MyCity » Ambulanta -> Arhiva Ambulante » please help ludi virusi

please help ludi virusi

Napisano na dan: 5.1.2008

Strana:
1
2

please help ludi virusi

Sledeća strana

Pagination

Odgovori

Strana:
1
2

pcelarko Poslao: 05 Jan 2008 18:32 Idi na vrh
offline pcelarko Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 20	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo ovako. Imam ADSL 512/64 do sada sam koristio Kaspersky Anti-Virus 5.0.712 imao sam par virusa koje je on sredio(ili ja bar mislim da jeste). Preksinoc su mi uleteli neki virusi. Ovde sam citao da su neki ljudi imali slicna iskustva. Virus izbacuje da skidas neke programe: anti-trojan, anti-spayware, anti-virus program i ja sam ludak skinuo jedan od njih tek kada sam probao da ga aninstaliram skontao sam o cemu se radi (inace prvi put se srecem sa ovim). E sad skinuo sam jos dva antivirusa(AVG i avast) sa kojima sam delimicno uspeo da ih uklonim. I taj folder sa kojima su dosli sam jedva izbrisao. Kada sam skenirao sa Spyware Doctorom izbacuje mi da imam ove stetocine: Application.TrackingCookies, Trojan.Popuper, RogueAntiSpyware.SpyKiller_2005, Adware.Advertising, Adware.Comet_Cursor, Spyware.Known_Bad_Sites, Trojan.PSguard_Desktop_Hijacker, RogueAntiSpyware.AntiSpyShield. UNAPRED ZAHVALAN NA SVAKOJ POMOCI EVO LOG Hijack This-a Logfile of HijackThis v1.99.1 Scan saved at 18:30:55, on 5.1.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\LClock\LClock.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Macrogaming\SweetIM\SweetIM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\Clock Tray Skins\ClockTraySkins.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\alg.exe C:\progra~1\mozill~1\firefox.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\SDTrayApp.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\Documents and Settings\Dejan\Desktop\dean\TR3.exe..exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = home.sweetim.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = us.rd.yahoo.com/customize/ie/defaults/su/msgr8/http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = .local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll R3 - URLSearchHook: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll O2 - BHO: (no name) - {2012F73E-7427-4AD8-9E9D-6CBA6E0053D4} - C:\Program Files\Video Add-on\isfmdl.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll O3 - Toolbar: Live TV Toolbar - {b69a9db4-d0a1-4722-b56b-f20757a29cdf} - C:\Program Files\Live_TV\tbLive.dll O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [LClock] C:\Program Files\LClock\LClock.exe O4 - HKLM\..\Run: [KAVWks50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" /minimize /chkas O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [SkinClock] C:\Program Files\Clock Tray Skins\ClockTraySkins.exe O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe O4 - HKCU\..\Run: [AntiSpywareShield] C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - updatesgate.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - updatesgate.com/redirect.php (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll O11 - Options group: [INTERNATIONAL] International O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx O17 - HKLM\System\CCS\Services\Tcpip\..\{6E954E2F-ECCF-4E30-A17C-A18356AC2144}: NameServer = 192.168.1.2,192.168.2.2 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Kaspersky Anti-Virus Service (kavsvc) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kavsvc.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

Profil

dr_Bora Poslao: 06 Jan 2008 01:47 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pozdrav... 1) Preuzmi program SmitfraudFix sa ovog linka. 2.) Extract-uj program na desktop. (Takodje na ovaj način pripremi i program Hijack This koje će se kasnije koristiti) 3.) Restartuj računar i podigni sistem u Safe Mode-u. [ Safe Mode info link ] 4.) Pronadji na desktop-u folder gde si raspakovao SmitfraudFix program i dvoklikom pokreni fajl SmitfraudFix.cmd. Kada se alat za uklanjanje prvi put startuje pokazaće ti se ekran za odobrenje. Jednostavno pritisni bilo koje dugme na tastaturi da bi prešao na sledeći nivo. 5.) 6.) Program će početi sa čišćenjem kompjutera. Posle završenog čišćenja SmitfraudFix-om pokrenuće ti se Windows-ov program Disk Cleanup. Nakon sto SmitFraudFix zavrsi svoj posao, postavi nam ovde log koji se nalazi na C:\rapport.txt. ------------------------------------------------------------------------------------- Zatim... Skini ComboFix sa jedne od sledecih adresa: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe Startuj ga i ne diraj prozor programa dok skenira. Sledi uputstva na ekranu. Kada zavrsi pojavice se log koji ces nam ovde iskopirati.

