msn i email problem

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

evo odradio sam kako si rekao... ali samo za flesh... za mobilne telefone (imam 2) nece da ocita ... sta sada ?

USB_blocker by bobby

Started at 7/30/2008 9:19:27 AM

Scanning for connected USB Mass storage...
========================================
========================================
Scanning for other storage...
========================================
C: c6436992-1e95-11dd-a278-806d6172696f
D: c6436993-1e95-11dd-a278-806d6172696f
E: c6436994-1e95-11dd-a278-806d6172696f
G: fd179d38-1f17-11dd-a4d0-806d6172696f
H: fd179d39-1f17-11dd-a4d0-806d6172696f
========================================



New device connected at 7/30/2008 9:19:34 AM

Scanning for connected USB Mass storage...
========================================
I: 8f7666c8-4d03-11dd-a568-98ceff50763d
========================================

Scanning USB mass storage for autorun.inf and desktop.ini files...
========================================

autorun.inf found on I:
File I:\autorun.inf renamed successfully
Sanitizing Shell Menu...
Sanitized 8f7666c8-4d03-11dd-a568-98ceff50763d
========================================

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Gore sam mislio na to da ComboFix log nije kompletan, fali vise od pola loga.

Ajmo sada da se zadrzimo na USB_blockeru.

- startuj
- na Monitor tabu ostaje selektovan Auto block
- ubaci flesh drajv
- prebaci se na Scan removable drives tab
- stikliraj List all files
- klikni na Scan dugme
- kada zavrsi skeniranje ponovo snimi log (kao i malopre) i iskopiraj ga u poruku na forumu

Kada to zavrsis, pronadji ComboFix log na c:\Combofix.txt, otvori ga u Notepadu i iskopiraj mi ovde kompletan log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

opet nece... sad kaze da izaberem drive za skeniranje ..
izgleda da ne moze da procita...

Dopuna: 01 Avg 2008 3:07

evo celog loga, sorry mojaa greska

ComboFix 08-07-26.1 - Sancez 2008-07-30 6:46:51.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.206 [GMT -7:00]
Running from: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\fss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\fss.exe

.
((((((((((((((((((((((((( Files Created from 2008-06-28 to 2008-07-30 )))))))))))))))))))))))))))))))
.

