MyCity » Ambulanta -> Arhiva Ambulante » Task manager i registy editing has been disabled

Task manager i registy editing has been disabled

Napisano na dan: 25.1.2009

Strana:
1
2
3
4
5
6
7
8

Task manager i registy editing has been disabled

Pagination

Prethodna strana

Sledeća strana

Pagination

Odgovori

Strana:
1
2
3
4
5
6
7
8

veljko-94 Poslao: 30 Jan 2009 18:04 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: https://www.mycity.rs/must-login.png

Profil

dr_Bora Poslao: 30 Jan 2009 20:34 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Upakuj u arhivu (zip/rar) kompletan folder C:\qoobox\quarantine\Registry_backups i upload-uj ga preko sledećeg linka: http://www.mycity.rs/ambulanta-upload.php

Profil

veljko-94 Poslao: 30 Jan 2009 21:17 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! uploudovano

Profil

dr_Bora Poslao: 31 Jan 2009 19:21 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Izvini na čekanju... Sudeći po ovome što vidim, i dalje postoji virus na tvom kompjuteru. Jesi li raspoložen da probamo sa još nekim AV skenerom?

Profil

veljko-94 Poslao: 31 Jan 2009 19:36 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Da naravno

Profil

dr_Bora Poslao: 31 Jan 2009 19:46 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! http://downloads5.kaspersky-labs.com/devbuilds/AVPTool/ Skeniraj XP-ovu particiju i pokušaj log da sačuvaš...

Profil

veljko-94 Poslao: 31 Jan 2009 23:43 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Mislim da imamo jos veci problem xp je svoju zarazu dodelio i visti i windows 7-mici sad ni u jednom nece da se startuje task manager sad cu probati odavde da obavim to skeniranje Dopuna: 31 Jan 2009 23:43 Log se nije sacuvao komp se kad je kaspersky zavrsio restartovao u xp nem apobolsnaja sta cemo dalje

Profil

dr_Bora Poslao: 01 Feb 2009 08:25 Idi na vrh
offline dr_Bora Anti Malware Fighter Rank 2 Pridružio: 24 Jul 2007 Poruke: 12280 Gde živiš: Höganäs, SE	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Pa da li je nešto bilo detektovano? Postavi svež Gmer Rootkit/malware log kao i svež ComboFix log (skini novi ComboFix). Prvo odradi skeniranje Gmer-om.

Profil

veljko-94 Poslao: 01 Feb 2009 10:40 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! GMER 1.0.14.14536 - http://www.gmer.net Rootkit scan 2009-01-28 10:38:15 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.14 ---- SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xBA760818] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xBA7607D0] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xBA754A20] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xBA7552A8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xBA760910] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xBA760794] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xBA7552C8] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xBA760866] SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xBA7600B0] ---- Kernel code sections - GMER 1.0.14 ---- ? C:\WINDOWS\system32\drivers\jeleqn.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.14 ---- .text D:\live\Windows Live\Messenger\MSNMSGR.EXE[1896] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 0056DBBD D:\live\Windows Live\Messenger\MSNMSGR.EXE (Windows Live Messenger/Microsoft Corporation) .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2104] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[2560] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3284] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + 6 7C90D096 4 Bytes [ 25, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtCreateFile + B 7C90D09B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + 6 7C90D586 4 Bytes [ 65, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenFile + B 7C90D58B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + 6 7C90D5E6 4 Bytes [ A5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcess + B 7C90D5EB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + 6 7C90D5F6 4 Bytes [ E5, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessToken + B 7C90D5FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D606 4 Bytes [ A5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenProcessTokenEx + B 7C90D60B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + 6 7C90D646 4 Bytes [ 65, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThread + B 7C90D64B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + 6 7C90D656 4 Bytes [ 65, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadToken + B 7C90D65B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D666 4 Bytes [ E5, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtOpenThreadTokenEx + B 7C90D66B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + 6 7C90D6F6 4 Bytes [ A5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryAttributesFile + B 7C90D6FB 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D796 4 Bytes [ E5, 00, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtQueryFullAttributesFile + B 7C90D79B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + 6 7C90DC46 4 Bytes [ 25, 01, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationFile + B 7C90DC4B 1 Byte [ E2 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + 6 7C90DC96 4 Bytes [ 25, 02, 16, 00 ] .text C:\Documents and Settings\veljko™\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3544] ntdll.dll!NtSetInformationThread + B 7C90DC9B 1 Byte [ E2 ] ---- Devices - GMER 1.0.14 ---- Device \FileSystem\Ntfs \Ntfs 8A922180 Device \FileSystem\Fastfat \FatCdrom 8A2B8DF0 AttachedDevice \Driver\Tcpip \Device\Ip epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\Cdrom \Device\CdRom0 8A356608 Device \FileSystem\Rdbss \Device\FsWrap 8A2BB238 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\Cdrom \Device\CdRom1 8A356608 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 8A356B08 Device \Driver\atapi \Device\Ide\IdePort0 8A356B08 Device \Driver\atapi \Device\Ide\IdePort1 8A356B08 Device \Driver\atapi \Device\Ide\IdePort2 8A356B08 Device \Driver\atapi \Device\Ide\IdePort3 8A356B08 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-10 8A356B08 AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis) Device \Driver\usbhub \Device\00000092 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\00000093 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\00000094 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Srv \Device\LanmanServer 8A204478 Device \Driver\usbhub \Device\00000095 hcmon.sys (VMware USB monitor/VMware, Inc.) AttachedDevice \Driver\Tcpip \Device\Udp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) AttachedDevice \Driver\Tcpip \Device\RawIp epfwtdi.sys (Eset Personal Firewall TDI filter/ESET) Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbuhci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A639390 Device \Driver\usbehci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\MRxSmb \Device\LanmanRedirector 8A639390 Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Npfs \Device\NamedPipe 8A3687F8 Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Msfs \Device\Mailslot 8A368A08 Device \Driver\usbuhci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbehci \Device\USBFDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\usbhub \Device\0000008c hcmon.sys (VMware USB monitor/VMware, Inc.) Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 8A27A7A8 Device \Driver\d347prt \Device\Scsi\d347prt1 8A27A7A8 Device \Driver\usbhub \Device\0000008d hcmon.sys (VMware USB monitor/VMware, Inc.) Device \FileSystem\Fastfat \Fat 8A2B8DF0 Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer 8A626AE8 Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer 8A626AE8 Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer 8A626AE8 Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer 8A626AE8 Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer 8A626AE8 Device \FileSystem\Cdfs \Cdfs 8A464CB0 ---- Modules - GMER 1.0.14 ---- Module _________ BA5D0000-BA5E8000 (98304 bytes) ---- Registry - GMER 1.0.14 ---- Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF9 0x9E 0xD1 0x91 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xAD 0xBA 0xD2 0xA1 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x5C 0x0B 0xA5 0xF0 ... Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40 Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x19 0xD8 0x1A 0x54 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40 Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@khjeh 0x20 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z0 0x9C 0x27 0xD1 0x42 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z1 0x11 0x27 0x23 0x4C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z2 0x19 0x27 0xBB 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z3 0x01 0x27 0x56 0x51 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z4 0x08 0x27 0x4C 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z5 0x33 0x27 0x78 0x2D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z6 0x3A 0x27 0xCA 0x68 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z7 0x24 0x27 0x9E 0xE1 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z8 0x2E 0x27 0xF5 0xA0 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z9 0x28 0x27 0x8E 0xAE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z10 0x52 0x27 0x31 0x84 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z11 0x5C 0x27 0x01 0x37 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z12 0x59 0x27 0x1C 0xBE ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z13 0x43 0x27 0x3F 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z14 0x4C 0x27 0x24 0xDC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z15 0x49 0x27 0x98 0xFD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z16 0x72 0x27 0xDE 0x80 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z17 0x7F 0x27 0xE3 0xEB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z18 0x78 0x27 0xB7 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z19 0x65 0x27 0xE6 0x69 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z20 0x61 0x27 0xDD 0x8B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z21 0x6A 0x27 0xF9 0x13 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z22 0x96 0x27 0x62 0x86 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z23 0x93 0x27 0x6D 0x66 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z24 0x9F 0x27 0xE9 0x30 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z25 0x9B 0x27 0xDC 0xEC ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z26 0x87 0x27 0x9F 0x9D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z27 0x80 0x27 0xE7 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z28 0x8C 0x27 0xD0 0x33 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40@hj34z29 0x88 0x27 0x47

