}) version: 16777216 version (major): 1 estimated size: 89866 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeCSIAll\ uninstall cmd: MsiExec.exe /I{0F723FC1-7606-4867-866C-CE80AD292DAF} publisher: Adobe Systems Incorporated ({1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1494984B-9AC5-4F16-B61A-C21D5EFCC1C4}\setup.exe" -l0x9 Adobe Setup 2.0 ({14AFE241-FC6E-4FDB-BCA0-7AD6F4974171}) version: 33554432 version (major): 2 estimated size: 36637 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Dreamweaver CS4\setup\Adobe CS4\ uninstall cmd: MsiExec.exe /I{14AFE241-FC6E-4FDB-BCA0-7AD6F4974171} publisher: Adobe Systems Incorporated Adobe Anchor Service CS4 2.0 ({1618734A-3957-4ADD-8199-F973763109A8}) version: 33554432 version (major): 2 estimated size: 989 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeALMAnchorService2-mul\ uninstall cmd: MsiExec.exe /I{1618734A-3957-4ADD-8199-F973763109A8} publisher: Adobe Systems Incorporated ({169F8893-C1C5-4847-972C-EA1E008112AC}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{169F8893-C1C5-4847-972C-EA1E008112AC}\setup.exe" -l0x9 AdobeColorCommonSetRGB 2.0 ({16E6D2C1-7C90-4309-8EC4-D2212690AAA4}) version: 33554432 version (major): 2 estimated size: 41 install date: 20090107 install source: C:\Documents and Settings\Nemesis\Desktop\Adobe Photoshop CS4 Extended\payloads\AdobeColorCommonSetRGB2-mul\ uninstall cmd: MsiExec.exe /I{16E6D2C1-7C90-4309-8EC4-D2212690AAA4} publisher: Adobe Systems Incorporated Adobe AIR 1.1.0.5790 ({197A3012-8C85-4FD3-AB66-9EC7E13DB92E}) version: 16842752 version (major): 1 version (minor): 1 estimated size: 26739 install date: 20090107 install source: c:\documents and settings\nemesis\desktop\adobe photoshop cs4 extended\payloads\adobeair1.0\ uninstall cmd: MsiExec.exe /I{197A3012-8C85-4FD3-AB66-9EC7E13DB92E} publisher: Adobe Systems Inc. ({236FADD8-58FD-11D6-A285-00A0CC51B2FE}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{236FADD8-58FD-11D6-A285-00A0CC51B2FE}\setup.exe" -l0x9 ({266F8C74-5DC6-4405-B79B-4EB82B2FC684}) uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{266F8C74-5DC6-4405-B79B-4EB82B2FC684}\setup.exe" -l0x9 EasyRecovery Professional 6.04.08 ({268723B7-A994-4286-9F85-B974D5CAFC7B}) version: 100925448 version (major): 6 version (minor): 4 estimated size: 56068 install date: 20090107 install source: C:\DOCUME~1\Nemesis\LOCALS~1\Temp\_is1F7\ publisher: Ontrack Data Recovery, Inc. Java(TM) 6 Update 11 6.0.110 ({26A24AE4-039D-4CA4-87B4-2F83216011FF}) version: 100663406 version (major): 6 estimated size: 92660 install date: 20090107 install location: C:\Program Files\Java\jre6\ install source: C:\Documents and Settings\Nemesis\Application Data\Sun\Java\jre1.6.0_11\ uninstall cmd: MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} publisher: Sun Microsystems, Inc. contact: java.com help link: java.com readme: C:\Program Files\Java\jre6\README.txt WinFast Codec-TS SDK ({28FB7853-A6ED-4F67-8635-9F0E863FC0AD}) version (major): 1 install location: C:\Program Files\Common Files\ArcSoft\Mpeg Engine uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{28FB7853-A6ED-4F67-8635-9F0E863FC0AD}\Setup.exe" -l0x9 publisher: ArcSoft Logitech SetPoint 2.42 ({2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}) version: 36306944 install date: 20090107 install location: C:\Program Files\Logitech\SetPoint install source: E:\1-SetPoint\ uninstall cmd: RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly publisher: Logitech ACDSee Photo Manager 2009 11.0.85 ({300578F9-9EFF-4B93-9AB1-C0E5707EF463}) version: 184549461 version (major): 11 estimated size: 92784 install date: 20090107 install location: C:\Program Files\ACD Systems\ install source: C:\Documents and Settings\Nemesis\Local Settings\Application Data\Downloaded Installations\{87A37D8F-F491-4D64-BB10-289535F0BEF3}\ uninstall cmd: MsiExec.exe /I{300578F9-9EFF-4B93-9AB1-C0E5707EF463} publisher: ACD Systems International comments: This database contains the necessary files and logic to install ACDSee and additional support programs and plug-ins where appropria