2008-07-29 11:21 . 2008-07-29 11:21 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-25 16:24 . 2008-07-25 16:24 268 --ah----- C:\sqmdata12.sqm
2008-07-25 16:24 . 2008-07-25 16:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-25 08:52 . 2008-07-25 08:52 268 --ah----- C:\sqmdata11.sqm
2008-07-25 08:52 . 2008-07-25 08:52 244 --ah----- C:\sqmnoopt11.sqm
2008-07-24 21:48 . 2008-07-24 21:48 268 --ah----- C:\sqmdata10.sqm
2008-07-24 21:48 . 2008-07-24 21:48 244 --ah----- C:\sqmnoopt10.sqm
2008-07-24 12:17 . 2008-07-24 12:17 268 --ah----- C:\sqmdata09.sqm
2008-07-24 12:17 . 2008-07-24 12:17 244 --ah----- C:\sqmnoopt09.sqm
2008-07-24 10:33 . 2008-07-24 10:33 268 --ah----- C:\sqmdata08.sqm
2008-07-24 10:33 . 2008-07-24 10:33 244 --ah----- C:\sqmnoopt08.sqm
2008-07-22 21:41 . 2008-07-22 21:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Program Files\MySpace
2008-07-22 21:14 . 2008-07-22 21:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\MySpace
2008-07-19 17:43 . 2008-07-19 17:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-19 17:41 . 2008-07-19 17:44 <DIR> d-------- C:\Program Files\TryFastMessenger
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-17 17:53 . 2008-07-17 17:53 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-07-17 13:07 . 2008-07-17 13:07 <DIR> d--hs---- C:\Documents and Settings\Sancez\Phone Browser
2008-07-17 05:01 . 2008-07-17 05:01 <DIR> d-------- C:\Program Files\Digimarc
2008-07-16 21:52 . 2008-07-16 21:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 08:17 . 2008-07-16 08:37 34 --a------ C:\WINDOWS\cdplayer.ini
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Program Files\Audiograbber
2008-07-16 08:14 . 2008-07-16 08:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\AD ON Multimedia
2008-07-16 07:58 . 2008-07-16 07:58 286,720 --------- C:\WINDOWS\Setup1.exe
2008-07-16 07:58 . 2008-07-16 07:58 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-15 15:50 . 2008-07-19 17:17 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 White
2008-07-10 11:01 . 2008-07-19 17:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-10 07:31 . 2008-07-10 07:31 <DIR> d-------- C:\Program Files\Recnik20
2008-07-08 22:01 . 2008-07-08 22:01 268 --ah----- C:\sqmdata07.sqm
2008-07-08 22:01 . 2008-07-08 22:01 244 --ah----- C:\sqmnoopt07.sqm
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-08 12:20 . 2008-07-08 12:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-08 08:34 . 2008-07-08 08:34 268 --ah----- C:\sqmdata06.sqm
2008-07-08 08:34 . 2008-07-08 08:34 244 --ah----- C:\sqmnoopt06.sqm
2008-07-08 07:49 . 2008-07-08 07:49 268 --ah----- C:\sqmdata05.sqm
2008-07-08 07:49 . 2008-07-08 07:49 244 --ah----- C:\sqmnoopt05.sqm
2008-07-07 22:05 . 2008-07-07 22:05 268 --ah----- C:\sqmdata04.sqm
2008-07-07 22:05 . 2008-07-07 22:05 244 --ah----- C:\sqmnoopt04.sqm
2008-07-07 15:28 . 2008-07-07 15:28 268 --ah----- C:\sqmdata03.sqm
2008-07-07 15:28 . 2008-07-07 15:28 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 12:18 . 2008-07-07 12:18 268 --ah----- C:\sqmdata02.sqm
2008-07-07 12:18 . 2008-07-07 12:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-03 09:30 . 2008-07-03 09:31 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-03 04:09 . 2008-07-03 04:09 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\Media Player Classic
2008-06-30 07:50 . 2004-08-04 00:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-06-30 07:50 . 2001-08-17 22:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll
2008-06-28 02:26 . 2008-06-28 02:26 <DIR> d-------- C:\Program Files\Sweet Home 3D
2008-06-23 04:43 . 2008-06-23 04:43 268 --ah----- C:\sqmdata01.sqm
2008-06-23 04:43 . 2008-06-23 04:43 244 --ah----- C:\sqmnoopt01.sqm
2008-06-23 02:48 . 2008-06-23 02:48 268 --ah----- C:\sqmdata00.sqm
2008-06-23 02:48 . 2008-06-23 02:48 244 --ah----- C:\sqmnoopt00.sqm