Profil

veljko-94 Poslao: 01 Feb 2009 10:55 Idi na vrh
offline veljko-94 Zaslužni građanin Veljko Pridružio: 29 Jul 2008 Poruke: 615 Gde živiš: Zemun	0Niko još nije pohvalio poruku. Registruj se da bi pohvalio/la poruku! Uloguj se preko Facebooka da bi skinuo fajl: sorry https://www.mycity.rs/must-login.png Dopuna: 01 Feb 2009 10:55 ComboFix 09-01-31.01 - veljko™ 2009-02-01 10:45:34.9 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1514 [GMT 1:00] Running from: c:\documents and settings\veljko™\Desktop\ComboFix.exe AV: ESET Smart Security 3.0 On-access scanning disabled (Updated) FW: ESET Personal firewall enabled * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_ASC3360PR -------\Service_asc3360pr ((((((((((((((((((((((((( Files Created from 2009-01-01 to 2009-02-01 ))))))))))))))))))))))))))))))) . 2009-01-30 16:09 . 2008-04-14 05:42 218,624 --a------ c:\windows\system32\uxtheme.uxtender 2009-01-30 15:37 . 2009-01-30 15:37 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Malwarebytes 2009-01-30 15:37 . 2009-01-30 15:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-30 15:37 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-30 15:37 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-30 14:08 . 2009-01-30 14:08 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard 2009-01-30 13:48 . 2009-01-30 13:48 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment 2009-01-30 02:00 . 2009-01-30 02:00 <DIR> d-------- C:\totalcmd 2009-01-29 21:47 . 2009-01-29 21:47 <DIR> d-------- C:\SureSupply 2009-01-29 21:47 . 2009-01-29 21:47 <DIR> d-------- C:\lj1010 series 2009-01-29 21:47 . 2009-01-29 21:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-29 21:43 . 2008-04-14 00:09 206,976 --a------ c:\windows\system32\drivers\Dot4.sys 2009-01-29 21:43 . 2008-04-14 00:09 206,976 --a--c--- c:\windows\system32\dllcache\dot4.sys 2009-01-29 21:43 . 2001-08-17 13:47 23,808 --a------ c:\windows\system32\drivers\Dot4usb.sys 2009-01-29 21:43 . 2001-08-17 13:47 23,808 --a--c--- c:\windows\system32\dllcache\dot4usb.sys 2009-01-29 21:43 . 2001-08-17 13:47 12,928 --a------ c:\windows\system32\drivers\Dot4Prt.sys 2009-01-29 21:43 . 2001-08-17 13:47 12,928 --a--c--- c:\windows\system32\dllcache\dot4prt.sys 2009-01-29 20:21 . 2009-01-29 20:21 <DIR> d-------- c:\program files\Flash Saver 2009-01-29 20:21 . 2005-03-29 08:34 246,784 --a------ c:\windows\system32\sqlite3.dll 2009-01-29 18:53 . 2009-01-29 18:53 <DIR> d-------- c:\windows\ServicePackFiles 2009-01-29 18:53 . 2008-04-14 05:42 294,912 -----c--- c:\windows\system32\dllcache\dlimport.exe 2009-01-29 18:50 . 2006-12-29 00:31 19,569 --a------ c:\windows\003451_.tmp 2009-01-29 18:42 . 2006-12-29 00:31 19,569 --a------ c:\windows\003452_.tmp 2009-01-29 18:14 . 2009-01-27 23:35 2,145,386,496 --a------ c:\windows\MEMORY.DMP 2009-01-28 20:57 . 2008-04-14 05:39 13,463,552 --a--c--- c:\windows\system32\dllcache\hwxjpn.dll 2009-01-28 20:56 . 2001-08-23 11:30 94,720 --a--c--- c:\windows\system32\dllcache\certmap.ocx 2009-01-28 20:56 . 2009-01-28 20:56 488 -rah----- c:\windows\system32\logonui.exe.manifest 2009-01-28 20:55 . 2001-08-23 11:30 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe 2009-01-28 20:55 . 2009-01-28 20:55 749 -rah----- c:\windows\WindowsShell.Manifest 2009-01-28 20:55 . 2009-01-28 20:55 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2009-01-28 20:55 . 2009-01-28 20:55 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2009-01-28 20:55 . 2009-01-28 20:55 749 -rah----- c:\windows\system32\nwc.cpl.manifest 2009-01-28 20:55 . 2009-01-28 20:55 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2009-01-28 20:44 . 2009-01-28 20:44 <DIR> d-------- c:\windows\AC54E5443E42443CA91DA00A6974C592.TMP 2009-01-28 16:49 . 2009-01-28 16:49 <DIR> d-------- c:\documents and settings\veljkoo\Application Data\ESET 2009-01-28 16:49 . 2009-01-28 16:49 <DIR> d-------- c:\documents and settings\veljkoo 2009-01-27 23:37 . 2009-01-27 23:37 <DIR> d-------- c:\documents and settings\veljkoo\Application Data\Yahoo! 2009-01-27 22:33 . 2009-01-27 22:33 45 --a------ c:\windows\system32\initdebug.nfo 2009-01-27 21:07 . 2009-01-27 21:07 <DIR> d-------- c:\documents and settings\veljko™\Application Data\COWON 2009-01-27 18:22 . 2009-01-28 10:14 250 --a------ c:\windows\gmer.ini 2009-01-27 18:03 . 2009-01-27 18:10 <DIR> d-------- c:\documents and settings\veljko™\Application Data\ColorCop 2009-01-27 16:07 . 2009-01-27 16:07 <DIR> d-------- c:\windows\45235788142C44BE8A4DDDE9A84492E5.TMP 2009-01-27 15:49 . 2009-01-27 15:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield 2009-01-27 15:42 . 2006-05-16 10:58 73,728 --a------ c:\windows\system32\ISUSPM.cpl 2009-01-27 14:46 . 2009-01-27 14:54 <DIR> d-------- c:\documents and settings\veljko™\Application Data\VMware 2009-01-27 14:46 . 2009-01-30 15:43 <DIR> d-------- c:\documents and settings\LocalService\Application Data\VMware 2009-01-27 14:45 . 2008-10-28 23:08 723,504 --a------ c:\windows\system32\vnetlib.dll 2009-01-27 14:45 . 2008-10-28 23:07 399,920 --a------ c:\windows\system32\vmnat.exe 2009-01-27 14:45 . 2008-10-28 23:08 326,192 --a------ c:\windows\system32\vmnetdhcp.exe 2009-01-27 14:45 . 2008-10-28 17:03 55,856 -ra------ c:\windows\system32\vnetinst.dll 2009-01-27 14:45 . 2008-10-28 17:03 50,736 --a------ c:\windows\system32\vmnetbridge.dll 2009-01-27 14:45 . 2008-10-28 17:03 31,280 -ra------ c:\windows\system32\drivers\vmnetbridge.sys 2009-01-27 14:45 . 