Profil

pcelarko Poslao: 06 Jan 2008 05:27 Idi na vrh
offline pcelarko Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 20	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! thanks dr. Bora sto si nasao vremena i za moj problem evo log od SmitfraudFix-a SmitFraudFix v2.274 Scan done at 4:35:14,51, ned 06.01.2008 Run from C:\Documents and Settings\Dejan\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts 127.0.0.1 localhost »»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix S!Ri's WS2Fix: LSP not Found. »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url Deleted C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url Deleted C:\DOCUME~1\Dejan\FAVORI~1\Online Security Test.url Deleted »»»»»»»»»»»»»»»»»»»»»»»» IEDFix IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{6E954E2F-ECCF-4E30-A17C-A18356AC2144}: NameServer=192.168.1.2,192.168.2.2 HKLM\SYSTEM\CS1\Services\Tcpip\..\{6E954E2F-ECCF-4E30-A17C-A18356AC2144}: NameServer=192.168.1.2,192.168.2.2 HKLM\SYSTEM\CS2\Services\Tcpip\..\{6E954E2F-ECCF-4E30-A17C-A18356AC2144}: NameServer=192.168.1.2,192.168.2.2 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning not selected. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End a evo i od ComboFix-a ComboFix 08-01-04.1 - Dejan 2008-01-06 5:00:22.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.124 [GMT 1:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Autorun.inf . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 04:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 04:35 . 2008-01-06 04:35 2,632 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-06 04:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-06 04:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-06 04:18 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-06 04:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-06 04:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-06 04:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-05 21:03 . 2008-01-05 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-01-05 04:00 . 2008-01-05 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-05 00:51 . 2008-01-05 00:54 2,359,350 --a------ C:\WINDOWS\ACD Wallpaper.bmp 2008-01-05 00:39 . 2008-01-05 00:39 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-04 21:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 01:06 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-04 01:06 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-04 01:06 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-04 01:06 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-04 01:06 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-04 01:06 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-04 01:05 . 2008-01-04 01:05 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-04 01:05 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-01-04 01:05 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-04 01:05 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-04 00:51 . 2008-01-04 00:51 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Grisoft 2008-01-04 00:51 . 2008-01-04 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-03 23:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-03 23:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln(2).sys 2008-01-03 23:33 . 2008-01-03 23:33 <DIR> d-------- C:\Program Files\WinSpyKiller 2008-01-03 22:25 . 2008-01-03 23:33 <DIR> d-------- C:\Program Files\AntiSpyGolden 5.2 2007-12-28 06:43 . 2007-12-28 06:43 <DIR> d-------- C:\Program Files\DivX 2007-12-28 06:38 . 2007-12-28 06:38 <DIR> d-------- C:\Program Files\SATVOD 2007-12-28 06:38 . 2007-12-28 06:38 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\MoviesApp 2007-12-28 05:53 . 2007-12-28 05:53 <DIR> d-------- C:\Program Files\Live_TV 2007-12-28 05:53 . 2007-12-28 05:53 <DIR> d-------- C:\Program Files\Conduit 2007-12-28 04:28 . 2007-12-28 04:28 <DIR> d-------- C:\Program Files\Macrogaming 2007-12-28 04:16 . 2007-12-28 04:16 <DIR> d-------- C:\Program Files\MSN Messenger 2007-12-25 17:06 . 2007-12-25 17:06 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Microsoft Games 2007-12-25 17:04 . 2008-01-03 02:15 <DIR> d-------- C:\Program Files\GameSpy Arcade 2007-12-25 16:58 . 2007-12-25 16:58 <DIR> d-------- C:\Program Files\Microsoft Games 2007-12-23 22:18 . 2007-12-23 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2007-12-23 22:17 . 2007-12-23 22:17 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\GRETECH 2007-12-22 16:44 . 2007-12-22 16:44 <DIR> d-------- C:\Program Files\JLC's Software 2007-12-22 16:44 . 2007-12-22 16:44 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\JLC's Software 2007-12-22 16:39 . 2007-12-28 16:37 <DIR> d-------- C:\Program Files\Real 2007-12-22 16:39 . 2007-12-22 16:39 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-12-22 16:39 . 2007-12-22 16:39 <DIR> d-------- C:\Program Files\Common Files\Real 2007-12-22 16:15 . 2007-12-22 16:15 <DIR> d-------- C:\Program Files\FDRLab 2007-12-22 16:15 . 2007-12-22 16:15 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\FDRLab 2007-12-22 16:01 . 2007-12-23 16:25 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner 2007-12-21 04:44 . 2007-12-21 17:28 <DIR> d-------- C:\Program Files\RapidTyping 2007-12-20 04:03 . 2007-12-23 22:16 <DIR> d-------- C:\Program Files\GRETECH 2007-12-19 05:22 . 2007-11-13 20:01 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup 2007-12-19 05:18 . 2007-12-19 05:22 <DIR> d-------- C:\WINDOWS\VistaMizer 2007-12-19 04:05 . 2008-01-05 00:43 1,355 --a------ C:\WINDOWS\imsins.BAK 2007-12-18 03:50 . 2007-12-19 05:22 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2007-12-18 03:47 . 