2008-06-22 15:42 . 2008-07-16 05:34 921,632 --a------ C:\PA207.DAT
2008-06-14 17:44 . 2008-07-19 17:20 <DIR> d-------- C:\Documents and Settings\Sancez\Shared
2008-06-14 17:44 . 2008-07-19 17:20 <DIR> d-------- C:\Documents and Settings\Sancez\Incomplete
2008-06-14 17:44 . 2008-06-15 01:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\LimeWire
2008-06-12 10:42 . 2008-04-22 21:16 6,066,176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-06-12 10:42 . 2007-04-17 02:32 2,455,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-06-12 10:42 . 2007-03-07 22:10 991,232 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-06-12 10:42 . 2008-04-22 21:16 459,264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-06-12 10:42 . 2008-04-22 21:16 383,488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-06-12 10:42 . 2008-04-22 21:16 267,776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-06-12 10:42 . 2008-04-22 21:16 63,488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-06-12 10:42 . 2008-04-22 21:16 52,224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-06-12 10:42 . 2008-04-22 00:39 13,824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-11 01:04 . 2008-06-13 06:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 01:04 . 2008-06-13 06:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-30 12:32 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AVG7
2008-07-23 05:25 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-07-20 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 00:53 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AdobeUM
2008-07-17 04:53 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-17 04:50 --------- d-----w C:\Program Files\Windows Live
2008-07-09 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-11 00:18 --------- d-----w C:\Program Files\Call Corder 2
2008-06-10 07:11 --------- d-----w C:\Documents and Settings\Sancez\Application Data\HP
2008-06-04 07:46 --------- d-----w C:\Program Files\Mv2Player
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 13:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 15:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 11:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-26 18:41 1232896]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 12:53 1079808]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-22 22:22 579584]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 06:01 46592 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 11:01 319488]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40 155648]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-07-22 22:22 579584]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 16:24 54840]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 06:01 46592 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-17 16:27 9117696]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-07-22 21:44 219136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-08 12:20:11 113664]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 PAC207;i-Look 111;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-29 16:32]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c43ab00-532f-11dd-a587-0018682d9e53}]
\Shell\AutoRun\command - gjn2pjlw.exe
\Shell\explore\Command - gjn2pjlw.exe
\Shell\open\Command - gjn2pjlw.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
2008-07-30 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!;2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXESancez0;< []
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run_CF-Skype - C:\Program Files\Skype\Phone\Skype.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-07-30 06:49:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-07-30 6:50:33
ComboFix-quarantined-files.txt 2008-07-30 13:50:19
ComboFix2.txt 2008-07-27 11:20:14