2008-10-28 23:08 26,288 --a------ c:\windows\system32\drivers\vmnetuserif.sys 2009-01-27 14:45 . 2008-10-28 23:08 23,216 --a------ c:\windows\system32\drivers\VMkbd.sys 2009-01-27 14:45 . 2008-10-28 17:03 18,736 -ra------ c:\windows\system32\drivers\vmnet.sys 2009-01-27 14:45 . 2008-10-28 17:03 16,560 -ra------ c:\windows\system32\drivers\vmnetadapter.sys 2009-01-27 14:45 . 2009-01-27 14:45 1,024 --a------ C:\.rnd 2009-01-27 14:44 . 2009-02-01 10:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\VMware 2009-01-27 14:38 . 2009-01-28 05:57 407,552 --a------ C:\keygen.exe 2009-01-27 11:31 . 2009-01-27 11:31 <DIR> d-------- c:\program files\Auslogics 2009-01-27 11:31 . 2009-01-27 11:31 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Auslogics 2009-01-27 09:57 . 2009-01-27 10:02 <DIR> d-------- c:\documents and settings\veljko™\DoctorWeb 2009-01-27 09:57 . 2009-01-27 10:02 <DIR> d-------- c:\documents and settings\veljko™\DoctorWeb 2009-01-26 22:08 . 2009-01-26 22:08 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Publish Providers 2009-01-26 22:07 . 2009-01-26 22:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Sony 2009-01-25 10:36 . 2009-01-25 10:36 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Nero 2009-01-25 10:35 . 2009-01-25 10:35 <DIR> d-------- c:\program files\Common Files\Nero 2009-01-25 10:35 . 2006-03-17 15:49 368,640 --a------ c:\windows\system32\twnlib4.dll 2009-01-25 10:34 . 2009-01-25 10:35 <DIR> d-------- c:\program files\Nero 9 2009-01-25 10:05 . 2009-01-25 10:05 <DIR> d--h----- c:\windows\$hf_mig$ 2009-01-25 00:24 . 2009-01-25 00:24 <DIR> d--h----- C:\$AVG8.VAULT$ 2009-01-24 16:35 . 2009-01-24 16:35 <DIR> d-------- c:\windows\system32\NtmsData 2009-01-24 12:14 . 2009-01-27 20:06 <DIR> d-------- C:\NST 2009-01-24 12:04 . 2009-01-24 12:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ulead Systems 2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\program files\Print3D Corporation 2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\documents and settings\veljko™\Application Data\progeSOFT 2009-01-23 22:47 . 2009-01-23 22:47 <DIR> d-------- c:\documents and settings\All Users\progeSOFT 2009-01-23 22:47 . 2008-11-11 09:13 2,981,888 --a------ c:\windows\Print3DLib.dll 2009-01-23 22:47 . 2008-11-10 11:42 2,445,312 --a------ c:\windows\MeshLib.dll 2009-01-23 22:47 . 2008-11-10 11:19 2,412,544 --a------ c:\windows\CADViewerLib.dll 2009-01-23 22:47 . 2008-11-10 11:42 1,941,504 --a------ c:\windows\VTKLib.dll 2009-01-23 22:47 . 2008-11-10 11:24 1,236,992 --a------ c:\windows\SYCIO.dll 2009-01-23 22:47 . 2008-11-10 11:23 1,028,096 --a------ c:\windows\SYCGeo.dll 2009-01-23 22:47 . 2008-11-10 11:22 1,007,616 --a------ c:\windows\RPToolkit.dll 2009-01-23 22:47 . 2008-11-10 11:17 950,272 --a------ c:\windows\3DSLib.dll 2009-01-23 22:47 . 2008-11-10 11:23 483,328 --a------ c:\windows\SYCGUI.dll 2009-01-23 22:47 . 2008-11-10 11:26 143,360 --a------ c:\windows\ZipLib.dll 2009-01-23 22:47 . 2008-11-10 11:21 106,496 --a------ c:\windows\NetLib.dll 2009-01-23 22:47 . 2008-10-20 19:59 2,186 --a------ c:\windows\print3d.dat 2009-01-23 22:46 . 2009-01-23 22:46 <DIR> d-------- c:\program files\progeSOFT 2009-01-23 22:26 . 2009-01-24 11:24 34 --a------ c:\documents and settings\veljko™\jagex_runescape_preferences.dat 2009-01-23 22:26 . 2009-01-24 11:24 34 --a------ c:\documents and settings\veljko™\jagex_runescape_preferences.dat 2009-01-23 22:25 . 2009-01-23 22:25 <DIR> d-------- c:\windows\.jagex_cache_32 2009-01-23 21:18 . 2008-04-25 19:41 218,624 --a------ c:\windows\system32\uxtheme.dll.backup 2009-01-23 13:11 . 2009-01-23 13:11 <DIR> d-------- c:\documents and settings\veljko™\Application Data\KompoZer 2009-01-23 12:34 . 2009-01-25 11:50 <DIR> d-------- c:\program files\AutoCAD 2009 2009-01-23 11:25 . 2005-10-14 22:42 46,592 --a------ c:\windows\system32\hpzll43a.dll 2009-01-23 11:24 . 2009-01-23 11:24 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-01-23 11:24 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-23 11:19 . 2005-03-14 12:03 278,584 --a------ c:\windows\system32\HPZidr12.dll 2009-01-23 11:19 . 2005-03-14 12:05 204,800 --a------ c:\windows\system32\HPZipr12.dll 2009-01-23 11:19 . 2005-03-08 11:55 94,208 --a------ c:\windows\system32\HPZipt12.dll 2009-01-23 11:19 . 2005-03-14 12:05 69,632 --a------ c:\windows\system32\HPZipm12.exe 2009-01-23 11:19 . 2005-03-14 13:39 65,536 --a------ c:\windows\system32\HPZinw12.exe 2009-01-23 11:19 . 2005-03-08 11:55 57,344 --a------ c:\windows\system32\HPZisn12.dll 2009-01-23 11:18 . 2009-01-23 11:24 103,216 --a------ c:\windows\hpoins08.dat 2009-01-23 11:18 . 2005-09-10 00:28 98,304 --a------ c:\windows\system32\hpzjsn01.dll 2009-01-23 11:18 . 2006-01-24 22:03 4,445 --a------ c:\windows\hpomdl08.dat 2009-01-23 10:21 . 2009-01-27 11:42 <DIR> d-------- C:\tmp 2009-01-23 10:06 . 2009-01-23 10:12 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Vista Start Menu 2009-01-22 10:15 . 2009-01-22 10:15 <DIR> d-------- c:\documents and settings\veljko™\.borland 2009-01-22 10:15 . 2009-01-22 10:15 <DIR> d-------- c:\documents and settings\veljko™\.borland 2009-01-22 10:13 . 2009-01-22 10:13 <DIR> d-------- c:\program files\Delphi7SE 2009-01-22 09:43 . 2009-01-22 09:43 <DIR> d-------- c:\program files\VS Revo Group 2009-01-21 22:39 . 2008-02-22 17:20 676,224 --a------ c:\windows\system32\OGACheckControl.dll 2009-01-21 22:25 . 