Profil

bobby Poslao: 07 Jan 2009 20:28 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skini ComboFix sa jedne od sledecih adresa na Desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe http://subs.geekstogo.com/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Profil

NemesisTT Poslao: 07 Jan 2009 20:51 Idi na vrh
offline NemesisTT Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! ComboFix 09-01-07.01 - Nemesis 2009-01-07 20:33:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.1023.721 [GMT 1:00] Running from: c:\documents and settings\Nemesis\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 On-access scanning enabled (Updated) * Resident AV is active WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Nemesis\LOCALS~1\Temp\tmp1.tmp c:\docume~1\Nemesis\LOCALS~1\Temp\tmp2.tmp c:\program files\Mozilla Firefox\components\iamfamous.dll C:\resycled c:\resycled\boot.com c:\windows\system32\drivers\msqpdxethoewmr.sys c:\windows\system32\drivers\msqpdxiajkqnow.sys c:\windows\system32\drivers\msqpdxrkisnbmu.sys c:\windows\system32\drivers\msqpdxxmdbyuer.sys c:\windows\system32\Dvbpws.dll c:\windows\system32\msqpdxrntymrms.dll c:\windows\system32\msssc.dll c:\windows\Temp\tmp3.tmp D:\Autorun.inf D:\resycled d:\resycled\boot.com . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_MSQPDXSERV.SYS ((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 ))))))))))))))))))))))))))))))) . 2009-01-07 19:36 . 2009-01-07 19:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-07 19:26 . 2009-01-07 20:09 163 --a------ c:\windows\wininit.ini 2009-01-07 19:03 . 2009-01-07 20:11 <DIR> d-------- c:\program files\Spybot - Search & Destroy 2009-01-07 19:03 . 2009-01-07 20:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-01-07 18:55 . 2009-01-07 18:55 <DIR> d--h----- c:\windows\system32\GroupPolicy 2009-01-07 18:50 . 2009-01-07 18:50 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Logitech 2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\program files\Contrast 2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Contrast 2009-01-07 18:14 . 2009-01-07 18:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Contrast 2009-01-07 18:14 . 2009-01-07 18:17 3,001 --ahs---- c:\documents and settings\Nemesis\ppUser.dat 2009-01-07 18:12 . 2009-01-07 18:13 <DIR> d-------- c:\windows\system32\URTTemp 2009-01-07 18:09 . 2009-01-07 18:09 118,784 -r------- c:\windows\bwUnin-7.2.0.137-8876480SL.exe 2009-01-07 18:08 . 2005-07-22 23:41 68,864 --a------ c:\windows\system32\drivers\LMouKE.Sys 2009-01-07 18:08 . 2005-07-22 23:41 55,040 --a------ c:\windows\system32\drivers\L8042MOU.SYS 2009-01-07 18:08 . 2005-07-22 23:40 13,440 --a------ c:\windows\system32\drivers\L8042Kbd.SYS 2009-01-07 18:07 . 2005-07-22 23:25 28,160 --a------ c:\windows\KHALMNPR.Exe 2009-01-07 18:07 . 2005-07-22 23:41 26,112 --a------ c:\windows\system32\drivers\LHidKE.Sys 2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- C:\WinFast WorkArea 2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\program files\Common Files\Ulead Systems 2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\program files\Common Files\ArcSoft 2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\ArcSoft 2009-01-07 18:00 . 2009-01-07 18:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\ArcSoft 2009-01-07 18:00 . 2005-08-04 02:42 258,352 --a------ c:\windows\system32\unicows.dll 2009-01-07 17:59 . 2009-01-07 18:00 <DIR> d-------- c:\program files\WinFast 2009-01-07 17:59 . 2009-01-07 17:59 <DIR> d-------- c:\program files\Windows Sidebar 2009-01-07 17:59 . 2009-01-07 17:59 <DIR> d-------- c:\program files\totalvid 2009-01-07 17:55 . 2009-01-07 17:55 <DIR> d-------- c:\program files\YouTubeGet 2009-01-07 17:55 . 