2007-12-18 03:47 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\ViStart 2007-12-18 00:58 . 2007-12-18 00:58 <DIR> d-------- C:\Program Files\Task Killer 2007-12-18 00:28 . 2007-12-18 00:39 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\GlarySoft 2007-12-18 00:24 . 2007-12-18 00:24 <DIR> d-------- C:\Program Files\Glary Utilities 2007-12-17 22:48 . 2007-12-17 22:48 <DIR> d-------- C:\Program Files\Ratajik Software 2007-12-17 22:30 . 2007-12-21 00:48 <DIR> d-------- C:\Program Files\Screamer Radio 2007-12-17 17:16 . 2007-12-17 17:16 1 --a------ C:\WINDOWS\system32\SI.bin 2007-12-17 01:51 . 2007-12-17 01:51 <DIR> d---s---- C:\Program Files\Xfire 2007-12-17 01:51 . 2007-12-22 16:23 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Xfire 2007-12-17 00:27 . 2007-12-19 16:12 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\My Games 2007-12-16 06:30 . 2007-12-16 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe 2007-12-14 19:16 . 2007-12-14 19:16 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\WebCompiler3 2007-12-13 20:10 . 2007-12-13 20:10 <DIR> d-------- C:\Program Files\Clock Tray Skins 2007-12-13 15:15 . 2007-12-17 16:06 <DIR> d-------- C:\WINDOWS\Desktop 2007-12-13 14:22 . 2007-12-13 14:22 <DIR> d-------- C:\Program Files\FreshDevices 2007-12-12 23:31 . 2007-12-12 23:38 <DIR> d-------- C:\Program Files\softnyx 2007-12-11 22:26 . 2007-12-11 22:26 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Media Player Classic 2007-12-11 22:22 . 2007-12-11 22:25 <DIR> d-------- C:\Program Files\MP3Finder 2007-12-11 21:52 . 2007-12-11 21:52 <DIR> d-------- C:\Program Files\Chermenin 2007-12-11 16:18 . 2007-12-11 16:18 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-10 02:07 . 2007-12-10 02:07 <DIR> d-------- C:\WINDOWS\system32\CLSID 2007-12-10 02:06 . 2007-12-10 02:12 <DIR> d-------- C:\Program Files\Radiograbber 2007-12-09 18:57 . 2007-05-17 21:05 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-12-09 17:56 . 2007-12-09 17:57 <DIR> d-------- C:\Program Files\Winamp 2007-12-09 17:56 . 2007-12-17 23:43 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Winamp 2007-12-09 17:22 . 2008-01-03 23:33 <DIR> d-------- C:\Program Files\ApexDC++ 2007-12-09 17:01 . 2007-12-17 16:58 <DIR> d-------- C:\Program Files\Online TV Player 4 2007-12-09 17:01 . 2007-12-09 17:01 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun 2007-12-09 16:21 . 2007-12-09 16:21 <DIR> d-------- C:\Program Files\SereneScreen 2007-12-09 16:21 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr 2007-12-09 16:08 . 2007-12-09 16:08 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\TVU Networks 2007-12-09 15:58 . 2007-12-09 15:58 <DIR> d-------- C:\Program Files\MP3 Remix 2007-12-08 18:26 . 2008-01-05 21:03 <DIR> d-------- C:\Program Files\Uniblue 2007-12-08 18:17 . 2007-12-08 18:17 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-07 16:39 . 2007-12-07 16:40 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-12-07 16:39 . 2007-12-07 16:39 <DIR> d-------- C:\Program Files\Windows Live Favorites 2007-12-07 16:39 . 2007-12-07 16:39 <DIR> d-------- C:\Documents and Settings\Dejan\Contacts 2007-12-07 16:38 . 2007-12-28 04:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-07 16:01 . 2007-12-07 16:01 <DIR> d-------- C:\WINDOWS\wb 2007-12-06 14:46 . 2007-12-06 14:46 <DIR> d-------- C:\WINDOWS\Monopoly Here & Now Edition 2007-12-06 14:46 . <DIR> C:\Program Files\KaPi_Monopoly 2007-12-06 14:46 . 2007-12-06 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\55-63-57-2p-59-op 2007-12-06 03:26 . 2007-12-06 03:28 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\RSG . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 20:03 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Uniblue 2008-01-05 02:47 --------- d-----w C:\Program Files\Google 2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Dejan\Application Data\uTorrent 2008-01-03 22:33 --------- d-----w C:\Program Files\uTorrent 2008-01-03 22:33 --------- d-----w C:\Program Files\LClock 2007-12-28 03:13 --------- d-----w C:\Program Files\Windows Live 2007-12-22 15:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-12-22 15:39 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-12-22 15:39 185,944 ----a-w C:\WINDOWS\system32\rmoc3260(2).dll 2007-12-22 15:39 185,944 ----a-w C:\WINDOWS\system32\rmoc3260(2)(2).dll 2007-12-19 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-19 04:22 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-18 00:31 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Skype 2007-12-17 23:34 --------- d-----w C:\Program Files\YuRecnik 2007-12-17 23:34 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-17 23:05 --------- d-----w C:\Documents and Settings\Dejan\Application Data\skypePM 2007-12-09 17:25 --------- d-----w C:\Documents and Settings\Dejan\Application Data\ATI 2007-12-08 17:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-08 12:19 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-07 15:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-07 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-07 15:10 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Yahoo! 2007-12-07 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-12-07 15:03 --------- d-----w C:\Program Files\Trillian 2007-12-05 20:37 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-12-05 20:37 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-12-05 20:37 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-12-05 20:28 --------- d-----w C:\Program Files\directx 2007-12-05 20:28 --------- d-----w C:\Program Files\AT&T WorldNet Setup 2007-12-05 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-05 19:19 --------- d-----w C:\Program Files\Yahoo! 