Pre-Run: 5,975,564,288 bytes free
Post-Run: 5,971,525,632 bytes free

192 --- E O F --- 2008-07-20 03:25:33

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

marko_kg ::opet nece... sad kaze da izaberem drive za skeniranje ..
izgleda da ne moze da procita...

Klikni prvo gore levo na oznaku particije, pa onda klikni Scan.

Kada to uradis, napravi novi ComboFix log i iskopiraj ga u sledecu poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne pokazuje mi nista u gornjem levom uglu ...

evo novog loga ....
.....

ComboFix 08-07-26.1 - Sancez 2008-08-01 20:05:21.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.201 [GMT 2:00]
Running from: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\fss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Sancez\Local Settings\Application Data\lsass.exe
C:\WINDOWS\system32\wmdrtc32.dl_
C:\WINDOWS\system32\wmdrtc32.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 20:08 . 2008-08-01 20:08 40,960 --a------ C:\WINDOWS\system32\wmdrtc32.dll
2008-08-01 16:31 . 2006-04-24 03:30 88,064 -ra------ C:\Documents and Settings\Sancez\Application Data\explorer.exe
2008-08-01 16:31 . 2008-08-01 20:09 5,477 --a------ C:\WINDOWS\system32\drivers\gonolm.sys
2008-08-01 13:12 . 2008-08-01 13:12 0 --a------ C:\WINDOWS\ui.INI
2008-08-01 08:34 . 2008-08-01 08:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-31 20:20 . 2008-07-31 20:27 <DIR> d-------- C:\Program Files\Trillian
2008-07-29 20:21 . 2008-07-29 20:21 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-26 01:24 . 2008-07-26 01:24 268 --ah----- C:\sqmdata12.sqm
2008-07-26 01:24 . 2008-07-26 01:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-25 17:52 . 2008-07-25 17:52 268 --ah----- C:\sqmdata11.sqm
2008-07-25 17:52 . 2008-07-25 17:52 244 --ah----- C:\sqmnoopt11.sqm
2008-07-25 06:48 . 2008-07-25 06:48 268 --ah----- C:\sqmdata10.sqm
2008-07-25 06:48 . 2008-07-25 06:48 244 --ah----- C:\sqmnoopt10.sqm
2008-07-24 21:17 . 2008-07-24 21:17 268 --ah----- C:\sqmdata09.sqm
2008-07-24 21:17 . 2008-07-24 21:17 244 --ah----- C:\sqmnoopt09.sqm
2008-07-24 19:33 . 2008-07-24 19:33 268 --ah----- C:\sqmdata08.sqm
2008-07-24 19:33 . 2008-07-24 19:33 244 --ah----- C:\sqmnoopt08.sqm
2008-07-23 06:14 . 2008-07-23 06:14 <DIR> d-------- C:\Program Files\MySpace
2008-07-23 06:14 . 2008-07-23 06:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\MySpace
2008-07-20 02:43 . 2008-07-20 02:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-20 02:41 . 2008-07-20 02:44 <DIR> d-------- C:\Program Files\TryFastMessenger
2008-07-18 02:53 . 2008-07-18 02:53 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-18 02:53 . 2008-07-18 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-18 02:53 . 2008-07-18 02:53 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-07-17 22:07 . 2008-07-17 22:07 <DIR> d--hs---- C:\Documents and Settings\Sancez\Phone Browser
2008-07-17 14:01 . 2008-07-17 14:01 <DIR> d-------- C:\Program Files\Digimarc
2008-07-17 06:52 . 2008-07-17 06:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 17:17 . 2008-07-16 17:37 34 --a------ C:\WINDOWS\cdplayer.ini
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Program Files\Audiograbber
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\AD ON Multimedia
2008-07-16 16:58 . 2008-07-16 16:58 286,720 --------- C:\WINDOWS\Setup1.exe
2008-07-16 16:58 . 2008-07-16 16:58 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-16 00:50 . 2008-07-20 02:17 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 White
2008-07-10 20:01 . 2008-07-20 02:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-10 16:31 . 2008-07-10 16:31 <DIR> d-------- C:\Program Files\Recnik20
2008-07-09 07:01 . 2008-07-09 07:01 268 --ah----- C:\sqmdata07.sqm
2008-07-09 07:01 . 2008-07-09 07:01 244 --ah----- C:\sqmnoopt07.sqm
2008-07-08 21:20 . 2008-07-08 21:20 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-08 21:20 . 2008-07-08 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-08 17:34 . 2008-07-08 17:34 268 --ah----- C:\sqmdata06.sqm
2008-07-08 17:34 . 2008-07-08 17:34 244 --ah----- C:\sqmnoopt06.sqm
2008-07-08 16:49 . 2008-07-08 16:49 268 --ah----- C:\sqmdata05.sqm
2008-07-08 16:49 . 2008-07-08 16:49 244 --ah----- C:\sqmnoopt05.sqm
2008-07-08 07:05 . 2008-07-08 07:05 268 --ah----- C:\sqmdata04.sqm
2008-07-08 07:05 . 2008-07-08 07:05 244 --ah----- C:\sqmnoopt04.sqm
2008-07-08 00:28 . 2008-07-08 00:28 268 --ah----- C:\sqmdata03.sqm
2008-07-08 00:28 . 2008-07-08 00:28 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 21:18 . 2008-07-07 21:18 268 --ah----- C:\sqmdata02.sqm
2008-07-07 21:18 . 2008-07-07 21:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-03 18:30 . 2008-07-03 18:31 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-03 13:09 . 2008-07-03 13:09 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 00:53 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AdobeUM
2008-07-17 04:53 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-17 04:50 --------- d-----w C:\Program Files\Windows Live
2008-07-16 12:34 921,632 ----a-w C:\PA207.DAT
2008-07-09 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 09:26 --------- d-----w C:\Program Files\Sweet Home 3D
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 08:14 --------- d-----w C:\Documents and Settings\Sancez\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:18 --------- d-----w C:\Program Files\Call Corder 2
2008-06-10 07:11 --------- d-----w C:\Documents and Settings\Sancez\Application Data\HP
2008-06-04 07:46 --------- d-----w C:\Program Files\Mv2Player
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
.

((((((((((((((((((((((((((((( snapshot@2008-07-27_ 4.19.40.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
- 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-07-16 18:46:07 61,806 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-01 06:37:19 61,496 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-16 18:46:07 401,708 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-01 06:37:19 401,414 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 22:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 20:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-27 03:41 1261568]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 21:53 1108480]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 02:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 20:01 319488]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 184320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 01:24 54840]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 15:01 46592 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]

C:\Documents and Settings\Sancez\Start Menu\Programs\Startup\
windows.pif [2006-04-24 03:30:54 88064]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-08 21:20:11 142336]
Empty.pif [2006-04-24 03:30:54 88064]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 13:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