2004-08-04 00:56 16,384 --a------ c:\windows\system32\ipsink.ax 2009-01-07 17:55 . 2004-08-04 00:56 16,384 --a--c--- c:\windows\system32\dllcache\ipsink.ax 2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\StreamIP.sys 2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a------ c:\windows\system32\drivers\MPE.sys 2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\streamip.sys 2009-01-07 17:55 . 2004-08-03 23:10 15,360 --a--c--- c:\windows\system32\dllcache\mpe.sys 2009-01-07 17:55 . 2004-08-03 23:10 10,880 --a------ c:\windows\system32\drivers\NdisIP.sys 2009-01-07 17:55 . 2004-08-03 23:10 10,880 --a--c--- c:\windows\system32\dllcache\ndisip.sys 2009-01-07 17:55 . 2004-08-03 22:58 5,504 --a------ c:\windows\system32\drivers\MSTEE.sys 2009-01-07 17:55 . 2004-08-03 22:58 5,504 --a--c--- c:\windows\system32\dllcache\mstee.sys 2009-01-07 17:53 . 2009-01-07 17:53 <DIR> d-------- c:\windows\system32\WinFast 2009-01-07 17:53 . 2009-01-07 17:53 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\InstallShield 2009-01-07 17:53 . 2008-09-12 16:15 434,176 --a------ c:\windows\system32\drivers\wfeaglxt.sys 2009-01-07 17:51 . 2009-01-07 17:51 <DIR> d-------- c:\program files\Google 2009-01-07 17:47 . 2009-01-07 17:48 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Corel 2009-01-07 17:47 . 2009-01-07 17:48 3,140 --ahs---- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2009-01-07 17:47 . 2009-01-07 17:47 8 -r-hs---- c:\documents and settings\All Users\Application Data\241582FE05.sys 2009-01-07 17:45 . 2009-01-07 17:45 <DIR> d-------- c:\program files\Common Files\Protexis 2009-01-07 17:45 . 2009-01-07 17:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Corel 2009-01-07 17:44 . 2009-01-07 17:44 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Ashampoo 2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\program files\Common Files\Corel 2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\program files\Ashampoo 2009-01-07 17:43 . 2009-01-07 17:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo 2009-01-07 17:42 . 2009-01-07 17:42 <DIR> d-------- c:\program files\MozBackup 2009-01-07 17:42 . 2009-01-07 17:42 <DIR> d-------- c:\program files\Corel 2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\OJOsoft 2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\LightScribeTemplateLabeler 2009-01-07 17:39 . 2009-01-07 17:39 <DIR> d-------- c:\program files\Common Files\Common Share 2009-01-07 17:38 . 2009-01-07 17:38 <DIR> d-------- c:\program files\LightScribe 2009-01-07 17:38 . 2009-01-07 17:38 <DIR> d-------- c:\program files\Common Files\LightScribe 2009-01-07 17:37 . 2009-01-07 17:37 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Thunderbird 2009-01-07 17:30 . 2009-01-07 17:30 <DIR> d-------- c:\documents and settings\All Users\Application Data\FLEXnet 2009-01-07 17:25 . 2009-01-07 17:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR 2009-01-07 17:22 . 2009-01-07 17:22 <DIR> d-------- c:\program files\Common Files\Macrovision Shared 2009-01-07 17:11 . 2008-01-07 14:29 352 --ah----- c:\windows\nod32fixtemdono.reg 2009-01-07 17:10 . 2009-01-07 17:10 <DIR> d-------- c:\program files\ESET 2009-01-07 17:10 . 2009-01-07 17:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-01-07 17:09 . 2009-01-07 17:09 <DIR> d-------- c:\program files\Ontrack 2009-01-07 17:08 . 2006-10-26 19:56 32,592 --a------ c:\windows\system32\msonpmon.dll 2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\MSBuild 2009-01-07 17:07 . 2009-01-07 17:07 <DIR> d-------- c:\program files\Microsoft Works 2009-01-07 17:04 . 2009-01-07 17:13 <DIR> d-------- c:\documents and settings\Nemesis\Contacts 2009-01-07 16:42 . 2009-01-07 17:07 <DIR> d-------- c:\windows\SHELLNEW 2009-01-07 16:42 . 