2007-12-05 18:43 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-05 10:21 --------- d-----w C:\Documents and Settings\Dejan\Application Data\SpinTop 2007-12-04 16:46 --------- d-----w C:\Program Files\THQ 2007-12-03 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-03 10:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-03 10:33 --------- d-----w C:\Program Files\Skype 2007-12-03 10:33 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-03 09:57 --------- d-----w C:\Program Files\MT882 2007-12-02 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx(2).dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx(2)(2).dll 2007-11-29 16:25 --------- d-----w C:\Documents and Settings\Dejan\Application Data\MSNInstaller 2007-11-29 15:32 --------- d-----w C:\Program Files\Java 2007-11-29 15:28 --------- d-----w C:\Program Files\Common Files\Java 2007-11-29 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2007-11-28 15:49 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-26 00:48 --------- d-----w C:\Program Files\Common Files\NSV 2007-11-24 15:42 --------- d-----w C:\Documents and Settings\Dejan\Application Data\SumatraPDF 2007-11-23 15:31 100,482 ----a-w C:\WINDOWS\UninstallThunderbird.exe 2007-11-23 15:31 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Thunderbird 2007-11-21 18:13 --------- d-----w C:\Program Files\Kasparov Chessmate 2007-11-20 18:59 --------- d-----w C:\Program Files\ReflexiveArcade 2007-11-20 18:54 --------- d-----w C:\Program Files\KeyOPS 2007-11-19 21:07 --------- d-----w C:\Program Files\EA Games 2007-11-16 00:19 --------- d-----w C:\Program Files\Far Cry 2007-11-14 02:45 --------- d-----w C:\Program Files\Zuma Deluxe 2007-11-14 02:08 --------- d-----w C:\Program Files\Ubisoft 2007-11-13 19:16 --------- d-----w C:\Program Files\Kaspersky Lab 2007-11-13 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations 2007-11-13 19:15 --------- d-----w C:\Program Files\KAV 2007-11-13 19:14 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Talkback 2007-11-13 18:55 --------- d-----w C:\Program Files\mEliteSoftware 2007-11-13 18:52 --------- d-----w C:\Program Files\Diskeeper Corporation 2007-11-13 18:52 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Leadertech 2007-11-13 18:50 --------- d-----w C:\Program Files\CyberLink 2007-11-13 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-13 18:48 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-13 18:47 --------- d-----w C:\Program Files\Webteh 2007-11-13 18:47 --------- d-----w C:\Program Files\audiograbber 2007-11-13 18:40 --------- d-----w C:\Program Files\Stardock 2007-11-13 18:40 --------- d-----w C:\Program Files\Common Files\Stardock 2007-11-13 18:30 --------- d-----w C:\Program Files\Nero 2007-11-13 18:30 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-13 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-13 18:21 --------- d-----w C:\Program Files\Bonjour 2007-11-13 18:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-13 18:01 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-11-13 18:01 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Program Files\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Documents and Settings\Dejan\Application Data\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-11-13 17:54 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-13 17:45 --------- d-----w C:\Program Files\totalcmd 2007-11-13 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-13 17:12 --------- d-----w C:\Program Files\C-Media 3D Audio 2007-11-13 17:10 --------- d-----w C:\Program Files\VIA 2007-11-13 17:08 --------- d-----w C:\Program Files\On-line Help Console 2007-11-13 17:01 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}] C:\Program Files\Video Add-on\isfmdl.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 25088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208] "SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-09-17 12:00 446976] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712] "AntiSpywareShield"="C:\Program Files\AntiSpywareShield\AntiSpywareShield.exe" [ ] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536] "KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18 98407] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 16:39 185896] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 25088] C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-13 19:40:37] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] 2005-06-20 11:53 1056768 -ra------ C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 11:53] R1 klmc;KLMC driver;C:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 19:23] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dc4883a-abef-11dc-835d-0018027c04bc}] \Shell\AutoRun\command - F:\autorun.exe Newly Created Service - PROCEXP90 . Contents of the 'Scheduled Tasks' folder "2008-01-06 03:08:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-05 20:26:57 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-01-05 20:26:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-06 05:04:11 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 2369 ************************************************************************ . --------------------- DLLs Loaded Under Running Processes --------------------- PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156] -> C:\Program Files\Stardock\ObjectDock\DockShellHook.dll -> C:\Program Files\Clock Tray Skins\Clock.dll . Completion time: 2008-01-06 5:06:07 ComboFix-quarantined-files.txt 2008-01-06 04:06:02 . 2008-01-05 01:33:15 --- E O F ---