2009-01-21 22:25 <DIR> d-------- c:\program files\Windows Installer Clean Up 2009-01-21 22:24 . 2009-01-21 22:34 <DIR> d-------- c:\program files\MSECACHE 2009-01-21 19:22 . 2009-01-21 19:22 <DIR> d-------- c:\program files\NeoSmart Technologies 2009-01-20 10:52 . 2009-01-20 10:52 <DIR> d-------- c:\windows\vf_hip 2009-01-20 10:52 . 2009-01-20 11:45 <DIR> d-------- c:\program files\Hide IP Platinum 2009-01-20 10:52 . 2009-01-20 10:52 32 --a------ c:\windows\go 2009-01-20 10:49 . 2009-01-20 10:49 <DIR> d-------- c:\program files\Hide IP NG 2009-01-20 10:49 . 2009-01-20 10:49 <DIR> d-------- c:\documents and settings\veljko™\Application Data\Hide IP NG 2009-01-20 10:11 . 1998-10-29 16:45 306,688 --a------ c:\windows\IsUninst.exe 2009-01-20 10:11 . 2007-10-11 11:10 30,008 --a------ c:\windows\system32\drivers\ET5Drv.sys . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-30 16:43 --------- d-----w c:\documents and settings\veljko™\Application Data\MxBoost 2009-01-30 14:37 --------- d-----w c:\program files\Malwarebytes' Anti-Malware 2009-01-30 12:57 3,567 ----a-w c:\windows\wmplayer.reg 2009-01-29 20:47 --------- d-----w c:\program files\HP 2009-01-29 17:21 --------- d-----w c:\program files\SpeedFan 2009-01-28 07:10 159,744 ----a-r c:\windows\SoundMan.exe 2009-01-28 07:10 1,900,544 ----a-r c:\windows\SkyTel.exe 2009-01-27 17:26 --------- d-----w c:\program files\Garena 2009-01-27 17:03 --------- d-----w c:\program files\Color_Cop 2009-01-27 16:21 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-27 15:07 --------- d-----w c:\program files\Common Files\Wise Installation Wizard 2009-01-27 15:00 --------- d-----w c:\program files\nLite 2009-01-27 14:42 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-27 09:01 --------- d-----w c:\program files\HWiNFO32 2009-01-26 21:15 --------- d-----w c:\program files\Notepad++ 2009-01-26 21:08 --------- d-----w c:\documents and settings\veljko™\Application Data\Sony 2009-01-26 20:00 --------- d-----w c:\program files\Opera 2009-01-26 20:00 --------- d-----w c:\program files\Maxthon2 2009-01-26 20:00 --------- d-----w c:\program files\7-Zip 2009-01-26 19:22 --------- d-----w c:\program files\Common Files\Adobe 2009-01-25 09:36 --------- d-----w c:\program files\FrostWire 2009-01-25 09:32 --------- d-----w c:\program files\JetAudio 2009-01-25 09:23 --------- d-----w c:\program files\PowerISO 2009-01-23 11:36 --------- d-----w c:\program files\Common Files\Autodesk Shared 2009-01-23 09:06 --------- d-----w c:\program files\Vista Start Menu 2009-01-21 21:31 --------- d-----w c:\program files\MSBuild 2009-01-21 19:51 --------- d-----w c:\program files\Google 2009-01-20 09:11 --------- d-----w c:\program files\GIGABYTE 2009-01-20 09:10 16,608 ----a-w c:\windows\gdrv.sys 2009-01-19 04:14 --------- d-----w c:\documents and settings\All Users\Application Data\Autodesk 2009-01-18 16:08 51,649 ----a-w c:\windows\BricoPackUninst.cmd 2009-01-17 08:28 --------- d-----w c:\documents and settings\veljko™\Application Data\Autodesk 2009-01-15 03:22 --------- d-----w c:\program files\CoreFTP 2009-01-14 22:27 --------- d-----w c:\documents and settings\veljko™\Application Data\BitTorrent 2009-01-14 04:06 --------- d-----w c:\documents and settings\veljko™\Application Data\FileZilla 2009-01-11 20:31 --------- d-----w c:\program files\CCleaner 2009-01-11 07:37 --------- d-----w c:\program files\AutoCAD 2007 2009-01-11 07:35 832 ----a-w c:\program files\Google - Shortcut.lnk 2009-01-10 17:55 43,968 ----a-w c:\windows\system32\drivers\eusk3usb.sys 2009-01-06 13:55 --------- d-----w c:\program files\Microsoft Visual Studio 9.0 2009-01-06 13:48 --------- d-----w c:\program files\Microsoft SQL Server 2009-01-06 13:40 --------- d-----w c:\program files\Microsoft Silverlight 2009-01-06 08:06 --------- d-----w c:\program files\Flock 2009-01-04 15:19 --------- d-----w c:\program files\Ultra DVD Creator 2009-01-04 15:17 --------- d-----w c:\program files\Total Commander XP 2009-01-04 15:16 --------- d-----w c:\program files\Ahead 2009-01-04 15:15 --------- d-----w c:\program files\CorelDraw X3 Portable 2009-01-04 12:56 --------- d-----w c:\program files\Rockstar Games 2009-01-03 08:52 --------- d-----w c:\program files\ViStart 2009-01-02 18:07 --------- d-----w c:\program files\Intel 2009-01-01 18:02 --------- d-----w c:\documents and settings\veljko™\Application Data\ImgBurn 2008-12-30 19:20 --------- d-----w c:\program files\D-Tools 2008-12-30 12:42 --------- d-----w c:\program files\Mozilla Thunderbird 2008-12-30 08:31 --------- d-----w c:\documents and settings\veljko™\Application Data\mIRC 2008-12-30 08:25 --------- d-----w c:\program files\mIRC 2008-12-30 07:07 --------- d-----w c:\program files\RocketDock 2008-12-29 11:45 --------- d-----w c:\documents and settings\veljko™\Application Data\ViStart 2008-12-27 19:45 --------- d-----w c:\program files\Common Files\DVDVideoSoft 2008-12-27 19:24 --------- d-----w c:\program files\Yahoo! 