2009-01-07 17:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-07 16:41 . 2009-01-07 16:41 <DIR> dr-h----- C:\MSOCache 2009-01-07 16:35 . 2009-01-07 16:35 <DIR> d----c--- c:\windows\system32\DRVSTORE 2009-01-07 16:35 . 2009-01-07 16:35 <DIR> d-------- c:\program files\Windows Live 2009-01-07 16:26 . 2009-01-07 16:26 <DIR> d-------- c:\program files\uTorrent 2009-01-07 16:26 . 2009-01-07 20:10 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\uTorrent 2009-01-07 16:23 . 2009-01-07 16:23 <DIR> d-------- c:\documents and settings\Nemesis\Application Data\Media Player Classic 2009-01-07 16:22 . 2009-01-07 16:22 <DIR> d-------- c:\program files\LimeWire 2009-01-07 16:22 . 2004-08-03 23:08 26,496 --a--c--- c:\windows\system32\dllcache\usbstor.sys 2009-01-07 16:18 . 2009-01-07 16:18 <DIR> d-------- c:\windows\system32\LogFiles 2009-01-07 16:15 . 2009-01-07 16:15 410,984 --a------ c:\windows\system32\deploytk.dll 2009-01-07 16:11 . 2009-01-07 17:27 <DIR> d-------- c:\program files\Common Files\Adobe 2009-01-07 16:09 . 2009-01-07 16:09 0 --a------ c:\windows\nsreg.dat 2009-01-07 16:00 . 2004-06-04 17:35 135,168 -ra------ c:\windows\UNDPX2K.exe 2009-01-07 16:00 . 2004-06-04 17:34 53,693 -ra------ c:\windows\UNDPX2K.sys 2009-01-07 16:00 . 2004-06-10 21:42 15,429 -ra------ c:\windows\system32\drivers\Sacm2K.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-07 18:50 --------- d-----w c:\program files\Mozilla Thunderbird 2009-01-07 17:09 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-07 17:09 --------- d-----w c:\program files\Logitech 2009-01-07 17:07 --------- d-----w c:\program files\Common Files\Logitech 2009-01-07 16:49 --------- d-----w c:\program files\AIMP2 2009-01-07 16:09 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-07 15:23 --------- d-----w c:\program files\The KMPlayer 2009-01-07 15:15 --------- d-----w c:\program files\Java 2009-01-07 14:57 --------- d-----w c:\program files\Total Commander 2009-01-07 14:56 --------- d-----w c:\program files\Foxit Software 2009-01-07 14:56 --------- d-----w c:\documents and settings\Nemesis\Application Data\Foxit 2009-01-07 14:55 --------- d-----w c:\program files\Common Files\ACD Systems 2009-01-07 14:55 --------- d-----w c:\program files\ACD Systems 2009-01-07 14:55 --------- d-----w c:\documents and settings\Nemesis\Application Data\ACD Systems 2009-01-07 14:55 --------- d-----w c:\documents and settings\All Users\Application Data\ACD Systems 2009-01-07 14:51 --------- d-----w c:\program files\K-Lite Codec Pack 2009-01-07 14:51 --------- d-----w c:\program files\Haali 2009-01-07 14:51 --------- d-----w c:\program files\Common Files\Java 2009-01-07 14:49 --------- d-----w c:\program files\DAEMON Tools Pro 2009-01-07 14:46 685,816 ----a-w c:\windows\system32\drivers\sptd.sys 2009-01-07 14:26 --------- d-----w c:\program files\MSI 2009-01-07 14:25 --------- d-----w c:\program files\Creative 2009-01-07 14:24 --------- d-----w c:\documents and settings\Nemesis\Application Data\Creative 2009-01-07 14:18 --------- d-----w c:\program files\Labtec 2009-01-07 14:05 --------- d-----w c:\program files\Intel 2009-01-07 14:05 --------- d-----w c:\program files\Analog Devices 2009-01-07 13:59 --------- d-----w c:\program files\microsoft frontpage 2008-12-08 11:53 57,344 ----a-w c:\windows\system32\ff_vfw.dll 2008-12-07 18:08 795,648 ----a-w c:\windows\system32\xvidcore.dll 2008-12-07 18:08 130,048 ----a-w c:\windows\system32\xvidvfw.dll 2008-11-16 15:54 81,748 ----a-w c:\windows\WinVerCheck.exe 2008-10-28 22:35 684,032 ----a-w c:\windows\system32\divx.dll 2009-01-07 16:44 67,688 ----a-w c:\program files\mozilla firefox\components\jar50.dll 2009-01-07 16:44 54,368 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll 2009-01-07 16:44 34,944 ----a-w c:\program files\mozilla