Profil

dr_Bora Poslao: 06 Jan 2008 11:28 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Otvoriti Notepad i iskopirati sledeci tekst: `File:: Folder:: C:\Program Files\WinSpyKiller C:\Program Files\AntiSpyGolden 5.2 Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2012F73E-7427-4AD8-9E9D-6CBA6E0053D4}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AntiSpywareShield"=-` Snimiti na Desktop fajl iz Notepada kao "CFScript" Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici. Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja. ------------------------------------------------------------------------------------- Preuzmi fajl gmer.zip sa ovog linka i sačuvaj na Desktop-u. Raspakuj ga u neki folder. Dupli klik na gmer.exe za početak: Izaberi Rootkit Tab na vrhu. Klikni na Scan. Kada je skeniranje završeno, klik na Copy dugme ispod - ovo će sačuvati to u Clipboard. Iskoristi opciju Paste u Notepad-u da bi to prebacio u tekst. Snimi taj tekst iz Notepada kao file1.txt. Ponovi ovo isto sa Autostart Tab-om. Snimi taj tekst iz Notepada kao file2.txt. Priloži uz poruku ta dva file-a (koristi opciju Prikači fajl).

Profil

pcelarko Poslao: 06 Jan 2008 19:33 Idi na vrh
offline pcelarko Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 20	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Evo log od ComboFix. A gmer nesto nece,iskenira i onda mi zakuca svu memoriju. Jel normalno da gmer uzima 200 mb memorije? ComboFix 08-01-04.1 - Dejan 2008-01-06 16:12:03.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.141 [GMT 1:00] Running from: C:\Documents and Settings\Dejan\Desktop\ComboFix.exe Command switches used :: C:\Documents and Settings\Dejan\Desktop\CFScript.txt * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\AntiSpyGolden 5.2 C:\Program Files\AntiSpyGolden 5.2\AntiSpyGolden AntiSpyGolden.url C:\Program Files\WinSpyKiller C:\Program Files\WinSpyKiller\Uninstall.exe C:\Program Files\WinSpyKiller\WinSpyKiller.lic . ((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 ))))))))))))))))))))))))))))))) . 2008-01-06 04:58 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe 2008-01-06 04:35 . 2008-01-06 04:35 2,632 --a------ C:\WINDOWS\system32\tmp.reg 2008-01-06 04:18 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe 2008-01-06 04:18 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe 2008-01-06 04:18 . 2007-12-20 23:11 81,920 --a------ C:\WINDOWS\system32\IEDFix.exe 2008-01-06 04:18 . 2003-06-05 20:13 53,248 --a------ C:\WINDOWS\system32\Process.exe 2008-01-06 04:18 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe 2008-01-06 04:18 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe 2008-01-05 21:03 . 2008-01-05 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Uniblue 2008-01-05 04:00 . 2008-01-05 04:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-01-05 00:51 . 2008-01-05 00:54 2,359,350 --a------ C:\WINDOWS\ACD Wallpaper.bmp 2008-01-05 00:39 . 2008-01-05 00:39 <DIR> d-------- C:\Program Files\MSXML 4.0 2008-01-04 21:46 . 2005-09-23 08:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll 2008-01-04 01:06 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr 2008-01-04 01:06 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys 2008-01-04 01:06 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys 2008-01-04 01:06 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys 2008-01-04 01:06 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys 2008-01-04 01:06 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys 2008-01-04 01:05 . 2008-01-04 01:05 <DIR> d-------- C:\Program Files\Alwil Software 2008-01-04 01:05 . 2003-03-18 21:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll 2008-01-04 01:05 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe 2008-01-04 01:05 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx 2008-01-04 00:51 . 2008-01-04 00:51 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Grisoft 2008-01-04 00:51 . 2008-01-04 00:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft 2008-01-03 23:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2008-01-03 23:43 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln(2).sys 2007-12-28 06:43 . 2007-12-28 06:43 <DIR> d-------- C:\Program Files\DivX 2007-12-28 06:38 . 2007-12-28 06:38 <DIR> d-------- C:\Program Files\SATVOD 2007-12-28 06:38 . 2007-12-28 06:38 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\MoviesApp 2007-12-28 05:53 . 2007-12-28 05:53 <DIR> d-------- C:\Program Files\Live_TV 2007-12-28 05:53 . 2007-12-28 05:53 <DIR> d-------- C:\Program Files\Conduit 2007-12-28 04:28 . 2007-12-28 04:28 <DIR> d-------- C:\Program Files\Macrogaming 2007-12-28 04:16 . 2007-12-28 04:16 <DIR> d-------- C:\Program Files\MSN Messenger 2007-12-25 17:06 . 2007-12-25 17:06 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Microsoft Games 2007-12-25 17:04 . 2008-01-03 02:15 <DIR> d-------- C:\Program Files\GameSpy Arcade 2007-12-25 16:58 . 2007-12-25 16:58 <DIR> d-------- C:\Program Files\Microsoft Games 2007-12-23 22:18 . 2007-12-23 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH 2007-12-23 22:17 . 2007-12-23 22:17 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\GRETECH 2007-12-22 16:44 . 2007-12-22 16:44 <DIR> d-------- C:\Program Files\JLC's Software 2007-12-22 16:44 . 2007-12-22 16:44 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\JLC's Software 2007-12-22 16:39 . 2007-12-28 16:37 <DIR> d-------- C:\Program Files\Real 2007-12-22 16:39 . 2007-12-22 16:39 <DIR> d-------- C:\Program Files\Common Files\xing shared 2007-12-22 16:39 . 2007-12-22 16:39 <DIR> d-------- C:\Program Files\Common Files\Real 2007-12-22 16:15 . 2007-12-22 16:15 <DIR> d-------- C:\Program Files\FDRLab 2007-12-22 16:15 . 2007-12-22 16:15 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\FDRLab 2007-12-22 16:01 . 2007-12-23 16:25 <DIR> d-------- C:\Program Files\Eusing Free Registry Cleaner 2007-12-21 04:44 . 2007-12-21 17:28 <DIR> d-------- C:\Program Files\RapidTyping 2007-12-20 04:03 . 2007-12-23 22:16 <DIR> d-------- C:\Program Files\GRETECH 2007-12-19 05:22 . 2007-11-13 20:01 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup 2007-12-19 05:18 . 2007-12-19 05:22 <DIR> d-------- C:\WINDOWS\VistaMizer 2007-12-19 04:05 . 2008-01-05 00:43 1,355 --a------ C:\WINDOWS\imsins.BAK 2007-12-18 03:50 . 2007-12-19 05:22 218,624 --a--c--- C:\WINDOWS\system32\dllcache\uxtheme.dll 2007-12-18 03:47 . 2007-12-18 03:47 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\ViStart 2007-12-18 00:58 . 