2008-12-27 18:01 --------- d-----w c:\documents and settings\veljko™\Application Data\Acronis 2008-12-27 12:14 1 ----a-w c:\documents and settings\veljko™\setup.dat 2008-12-27 12:14 1 ----a-w c:\documents and settings\veljko™\setup.dat 2008-12-27 12:14 0 ----a-w c:\documents and settings\veljko™\info.dat 2008-12-27 12:14 0 ----a-w c:\documents and settings\veljko™\info.dat 2008-12-27 12:13 158 ----a-w c:\documents and settings\veljko™\tl_info.dat 2008-12-27 12:13 158 ----a-w c:\documents and settings\veljko™\tl_info.dat 2008-12-27 10:10 --------- d-----w c:\documents and settings\veljko™\Application Data\FrostWire 2008-12-27 09:04 --------- d-----w c:\program files\FileSubmit 2008-12-27 07:54 --------- d-----w c:\program files\Advanced Find and Replace 4 2008-12-27 07:54 --------- d-----w c:\documents and settings\veljko™\Application Data\Advanced Find and Replace 4 2008-12-26 07:42 --------- d-----w c:\documents and settings\veljko™\Application Data\Yahoo! 2008-12-26 07:42 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion 2008-12-25 12:08 --------- d-----w c:\program files\AnswerWorks 4.0 2008-12-25 08:07 --------- d--h--r c:\documents and settings\veljko™\Application Data\SecuROM 2008-12-24 17:18 --------- d-----w c:\documents and settings\veljko™\Application Data\Media Player Classic 2008-12-24 09:19 --------- d-----w c:\program files\K-Lite Codec Pack 2008-12-23 16:55 --------- d-----w c:\program files\Defraggler 2008-12-23 16:24 --------- d-----w c:\program files\Styler 2008-12-23 16:24 --------- d-----w c:\documents and settings\veljko™\Application Data\Styler 2008-12-23 11:51 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2008-12-23 09:45 --------- d-----w c:\documents and settings\veljko™\Application Data\Mount&Blade 2008-12-23 09:40 --------- d-----w c:\program files\Mount&Blade 2008-12-21 12:24 --------- d-----w c:\program files\NetLimiter 2 Monitor 2008-12-21 12:24 --------- d-----w c:\documents and settings\veljko™\Application Data\Locktime 2008-12-21 12:24 --------- d-----w c:\documents and settings\All Users\Application Data\Locktime 2008-12-21 11:10 --------- d-----w c:\program files\Mini recnik 2008-12-21 11:04 --------- d-----w c:\program files\Free IP Switcher 2008-12-20 12:35 --------- d-----w c:\program files\Smart Projects 2008-12-19 20:38 --------- d-----w c:\program files\DScaler 2008-12-19 20:13 --------- d-----w c:\program files\Common Files\Ulead Systems 2008-12-19 16:47 --------- d-----w c:\program files\Ad Muncher 2008-12-19 16:47 --------- d-----w c:\documents and settings\All Users\Application Data\Ad Muncher 2008-12-19 15:45 --------- d-----w c:\documents and settings\veljko™\Application Data\Activision 2008-12-19 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Activision 2008-12-18 21:48 --------- d-----w c:\program files\The KMPlayer 2008-12-18 20:58 --------- d-----w c:\documents and settings\veljko™\Application Data\Skype 2008-12-18 20:57 --------- d-----w c:\documents and settings\veljko™\Application Data\DAEMON Tools 2008-12-18 20:56 --------- d-----w c:\documents and settings\veljko™\Application Data\Launchy 2008-12-18 20:56 --------- d-----w c:\documents and settings\LocalService\Application Data\Acronis 2008-12-18 20:21 --------- d-----w c:\documents and settings\All Users\Application Data\Codemasters . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2}"= "c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL" [2008-12-18 66912] [HKEY_CLASSES_ROOT\clsid\{0579b4b6-0293-4d73-b02d-5ebb0ba0f0a2}] [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}] 2008-12-18 20:23 66912 --a------ c:\program files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="d:\live\Windows Live\Messenger\MSNMSGR.EXE" [2007-10-18 6005760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-03 44544] c:\documents and settings\veljkoT\Start Menu\Programs\Startup\ TaskBarTransparent.exe.lnk - c:\documents and settings\veljkoT\Desktop\TaskBarTransparent.exe [2009-01-27 45056] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableTaskMgr"= 1 (0x1) "DisableRegistryTools"= 1 (0x1) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\MCPClient] 2005-01-31 15:13 49152 c:\progra~1\COMMON~1\Stardock\MCPStub.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv] 2008-04-29 21:58 210168 c:\program files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.divxa32"= msaud32_divx.acm "msacm.l3fhg"= mp3fhg.acm "VIDC.X264"= x264vfw.dll "VIDC.HFYU"= huffyuv.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck xmnt2002 /bat=c:\windows\TEMP\PQ_BATCH.PQB /win=c:\windows /dbg=c:\WINDOWS\TEMP\PQ_DEBUG.TXT /ver=262144 /prd=PartitionMagic\0autocheck autochk * SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system] @="Driver Group" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}] @="DiskDrive" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}] @="Hdc" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}] @="Keyboard" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}] @="Mouse" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}] @="System" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}] @="Volume" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Launchy.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Launchy.lnk backup=c:\windows\pss\Launchy.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk] path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^RocketDock.lnk] path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\RocketDock.lnk backup=c:\windows\pss\RocketDock.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^Styler.lnk] path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\Styler.lnk backup=c:\windows\pss\Styler.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^veljko™^Start Menu^Programs^Startup^Yahoo! Widgets.lnk] path=c:\documents and settings\veljko™\Start Menu\Programs\Startup\Yahoo! Widgets.lnk backup=c:\windows\pss\Yahoo! Widgets.