R2 NdisFileServices32;NdisFileServices32;C:\WINDOWS\system32\drivers\gonolm.sys [2008-08-01 20:11]
S3 PAC207;i-Look 111;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-30 01:32]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c43ab00-532f-11dd-a587-0018682d9e53}]
\Shell\AutoRun\command - gjn2pjlw.exe
\Shell\explore\Command - gjn2pjlw.exe
\Shell\open\Command - gjn2pjlw.exe
.
Contents of the 'Scheduled Tasks' folder
2008-08-01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!;2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXESancez0;< []
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run_CF-AVG7_CC - C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
HKLM-Run_CF-SunJavaUpdateSched - C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-01 20:08:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\wmdrtc32.dl_ 26066 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Documents and Settings\Sancez\Local Settings\Application Data\lsass.exe
-> C:\WINDOWS\system32\wmdrtc32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\HPZipm12.exe
C:\Qoobox\Quarantine\C\Documents and Settings\Sancez\Local Settings\Application Data\lsass.exe.viradMarks.xml
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2008-08-01 20:11:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 18:11:44
ComboFix2.txt 2008-07-30 13:50:34
ComboFix3.txt 2008-07-27 11:20:14

Pre-Run: 6,405,152,768 bytes free
Post-Run: 6,396,153,856 bytes free

199 --- E O F --- 2008-07-20 03:25:33

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Marko, uspeo si vec da pokupis novu infekciju u medjuvremenu.

Hajde pokusaj malo da pratis ono sto ti pisem, i da radis upravo onako kako ti kazem.

Startuj USB_blocker
Na Monitor tabu odaberi Auto block
Ubaci flash drive u USB slot
Predji na Scan removable drives tab
Tu odaberi opciju List all files
U gornjem levom delu USB_blockera odaberi slovo koje odgovara oznaci particije tvog flash drajva. Klikni samo jednom, nikako dupli klik.
Klikni na dugme Scan
Kada se zavrsi skeniranje (videces poruku u raportu u donjem delu programa), klikni desno dugme na raport/log i odaberi Save log
Log ce biti otvoren u Notepadu
Iskopiraj log iz Notepada u poruku na forumu.


Dalje, otvoriti Notepad i iskopirati sledeci tekst:
File::
C:\WINDOWS\system32\wmdrtc32.dll
C:\Documents and Settings\Sancez\Application Data\explorer.exe
C:\WINDOWS\system32\drivers\gonolm.sys
C:\Documents and Settings\Sancez\Start Menu\Programs\Startup\windows.pif
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif

Driver::
NdisFileServices32

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0c43ab00-532f-11dd-a587-0018682d9e53}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby, sve sam uradio kako si rekao... ali u gornjem levom uglu nema nista, ja ubacim lepo telefon na usb i sve je ok ali nema nista...
ne znam sta vise da radim ....
evo ti ovaj nov log ...

ComboFix 08-07-26.1 - Sancez 2008-08-02 19:15:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.216 [GMT 2:00]
Running from: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\ComboFix.exe
Command switches used :: C:\Documents and Settings\Sancez\Desktop\poprawka racunara\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif
C:\Documents and Settings\Sancez\Application Data\explorer.exe
C:\Documents and Settings\Sancez\Start Menu\Programs\Startup\windows.pif
C:\WINDOWS\system32\drivers\gonolm.sys
C:\WINDOWS\system32\wmdrtc32.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif
C:\Documents and Settings\Sancez\Application Data\explorer.exe
C:\Documents and Settings\Sancez\Local Settings\Application Data\lsass.exe
C:\Documents and Settings\Sancez\Start Menu\Programs\Startup\windows.pif
C:\WINDOWS\system32\drivers\gonolm.sys
C:\WINDOWS\system32\wmdrtc32.dl_
C:\WINDOWS\system32\wmdrtc32.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NDISFILESERVICES32
-------\Service_NdisFileServices32