2007-12-18 00:58 <DIR> d-------- C:\Program Files\Task Killer 2007-12-18 00:28 . 2007-12-18 00:39 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\GlarySoft 2007-12-18 00:24 . 2007-12-18 00:24 <DIR> d-------- C:\Program Files\Glary Utilities 2007-12-17 22:48 . 2007-12-17 22:48 <DIR> d-------- C:\Program Files\Ratajik Software 2007-12-17 22:30 . 2007-12-21 00:48 <DIR> d-------- C:\Program Files\Screamer Radio 2007-12-17 17:16 . 2007-12-17 17:16 1 --a------ C:\WINDOWS\system32\SI.bin 2007-12-17 01:51 . 2007-12-17 01:51 <DIR> d---s---- C:\Program Files\Xfire 2007-12-17 01:51 . 2007-12-22 16:23 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Xfire 2007-12-17 00:27 . 2007-12-19 16:12 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\My Games 2007-12-16 06:30 . 2007-12-16 15:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Metacafe 2007-12-14 19:16 . 2007-12-14 19:16 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\WebCompiler3 2007-12-13 20:10 . 2007-12-13 20:10 <DIR> d-------- C:\Program Files\Clock Tray Skins 2007-12-13 15:15 . 2007-12-17 16:06 <DIR> d-------- C:\WINDOWS\Desktop 2007-12-13 14:22 . 2007-12-13 14:22 <DIR> d-------- C:\Program Files\FreshDevices 2007-12-12 23:31 . 2007-12-12 23:38 <DIR> d-------- C:\Program Files\softnyx 2007-12-11 22:26 . 2007-12-11 22:26 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Media Player Classic 2007-12-11 22:22 . 2007-12-11 22:25 <DIR> d-------- C:\Program Files\MP3Finder 2007-12-11 21:52 . 2007-12-11 21:52 <DIR> d-------- C:\Program Files\Chermenin 2007-12-11 16:18 . 2007-12-11 16:18 682,232 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-10 02:07 . 2007-12-10 02:07 <DIR> d-------- C:\WINDOWS\system32\CLSID 2007-12-10 02:06 . 2007-12-10 02:12 <DIR> d-------- C:\Program Files\Radiograbber 2007-12-09 18:57 . 2007-05-17 21:05 520,192 --a------ C:\WINDOWS\system32\ati2sgag.exe 2007-12-09 17:56 . 2007-12-09 17:57 <DIR> d-------- C:\Program Files\Winamp 2007-12-09 17:56 . 2007-12-17 23:43 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\Winamp 2007-12-09 17:22 . 2008-01-03 23:33 <DIR> d-------- C:\Program Files\ApexDC++ 2007-12-09 17:01 . 2007-12-17 16:58 <DIR> d-------- C:\Program Files\Online TV Player 4 2007-12-09 17:01 . 2007-12-09 17:01 10 --a------ C:\WINDOWS\system32\810429tv4-test.jun 2007-12-09 16:21 . 2007-12-09 16:21 <DIR> d-------- C:\Program Files\SereneScreen 2007-12-09 16:21 . 2006-02-28 08:53 2,936,832 --a------ C:\WINDOWS\system32\MA2_6.scr 2007-12-09 16:08 . 2007-12-09 16:08 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\TVU Networks 2007-12-09 15:58 . 2007-12-09 15:58 <DIR> d-------- C:\Program Files\MP3 Remix 2007-12-08 18:26 . 2008-01-05 21:03 <DIR> d-------- C:\Program Files\Uniblue 2007-12-08 18:17 . 2007-12-08 18:17 <DIR> d--hs---- C:\WINDOWS\ftpcache 2007-12-07 16:39 . 2007-12-07 16:40 <DIR> d-------- C:\Program Files\Windows Live Toolbar 2007-12-07 16:39 . 2007-12-07 16:39 <DIR> d-------- C:\Program Files\Windows Live Favorites 2007-12-07 16:39 . 2007-12-07 16:39 <DIR> d-------- C:\Documents and Settings\Dejan\Contacts 2007-12-07 16:38 . 2007-12-28 04:17 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE 2007-12-07 16:01 . 2007-12-07 16:01 <DIR> d-------- C:\WINDOWS\wb 2007-12-06 14:46 . 2007-12-06 14:46 <DIR> d-------- C:\WINDOWS\Monopoly Here & Now Edition 2007-12-06 14:46 . <DIR> C:\Program Files\KaPi_Monopoly 2007-12-06 14:46 . 2007-12-06 14:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\55-63-57-2p-59-op 2007-12-06 03:26 . 2007-12-06 03:28 <DIR> d-------- C:\Documents and Settings\Dejan\Application Data\RSG . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-05 20:03 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Uniblue 2008-01-05 02:47 --------- d-----w C:\Program Files\Google 2008-01-04 16:05 --------- d-----w C:\Documents and Settings\Dejan\Application Data\uTorrent 2008-01-03 22:33 --------- d-----w C:\Program Files\uTorrent 2008-01-03 22:33 --------- d-----w C:\Program Files\LClock 2007-12-28 03:13 --------- d-----w C:\Program Files\Windows Live 2007-12-22 15:39 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll 2007-12-22 15:39 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll 2007-12-22 15:39 185,944 ----a-w C:\WINDOWS\system32\rmoc3260(2).dll 2007-12-22 15:39 185,944 ----a-w C:\WINDOWS\system32\rmoc3260(2)(2).dll 2007-12-19 15:14 --------- d--h--w C:\Program Files\InstallShield Installation Information 2007-12-19 04:22 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll 2007-12-18 00:31 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Skype 2007-12-17 23:34 --------- d-----w C:\Program Files\YuRecnik 2007-12-17 23:34 --------- d-----w C:\Program Files\Mozilla Thunderbird 2007-12-17 23:05 --------- d-----w C:\Documents and Settings\Dejan\Application Data\skypePM 2007-12-09 17:25 --------- d-----w C:\Documents and Settings\Dejan\Application Data\ATI 2007-12-08 17:17 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP 2007-12-08 12:19 --------- d-----w C:\Program Files\Common Files\Adobe 2007-12-07 15:37 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller 2007-12-07 15:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller 2007-12-07 15:10 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Yahoo! 2007-12-07 15:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! 2007-12-07 15:03 --------- d-----w C:\Program Files\Trillian 2007-12-05 20:37 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll 2007-12-05 20:37 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll 2007-12-05 20:37 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll 2007-12-05 20:28 --------- d-----w C:\Program Files\directx 2007-12-05 20:28 --------- d-----w C:\Program Files\AT&T WorldNet Setup 2007-12-05 19:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2007-12-05 19:19 --------- d-----w C:\Program Files\Yahoo! 