firefox\components\myspell.dll 2009-01-07 16:44 46,712 ----a-w c:\program files\mozilla firefox\components\spellchk.dll 2009-01-07 16:44 172,136 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-07-30 2363392] "WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2008-10-02 2916352] "LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2009-01-07 32768] "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360] "CTSysVol"="c:\program files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe" [2003-09-17 57344] "CTDVDDET"="c:\program files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056] "SBDrvDet"="c:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056] "UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-10-07 13574144] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-10-07 86016] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "WinFastDTV"="c:\program files\WinFast\WFDTV\DTVSchdl.exe" [2008-10-24 90112] "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2008-11-20 178688] "CTHelper"="CTHELPER.EXE" [2004-03-19 c:\windows\system32\CTHELPER.EXE] "nwiz"="nwiz.exe" [2008-10-07 c:\windows\system32\nwiz.exe] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-07-22 c:\windows\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\MSI\Star Key Bluetooth Software\BTTray.exe [2005-05-31 577597] Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-01-07 450560] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-01-07 528384] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2008-07-01 34312] R3 WFLR6654;WinFast TV2000 XP Global/Global TV (XC2028-);c:\windows\system32\drivers\wfeaglxt.sys [2009-01-07 434176] R4 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2007-12-21 468224] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d133ee7-dcc9-11dd-8187-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d: \Shell\Open\command - d:\resycled\boot.com d: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5d133ee9-dcc9-11dd-8187-806d6172696f}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com c: \Shell\Open\command - c:\resycled\boot.com c: [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fe95559a-dcce-11dd-936c-0011d86bf4d0}] \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com f: \Shell\Open\command - f:\resycled\boot.com f: [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] "c:\program files\Common Files\LightScribe\LSRunOnce.exe" . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Send To &Bluetooth - c:\program files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\4zwghhsd.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.teamtorrents.com/browse.php FF - component: c:\documents and settings\Nemesis\Application Data\Mozilla\Firefox\Profiles\4zwghhsd.default\extensions\{eecba28f-b68b-4b3a-b501-6ce12e6b8696}\platform\WINNT_x86-msvc\components\winprocess.dll FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll ---- FIREFOX POLICIES ---- FF - user.js: network.proxy.type - 0 FF - user.js: network.proxy.http - user_pref(network.proxy.http_port,); FF - user.js: network.proxy.no_proxies_on - . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2009-01-07 20:34:57 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2009-01-07 20:36:09 ComboFix-quarantined-files.txt 2009-01-07 19:36:06 Pre-Run: 12,003,467,264 bytes free Post-Run: 12,004,839,424 bytes free 258 Dopuna: 07 Jan 2009 20:51 Evo, samo da kazem, posle ovog skena, program mi je javio da je obrisao par fajlova u system folderu, kao sto se vidi u izvestaju. Sad je uspesno obrisano sve. Upravo sam pustio NOD da jos jednom skenira ceo komp. A sto se tice Zlob.DNSChanger njega sam rucno ugasio (fix-ovao) pomocu HijackThis-a, po preporuci TrendMicro sajta i njihovoj analizi izvestaja. Hvala jos jednom.