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViStart] c:\program files\ViStart\ViStart [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\36X Raid Configurer] -ra------ 2007-08-29 09:55 1966080 c:\windows\system32\xRaidSetup.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0] --a------ 2009-01-28 06:25 710008 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service] --a------ 2007-10-30 20:07 140568 c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor] --a------ 2007-10-30 20:11 909208 c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher] --a------ 2009-01-28 06:25 106864 c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] --a------ 2008-06-12 01:38 34672 c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager] --a------ 2008-08-14 07:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASuite] --a------ 2008-05-24 21:26 457728 d:\lupo pensuite v6.70 full\Launcher\ASuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] --a------ 2008-12-18 18:56 342848 c:\program files\DNA\btdna.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2008-04-14 05:42 15360 c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033] --a------ 2004-08-22 17:05 81920 c:\program files\D-Tools\daemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DesktopX] --a------ 2009-01-28 07:46 530944 c:\progra~1\OBJECT~1\DesktopX\DesktopX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyTuneVPro] --a------ 2007-07-26 15:05 20480 c:\program files\GIGABYTE\ET5Pro\ETcall.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\egui] --a------ 2009-01-28 07:05 1529088 c:\program files\ESET\ESET Smart Security\egui.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GEST] --a------ 2007-12-14 11:46 236040 c:\program files\GIGABYTE\GEST\run.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] --a----t- 2009-01-28 06:11 206832 c:\documents and settings\veljko™\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JMB36X IDE Setup] -ra------ 2007-03-20 07:36 36864 c:\windows\RaidTool\xInsIDE.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] --a------ 2007-10-18 02:34 6005760 d:\live\Windows Live\Messenger\MSNMSGR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] --a------ 2001-07-09 11:50 155648 c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon] --a------ 2008-11-12 14:54 13672448 c:\windows\system32\nvcpl.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter] --a------ 2008-11-12 14:54 86016 c:\windows\system32\nvmctray.dll [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE] --a------ 2008-11-02 09:38 167936 c:\program files\PowerISO\PWRISOVM.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RGSC] --a------ 2009-01-05 14:53 306088 c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RocketDock] --a------ 2007-09-02 13:58 495616 c:\program files\RocketDock\RocketDock.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] -ra------ 2008-07-23 13:11 21738792 c:\program files\Skype\Phone\Skype.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-12-18 22:25 136600 c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe] --a------ 2007-10-30 20:06 2595616 c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vista Rainbar] --a------ 2006-01-21 12:41 118784 c:\program files\Vista Rainbar\Rainmeter.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VistaStartMenu] --a------ 2008-10-08 21:19 2145792 c:\program files\Vista Start Menu\VistaStartMenu.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFast Schedule] --a------ 2007-11-15 15:55 2850816 c:\program files\WinFast\WFDTV\WFWIZ.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFastDTV] --a------ 2007-11-16 16:13 90112 c:\program files\WinFast\WFDTV\DTVSchdl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr] --a------ 2005-05-03 11:43 172032 c:\windows\ALCMTR.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz] --a------ 2009-01-28 08:21 1699840 c:\windows\system32\nwiz.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] -ra------ 2007-09-19 11:14 16844800 c:\windows\RTHDCPL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "FLEXnet Licensing Service"=3 (0x3) "TuneUp.ProgramStatisticsSvc"=2 (0x2) "TuneUp.Defrag"=3 (0x3) "WMPNetworkSvc"=3 (0x3) "NVSvc"=2 (0x2) "GEST Service"=3 (0x3) "TryAndDecideService"=2 (0x2) "PnkBstrB"=2 (0x2) "PnkBstrA"=2 (0x2) "idsvc"=3 (0x3) "AcrSch2Svc"=2 (0x2) "JavaQuickStarterService"=2 (0x2) "UleadBurningHelper"=2 (0x2) "nlsvc"=2 (0x2) "Autodesk Licensing Service"=3 (0x3) "ose"=3 (0x3) "odserv"=3 (0x3) "Microsoft Office Groove Audit Service"=3 (0x3) "SQLWriter"=2 (0x2) "MSSQL$SQLEXPRESS"=2 (0x2) "PSI_SVC_2"=2 (0x2) "mi-raysat_3dsMax2009_32"=2 (0x2) "gusvc"=3 (0x3) "Pml Driver HPZ12"=2 (0x2) "ekrn"=2 (0x2) "EhttpSrv"=3 (0x3) "VMware NAT Service"=2 (0x2) "VMAuthdService"=2 (0x2) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "c:\\Program Files\\Autodesk\\Backburner\\manager.exe"= "c:\\Program Files\\Autodesk\\Backburner\\monitor.exe"= "c:\\Program Files\\Autodesk\\Backburner\\server.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\Autodesk\\3ds Max 2009\\3dsmax.exe"= "e:\\Program Files\\EA Games\\Mirror's Edge\\Binaries\\MirrorsEdge.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\PROGRA~1\\COMMON~1\\Stardock\\SDMCP.exe"= "c:\\WINDOWS\\system32\\userinit.