2007-12-05 18:43 --------- d-----w C:\Program Files\Alcohol Soft 2007-12-05 10:21 --------- d-----w C:\Documents and Settings\Dejan\Application Data\SpinTop 2007-12-04 16:46 --------- d-----w C:\Program Files\THQ 2007-12-03 12:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip 2007-12-03 10:35 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat 2007-12-03 10:33 --------- d-----w C:\Program Files\Skype 2007-12-03 10:33 --------- d-----w C:\Program Files\Common Files\Skype 2007-12-03 10:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype 2007-12-03 09:57 --------- d-----w C:\Program Files\MT882 2007-12-02 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia 2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx(2).dll 2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx(2)(2).dll 2007-11-29 16:25 --------- d-----w C:\Documents and Settings\Dejan\Application Data\MSNInstaller 2007-11-29 15:32 --------- d-----w C:\Program Files\Java 2007-11-29 15:28 --------- d-----w C:\Program Files\Common Files\Java 2007-11-29 14:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\RapidSolution 2007-11-28 15:49 --------- d-----w C:\Program Files\Windows Media Connect 2 2007-11-26 00:48 --------- d-----w C:\Program Files\Common Files\NSV 2007-11-24 15:42 --------- d-----w C:\Documents and Settings\Dejan\Application Data\SumatraPDF 2007-11-23 15:31 100,482 ----a-w C:\WINDOWS\UninstallThunderbird.exe 2007-11-23 15:31 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Thunderbird 2007-11-21 18:13 --------- d-----w C:\Program Files\Kasparov Chessmate 2007-11-20 18:59 --------- d-----w C:\Program Files\ReflexiveArcade 2007-11-20 18:54 --------- d-----w C:\Program Files\KeyOPS 2007-11-19 21:07 --------- d-----w C:\Program Files\EA Games 2007-11-16 00:19 --------- d-----w C:\Program Files\Far Cry 2007-11-14 02:45 --------- d-----w C:\Program Files\Zuma Deluxe 2007-11-14 02:08 --------- d-----w C:\Program Files\Ubisoft 2007-11-13 19:16 --------- d-----w C:\Program Files\Kaspersky Lab 2007-11-13 19:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Anti-Virus for Windows Workstations 2007-11-13 19:15 --------- d-----w C:\Program Files\KAV 2007-11-13 19:14 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Talkback 2007-11-13 18:55 --------- d-----w C:\Program Files\mEliteSoftware 2007-11-13 18:52 --------- d-----w C:\Program Files\Diskeeper Corporation 2007-11-13 18:52 --------- d-----w C:\Documents and Settings\Dejan\Application Data\Leadertech 2007-11-13 18:50 --------- d-----w C:\Program Files\CyberLink 2007-11-13 18:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink 2007-11-13 18:48 --------- d-----w C:\Program Files\K-Lite Codec Pack 2007-11-13 18:47 --------- d-----w C:\Program Files\Webteh 2007-11-13 18:47 --------- d-----w C:\Program Files\audiograbber 2007-11-13 18:40 --------- d-----w C:\Program Files\Stardock 2007-11-13 18:40 --------- d-----w C:\Program Files\Common Files\Stardock 2007-11-13 18:30 --------- d-----w C:\Program Files\Nero 2007-11-13 18:30 --------- d-----w C:\Program Files\Common Files\Ahead 2007-11-13 18:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet 2007-11-13 18:21 --------- d-----w C:\Program Files\Bonjour 2007-11-13 18:15 --------- d-----w C:\Program Files\Common Files\Macrovision Shared 2007-11-13 18:01 10,368 ----a-w C:\WINDOWS\system32\drivers\pfc.sys 2007-11-13 18:01 --------- d-----w C:\Program Files\Common Files\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Program Files\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Documents and Settings\Dejan\Application Data\ACD Systems 2007-11-13 18:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\ACD Systems 2007-11-13 17:54 --------- d-----w C:\Program Files\Microsoft ActiveSync 2007-11-13 17:45 --------- d-----w C:\Program Files\totalcmd 2007-11-13 17:31 --------- d-----w C:\Program Files\Common Files\InstallShield 2007-11-13 17:12 --------- d-----w C:\Program Files\C-Media 3D Audio 2007-11-13 17:10 --------- d-----w C:\Program Files\VIA 2007-11-13 17:08 --------- d-----w C:\Program Files\On-line Help Console 2007-11-13 17:01 --------- d-----w C:\Program Files\microsoft frontpage 2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys 2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-27 16:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2001-11-23 04:08 712,704 ----a-r C:\WINDOWS\inf\OTHER\AUDIO3D.DLL . ((((((((((((((((((((((((((((( snapshot@2008-01-06_ 5.05.34.21 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-06 15:01:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_604.dat + 2008-01-06 15:01:41 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6fc.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:07 25088] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-09-25 19:11 94208] "SkinClock"="C:\Program Files\Clock Tray Skins\ClockTraySkins.exe" [2006-09-17 12:00 446976] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2005-09-25 19:11 155648] "DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 17:38 221184] "LClock"="C:\Program Files\LClock\LClock.exe" [2004-09-20 01:27 65536] "KAVWks50"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 5.0 for Windows Workstations\kav.exe" [2006-07-12 19:18 98407] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [2007-01-01 22:22 3739648] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-22 16:39 185896] "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2007-10-14 18:09 103712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 02:07 25088] C:\Documents and Settings\Dejan\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDock\ObjectDock.exe [2007-11-13 19:40:37] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "UIHost"="LogonUI.EXE" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RaidTool] 2005-06-20 11:53 1056768 -ra------ C:\Program Files\VIA\RAID\raid_tool.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue SpeedUpMyPC] C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe -s R0 viamraid;viamraid;C:\WINDOWS\system32\DRIVERS\viamraid.sys [2005-06-20 11:53] R1 klmc;KLMC driver;C:\WINDOWS\system32\drivers\klmc.sys [2006-07-12 19:23] R3 iadusb;MT882;C:\WINDOWS\system32\DRIVERS\glauiad.sys [2006-03-20 08:32] S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;"C:\Program Files\MSN Messenger\usnsvc.exe" [2007-01-19 12:54] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4dc4883a-abef-11dc-835d-0018027c04bc}] \Shell\AutoRun\command - F:\autorun.exe . Contents of the 'Scheduled Tasks' folder "2008-01-06 15:08:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE "2008-01-05 20:26:57 C:\WINDOWS\Tasks\Uniblue SpyEraser Nag.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe "2008-01-05 20:26:56 C:\WINDOWS\Tasks\Uniblue SpyEraser.job" - C:\Program Files\Uniblue\SpyEraser\SpyEraser.exe . ************************************************************************ catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net Rootkit scan 2008-01-06 16:17:28 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 2373 ************************************************************************ . Completion time: 2008-01-06 16:19:40 ComboFix-quarantined-files.txt 2008-01-06 15:19:10 ComboFix2.txt 2008-01-06 04:06:08 . 2008-01-05 01:33:15 --- E O F ---