Profil

bobby Poslao: 07 Jan 2009 21:00 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! - Preuzmi USBNoRisk na Desktop i pokreni ga duplim klikom na ikonicu programa. - Sacekaj koji sekund dok program izvrsi inicijalno skeniranje. - Ubacuj sve USB memorijske uredjaje redom u USB slot i svaki zadrzi u slotu po 10 sekundi. - Ukoliko imas vise uredjaja za proveru, onda na parcetu papira zapisi kojim redom su ubacivani jer ce nam kasnije trebati taj podatak Objasnjenje: U USB memorijske uredjaje spadaju svi oni uredjaji koji po prikljucivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uredjaji itd.

Profil

NemesisTT Poslao: 07 Jan 2009 21:09 Idi na vrh
offline NemesisTT Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! USBNoRisk by bobby Started at 7.1.2009 21:01:15 Scanning for connected USB Mass storage... ---------------------------------------- ======================================== Scanning for other storage... ---------------------------------------- D: {5d133ee7-dcc9-11dd-8187-806d6172696f} C: {5d133ee9-dcc9-11dd-8187-806d6172696f} ======================================== Scanning fixed storage for autorun.inf files... ---------------------------------------- Autorun.inf on C: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for C: No key found for 5d133ee9-dcc9-11dd-8187-806d6172696f ======================================== Autorun.inf on D: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for D: No key found for 5d133ee7-dcc9-11dd-8187-806d6172696f ======================================== ======================================== New device connected at 7.1.2009 21:01:25 Scanning for connected USB mass storage... ---------------------------------------- F: {fe95559a-dcce-11dd-936c-0011d86bf4d0} Added F: ======================================== Scanning USB mass storage for files... ---------------------------------------- Autorun.inf on F: - None ---------------------------------------- Sanitizing Shell Menu... ---------------------------------------- No key found for fe95559a-dcce-11dd-936c-0011d86bf4d0 ======================================== ---------------------------------------- Desktop.ini on F: - None ---------------------------------------- ======================================== Dopuna: 07 Jan 2009 21:09 Na taj racunar kacen je samo jedan USB disk, koji je posle zarazivanja formatiran. Tako da nista vise nije kaceno na tu masinu. Molim te pogledaj i dopunu u prethodnom mom komentaru, ako nisi video.

Profil

bobby Poslao: 07 Jan 2009 21:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Skeniraj ponovo ComboFixom i postavi mi novi log. Dopuna: 07 Jan 2009 21:12 Video sam dopunu, ali ComboFix i USBNoRisk su mi dali oprecne informacije, pa zelim da proverim sta ne valja. Ja sam autor USBNoRiska, tako da bih voleo da znam da li to moj program negde brljavi, ili se nesto drugo desava.

Profil

NemesisTT Poslao: 07 Jan 2009 21:32 Idi na vrh
offline NemesisTT Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo su logovi: combofixlog.txt hijackthis.log Samo ne znam, da li smo se razumeli, uspeo si da mi resis problem. Nema vise autorun-a na particijama, fles diskovi se ne zarazuju, a NOD ne prijavljuje viruse, kao ni Spybot. P.S. Ako imas vremena, da mi objasnis kada jos mogu da koristim ovaj ComboFix, posto se i mojim prijateljima cesto pojavljuju virusi, a gotovo da nema nekog da nije zarazen cuvenim Autorun trojancima, koji se prenose fles diskovima. Hvala Dopuna: 07 Jan 2009 21:31 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:24:34, on 7.1.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Analog Devices\SoundMAX\SMTray.exe C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\WinFast\WFDTV\DTVSchdl.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe C:\Program Files\WinFast\WFDTV\WFWIZ.exe C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe C:\Program Files\MSI\Star Key Bluetooth Software\BTTray.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\PROGRA~1\MSI\STARKE~1\BTSTAC~1.EXE C:\WINDOWS\System32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [CTDVDDET] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [WinFastDTV] C:\Program Files\WinFast\WFDTV\DTVSchdl.exe O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: bw+0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw+0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw-0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw00s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw10s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw20s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw30s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw40s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw50s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw60s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw70s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw80s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bw90s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwa0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwb0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwc0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwd0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwe0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwf0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: bwg0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwg0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwh0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwi0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwj0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwk0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwl0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwm0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwn0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwo0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwp0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwq0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwr0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bws0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwt0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwu0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwv0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bww0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwx0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwy0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: bwz0s - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O18 - Protocol: offline-8876480 - {9C3623C8-CEC2-40F5-8E3B-0D098E10BFBA} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 20160 bytes Dopuna: 07 Jan 2009 21:32 Evo HJ loga, a gore ima link za ComboFix