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-08-01 13:12 . 2008-08-01 13:12 0 --a------ C:\WINDOWS\ui.INI
2008-08-01 08:34 . 2008-08-01 08:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-07-31 20:20 . 2008-07-31 20:27 <DIR> d-------- C:\Program Files\Trillian
2008-07-29 20:21 . 2008-07-29 20:21 <DIR> d-------- C:\Program Files\SpeedFan
2008-07-26 01:24 . 2008-07-26 01:24 268 --ah----- C:\sqmdata12.sqm
2008-07-26 01:24 . 2008-07-26 01:24 244 --ah----- C:\sqmnoopt12.sqm
2008-07-25 17:52 . 2008-07-25 17:52 268 --ah----- C:\sqmdata11.sqm
2008-07-25 17:52 . 2008-07-25 17:52 244 --ah----- C:\sqmnoopt11.sqm
2008-07-25 06:48 . 2008-07-25 06:48 268 --ah----- C:\sqmdata10.sqm
2008-07-25 06:48 . 2008-07-25 06:48 244 --ah----- C:\sqmnoopt10.sqm
2008-07-24 21:17 . 2008-07-24 21:17 268 --ah----- C:\sqmdata09.sqm
2008-07-24 21:17 . 2008-07-24 21:17 244 --ah----- C:\sqmnoopt09.sqm
2008-07-24 19:33 . 2008-07-24 19:33 268 --ah----- C:\sqmdata08.sqm
2008-07-24 19:33 . 2008-07-24 19:33 244 --ah----- C:\sqmnoopt08.sqm
2008-07-23 06:14 . 2008-07-23 06:14 <DIR> d-------- C:\Program Files\MySpace
2008-07-23 06:14 . 2008-07-23 06:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\MySpace
2008-07-20 02:43 . 2008-07-20 02:43 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2008-07-20 02:41 . 2008-07-20 02:44 <DIR> d-------- C:\Program Files\TryFastMessenger
2008-07-18 02:53 . 2008-07-18 02:53 <DIR> d-------- C:\Program Files\Viewpoint
2008-07-18 02:53 . 2008-07-18 02:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-07-18 02:53 . 2008-07-18 02:53 37,027 --a------ C:\WINDOWS\atmoUn.exe
2008-07-17 22:07 . 2008-07-17 22:07 <DIR> d--hs---- C:\Documents and Settings\Sancez\Phone Browser
2008-07-17 14:01 . 2008-07-17 14:01 <DIR> d-------- C:\Program Files\Digimarc
2008-07-17 06:52 . 2008-07-17 06:52 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 17:17 . 2008-07-16 17:37 34 --a------ C:\WINDOWS\cdplayer.ini
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Program Files\Audiograbber
2008-07-16 17:14 . 2008-07-16 17:14 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\AD ON Multimedia
2008-07-16 16:58 . 2008-07-16 16:58 286,720 --------- C:\WINDOWS\Setup1.exe
2008-07-16 16:58 . 2008-07-16 16:58 73,216 --a------ C:\WINDOWS\ST6UNST.EXE
2008-07-16 00:50 . 2008-07-20 02:17 <DIR> d-------- C:\Program Files\Achilles-Script 4.5 White
2008-07-10 20:01 . 2008-07-20 02:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-07-10 16:31 . 2008-07-10 16:31 <DIR> d-------- C:\Program Files\Recnik20
2008-07-09 07:01 . 2008-07-09 07:01 268 --ah----- C:\sqmdata07.sqm
2008-07-09 07:01 . 2008-07-09 07:01 244 --ah----- C:\sqmnoopt07.sqm
2008-07-08 21:20 . 2008-07-08 21:20 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-07-08 21:20 . 2008-07-08 21:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Macrovision
2008-07-08 17:34 . 2008-07-08 17:34 268 --ah----- C:\sqmdata06.sqm
2008-07-08 17:34 . 2008-07-08 17:34 244 --ah----- C:\sqmnoopt06.sqm
2008-07-08 16:49 . 2008-07-08 16:49 268 --ah----- C:\sqmdata05.sqm
2008-07-08 16:49 . 2008-07-08 16:49 244 --ah----- C:\sqmnoopt05.sqm
2008-07-08 07:05 . 2008-07-08 07:05 268 --ah----- C:\sqmdata04.sqm
2008-07-08 07:05 . 2008-07-08 07:05 244 --ah----- C:\sqmnoopt04.sqm
2008-07-08 00:28 . 2008-07-08 00:28 268 --ah----- C:\sqmdata03.sqm
2008-07-08 00:28 . 2008-07-08 00:28 244 --ah----- C:\sqmnoopt03.sqm
2008-07-07 21:18 . 2008-07-07 21:18 268 --ah----- C:\sqmdata02.sqm
2008-07-07 21:18 . 2008-07-07 21:18 244 --ah----- C:\sqmnoopt02.sqm
2008-07-03 18:30 . 2008-07-03 18:31 <DIR> d-------- C:\Program Files\The KMPlayer
2008-07-03 13:09 . 2008-07-03 13:09 <DIR> d-------- C:\Documents and Settings\Sancez\Application Data\Media Player Classic