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "d:\\live\\Windows Live\\Messenger\\msnmsgr.exe"= d:\\live\\Windows Live\\Messenger\\MSNMSGR.EXE "c:\\Program Files\\ESET\\ESET Smart Security\\egui.exe"= "c:\\Program Files\\Valve\\hl.exe"= "c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"= "c:\\WINDOWS\\VFIND.exe"= "c:\\Program Files\\JetAudio\\jetAudio.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\WINDOWS\\system32\\nwiz.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\7-Zip\\7zFM.exe"= "d:\\Program Files\\wow wolk\\Launcher.exe"= "c:\\Documents and Settings\\veljko™\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"= "c:\\Documents and Settings\\veljko™\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"= "d:\\vazno\\Instalacije\\Sony Vegas Pro 8.0a build 179 Corporate\\SonyVegasPro80a-ce_enu.exe"= "c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\1_1_3_0\\RGSC.exe"= "d:\\Program Files\\THQ\\Juiced2_HIN\\Juiced2_HIN.exe"= "d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main.exe"= "d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2main_amdxp.exe"= "d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwupdate.exe"= "d:\\Program Files\\Atari\\Neverwinter Nights 2\\nwn2server.exe"= "c:\\Program Files\\Adobe\\Acrobat 9.0\\Acrobat\\AcroTray.exe"= "c:\\Program Files\\Adobe\\Adobe InDesign CS4\\InDesign.exe"= "c:\\DOCUME~1\\VELJKO~1\\LOCALS~1\\Temp\\ycnu.exe"= "c:\\DOCUME~1\\VELJKO~1\\LOCALS~1\\Temp\\wineqvus.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5353:TCP"= 5353:TCP:Adobe CSI CS4 R1 nltdi;nltdi;c:\windows\system32\drivers\nltdi.sys [2007-04-23 81688] R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-12-18 100368] R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-12-18 41680] R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\jeleqn.sys --> c:\windows\system32\drivers\jeleqn.sys [?] R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2008-12-27 81360] R4 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [2008-12-18 16872] R4 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2008-09-18 54960] S3 GarenaPEngine;GarenaPEngine;\??\c:\docume~1\VELJKO~1\LOCALS~1\Temp\BDK2B2.tmp --> c:\docume~1\VELJKO~1\LOCALS~1\Temp\BDK2B2.tmp [?] S3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFDTV\WFIOCTL.sys [2008-12-18 9446] S4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224] S4 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-12-18 47624] S4 mi-raysat_3dsMax2009_32;mental ray 3.6 Satellite for Autodesk 3ds Max 2009 32-bit 32-bit;c:\program files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [2008-03-10 65536] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2008-07-10 47128] S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-07-10 242712] S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-10 369688] S4 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2008-12-18 603904] --- Other Services/Drivers In Memory --- NewlyCreated - ASC3360PR [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7fd71de3-d3eb-11dd-872a-001d7dd11df6}] \shell\AuToPLAy\coMmand - J:\xldvjv.cmd \shell\AutoRun\command - J:\xldvjv.cmd \shell\explORE\CommanD - J:\xldvjv.cmd \shell\oPEn\cOMmAnd - J:\xldvjv.cmd . Contents of the 'Scheduled Tasks' folder 2009-02-01 c:\windows\Tasks\1-Click Maintenance.job - c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2008-11-20 16:28] 2009-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57989841-838170752-839522115-1003.job - c:\documents and settings\veljko [] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/http://www.yahoo.com IE: &Save Flash In This Page by Flash Saver - c:\progra~1\FLASHS~1\save.htm IE: &UÊ¹ÓÃÄÉÃ×»úÆ÷ÈËÏÂÔØ²¢ÊÕ²Ø - c:\program files\NamiRobot\Data\du.html IE: &U???????????? - c:\program files\NamiRobot\Data\du.html IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll Name-Space Handler: ftp\ - {419A0123-4312-1122-A0C0-434FDA6DA542} - c:\program files\CoreFTP\pftpns.dll FF - ProfilePath - c:\documents and settings\veljko™\Application Data\Mozilla\Firefox\Profiles\e5ru52ze.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.blingmysearch.com/bms/google/veljko FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll . ************************************************************************ catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-01 10:48:56 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\GarenaPEngine] "ImagePath"="\??\c:\docume~1\VELJKO~1\LOCALS~1\Temp\BDK2B2.tmp" . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1960) c:\progra~1\COMMON~1\Stardock\mcpstub.dll c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll c:\program files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - - - - - - - > 'lsass.exe'(2016) c:\windows\system32\relog_ap.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\vmnetdhcp.exe c:\progra~1\COMMON~1\Stardock\SDMCP.exe c:\documents and settings\veljkoc:\documents and settings\veljkoc:\documents and settings\veljkoc:\windows\system32\wbem\wmiprvse.exe c:\docume~1\VELJKO~1\LOCALS~1\temp\ycnu.exe c:\docume~1\VELJKO~1\LOCALS~1\temp\cnoruk.exe . ************************************************************************ . Completion time: 2009-02-01 10:52:35 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-01 09:52:33 ComboFix2.txt 2009-01-26 16:59:06 Pre-Run: 2,895,339,520 bytes free Post-Run: 2,751,348,736 bytes free Current=3 Default=3 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6 564