Profil

bobby Poslao: 07 Jan 2009 22:12 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Logovi su sada OK. Nisu ni ComboFix ni USBNoRisk zabrljavili. Promakla mi je cinjenica da je ComboFix u medjuvremenu restartovao racunar. Sto se tice tvojih drugara - ne mogu ti nista reci o ComboFixu. To nije magicni alat koji sve sam zavrsava (mada moze jako puno toga i sam da uradi). To je alatka koja omogucava da ti ja odavde napisem skriptove za ciscenje, a da ih ti pokreces na svom kompu, a sve to na osnovu analize log koji si postavio. Ni u kom slucaju ne preporucujem koriscenje ComboFixa na svoju ruku jer pod odredjenim okolnostima mozes totalno zeznuti sistem sa njim. Hajmo sada da privedemo kraju ovo ciscenje. Potrebno je da uradis deinstalaciju ComboFixa (ovo je obavezan korak jer ce ComboFix tek pri deinstalaciji dovrsiti ono sto je zapoceo prilikom skeniranja): Klikni START a zatim RUN U liniju za unos teksta ukucaj Combofix /u i klikni OK Sačekaj da se proces deinstalacije završi Gornja procedura će: Obrisati sledeće: ComboFix i njegove file-ove i foldere VundoFix Backups folder, ako postoji C:\Deckard folder, ako postoji C:\OtMoveIt folder, ako postoji Resetovati podešavanja sata na kompjuteru Sakriti ekstenzije file-ova, ako je potrebno Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno Resetovati System Restore USBNoRisk mozes obrisati sa desktopa. Potrebno je da obrises i folder c:\USBNoRisk u kojem se nalaze logovi koje je USBNoRisk napravio.

Profil

NemesisTT Poslao: 07 Jan 2009 22:25 Idi na vrh
offline NemesisTT Novi MyCity građanin Pridružio: 07 Jan 2009 Poruke: 7	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! OK. Deinstalirao sam ga i kao sto pise pobrisao je sve foldere. Samo jos pitanje, da li ja na racunaru koji nema vidljivih znakova malware-a mogu da pokrenem ComboFix i da ga pustim da vidim da li ima nekih "stetocina" i da ga pustim da sam odradi sve, kao kod mene? P.S. Malo offtopic. Skoro sam se susreo sa antivirusnim programom Dr.Web 5 koji navodno koristi ruska vojska za svoje potrebe, pa me zanima da li si imao prilike da ga testiras ili si cuo nesto o njemu. Hvala na svemu. Srecan Bozic.

Profil

bobby Poslao: 07 Jan 2009 22:38 Idi na vrh
offline bobby Administrator Pridružio: 04 Sep 2003 Poruke: 24135 Gde živiš: Wien	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Ljudi iz AMF tima (mi koji ovde radimo u Ambulanti) imamo pristupa mestima na kojima autor ComboFixa ostavlja svoja uputstva vezana za ovaj program. Desi se povremeno da bude gresaka u nekoj verziji programa, pa da program ljudima unisti sistem. Mi uvek dobijamo te informacije na vreme, pa ne koristimo taj program sve dok ne izadje popravljena verzija. Jako puno puta se desava i da je malware napravljen tako da sabotira rad ovih i ovakvih programa, i to su opet informacije koje nisu dostupne svima. To je ono zbog cega nikome ne preporucujemo da koristi ComboFix na svoju ruku. Sto se tice DrWeba, u pitanju je jedna od najstarijih AV firmi koja postoji, tako da sigurno imaju neki kvalitet cim su se odrzali toliko godina. To da ga koristi vojska za svoje potrebe, to je malko smesna informacija. Izjem ti ja tu vojsku na cije kompove moze da stigne virus. Pa nije valjda da na kompjuteru za upravljanje nukleranim raketama koriste Windows i da je taj kompjuter vezan na net da bi dezurni oficir mogao da gleda "crtane filmove" u nocnoj smeni? Srecan Bozic

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Zlob.DNSChanger i Autorun trojan

Ko je trenutno na forumu

Ukupno su 1006 korisnika na forumu :: 28 registrovanih, 6 sakrivenih i 972 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., AleksSE, alkatraz080, Arsenije, Bane san, bojan_t, cinoeye, darcaud, djboj, dule10savic, havoc995, Insan, Kubovac, Marko Marković, pein, Povratak1912, raykan, repac, royst33, SlaKoj, Srky Boy, Srle993, stankolich, suton, Trpe Grozni, Tvrtko I, Vlada1389, 2001

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by