Profil

dr_Bora Poslao: 06 Jan 2008 22:10 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Citat:A gmer nesto nece,iskenira i onda mi zakuca svu memoriju. Jel normalno da gmer uzima 200 mb memorije? Probaćemo nešto drugo... Skini sledeci program: http://files.thespykiller.co.uk/catchme.exe Startuj ga i klikni na dugme Scan na prvom tabu. Kada skeniranje bude gotovo, priloži uz poruku file catchme.log koji će se nalaziti na desktopu (koristi opciju Prikači fajl). Koristiš li neki program za skrivanje file-ova/foldera?

Profil

pcelarko Poslao: 07 Jan 2008 00:00 Idi na vrh
offline pcelarko Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 20	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: Ne koristim nikakav program za skrivanje file-ova/foldera,sem ono klasicno hidden fajls i folders i to samo za folder od bekapa. Evo log mycity.rs/must-login.png

Profil

dr_Bora Poslao: 07 Jan 2008 00:19 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Primetiš li sada neke konkretne probleme?

Profil

pcelarko Poslao: 07 Jan 2008 01:47 Idi na vrh
offline pcelarko Novi MyCity građanin Pridružio: 05 Jan 2008 Poruke: 20	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Cini mi se da je sada ok. Fale mi neke ikonice iz start bara,nalazim nekoliko istih shortcutova u nekim folderima,jel to zbog tih virusa ? Uradio sam ponovo sken sa Spy Doktor i opet mi izbacuje da imam neke viruse. Koliko je sad taj sken pouzdan ? Nije mi jasno sta jede memoriju(imam 512 rama i do sada je pf usage bio oko 300 i nesto a sada je skoro 450 ) .

Profil

dr_Bora Poslao: 07 Jan 2008 10:06 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! pcelarko ::Fale mi neke ikonice iz start bara,nalazim nekoliko istih shortcutova u nekim folderima,jel to zbog tih virusa ? Malo verovatno... pcelarko ::Uradio sam ponovo sken sa Spy Doktor i opet mi izbacuje da imam neke viruse. Koliko je sad taj sken pouzdan ? Odradi ponovo skeniranje i sačuvaj logfile (ako je moguće). Potrebni su mi nazivi i lokacije file-ova koji su detektovani a ne samo nazivi detekcija. Jesi li pokušao da ukloniš to što Spyware Doctor pronađe?

Profil

MyCity » Ambulanta -> Arhiva Ambulante » please help ludi virusi

Ko je trenutno na forumu

Ukupno su 1072 korisnika na forumu :: 40 registrovanih, 6 sakrivenih i 1026 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: A.R.Chafee.Jr., bobomicek, bokisha253, Boris90, cavatina, dankisha, darionis, Denaya, Dežurni pod palubom, DonRumataEstorski, Faki-Valjevo, FOX, HrcAk47, indja, janbo, Kazablankasrb, kybonacci, MB120mm, Mcdado, mercedesamg, mikrimaus, milutin134, mkukoleca, mnn2, moldway, mrav pesadinac, nemkea71, nikoli_ca, novator, ObicanUser, pein, powSrb, Romibrat, sasa87, Silvertooth, Sirius, Tvrtko I, uruk, voja64, x9

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by