Profil

MyCity » Ambulanta -> Arhiva Ambulante » Task manager i registy editing has been disabled

Ko je trenutno na forumu

Ukupno su 932 korisnika na forumu :: 24 registrovanih, 3 sakrivenih i 905 gosta :: [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:: Korisnici trenutno na forumu: Andrija357, bokisha253, comi_pfc, darkangel, Denaya, doloress, DPera, dragoljub11987, Joja2, Kenanjoz, kikisp, Kriglord, Leonov, LUDI, m0nstrum_, mačković, okopanja, oldtimer, ozzy, Povratak1912, Rema000, Vl veliki, Vlad000, Živković

Svaki korisnik ovog sajta je odgovoran za sadržaj svoje poruke koju objavi na sajtu. Sajt se odriče svake odgovornosti za sadržaj tih poruka.
Postavljanjem vaše poruke ili vašeg autorskog dela na ovaj sajt, saglasni ste da ovaj sajt postaje distributer vašeg dela, i odričete se mogućnosti njegovog povlačenja ili brisanja, bez saglasnosti uprave sajta.
Distribucija sadržaja sa ovog sajta je dozvoljena samo u nekomercijalne svrhe, uz obaveznu napomenu da je sadržaj preuzet sa ovog sajta, i uz obavezno navođenje adrese MyCity sajta. Za sve ostale vidove distribucije obavezni ste da prethodno zatražite odobrenje od vlasnika MyCity sajta.
MyCity pokrenuo, administrira i razvija Predrag Damnjanović, a o uređenju sajta se brine MyCity Tim.
Ukoliko želite da nas kontaktirate kliknite ovde.
Naši sajtovi:
Vesti, Vojni forum, Zaštita od virusa, TekstPesme.rs

This content is licensed under a Creative Commons License.
Based on phpBB 2, translated by Simke, designed by