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-02 17:19 5,477 ----a-w C:\WINDOWS\system32\drivers\gonolm.sys
2008-07-20 00:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 00:53 --------- d-----w C:\Documents and Settings\Sancez\Application Data\AdobeUM
2008-07-17 04:53 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-17 04:50 --------- d-----w C:\Program Files\Windows Live
2008-07-16 12:34 921,632 ----a-w C:\PA207.DAT
2008-07-09 13:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-08 19:20 --------- d-----w C:\Program Files\Common Files\Adobe
2008-07-08 19:19 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-28 09:26 --------- d-----w C:\Program Files\Sweet Home 3D
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 08:14 --------- d-----w C:\Documents and Settings\Sancez\Application Data\LimeWire
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:18 --------- d-----w C:\Program Files\Call Corder 2
2008-06-10 07:11 --------- d-----w C:\Documents and Settings\Sancez\Application Data\HP
2008-06-04 07:46 --------- d-----w C:\Program Files\Mv2Player
.

((((((((((((((((((((((((((((( snapshot@2008-07-27_ 4.19.40.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-10-14 17:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
+ 2004-10-14 17:36:18 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB873339\spuninst.exe
- 2004-10-14 17:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
+ 2004-10-14 17:34:54 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB873339\update\update.exe
- 2004-10-14 18:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
+ 2004-10-14 18:36:18 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB885835\spuninst.exe
- 2004-10-14 18:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
+ 2004-10-14 18:34:54 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB885835\update\update.exe
- 2004-10-14 18:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
+ 2004-10-14 18:36:18 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB885836\spuninst.exe
- 2004-10-14 18:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
+ 2004-10-14 18:34:54 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB885836\update\update.exe
- 2004-10-14 18:36:16 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
+ 2004-10-14 18:36:16 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB886185\spuninst.exe
- 2004-10-14 18:34:52 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
+ 2004-10-14 18:34:52 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB886185\update\update.exe
- 2004-10-13 16:21:24 1,694,208 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
+ 2004-10-13 16:21:24 1,722,880 ----a-w C:\WINDOWS\$hf_mig$\KB887472\SP2QFE\msmsgs.exe
- 2004-10-14 18:36:18 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
+ 2004-10-14 18:36:18 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB887472\spuninst.exe
- 2004-10-14 18:34:54 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
+ 2004-10-14 18:34:54 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB887472\update\update.exe
- 2004-12-01 03:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
+ 2004-12-01 03:22:42 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB888302\spuninst.exe
- 2004-11-30 21:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
+ 2004-11-30 21:46:40 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB888302\update\update.exe
- 2005-03-02 01:02:13 2,135,552 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
+ 2005-03-02 01:02:13 2,164,224 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlmp.exe
- 2005-03-02 00:36:40 2,056,832 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
+ 2005-03-02 00:36:40 2,085,504 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
- 2005-03-02 00:36:41 2,015,232 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
+ 2005-03-02 00:36:41 2,043,904 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrpamp.exe
- 2005-03-02 01:04:22 2,179,456 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
+ 2005-03-02 01:04:22 2,208,128 ----a-w C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
- 2004-12-01 03:22:42 169,984 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
+ 2004-12-01 03:22:42 198,656 ----a-w C:\WINDOWS\$hf_mig$\KB891781\spuninst.exe
- 2004-11-30 21:46:40 654,848 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
+ 2004-11-30 21:46:40 683,520 ----a-w C:\WINDOWS\$hf_mig$\KB891781\update\update.exe
- 2005-07-08 02:27:08 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
+ 2005-07-08 02:27:08 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB893756\update\arpidfix.exe
- 2005-05-26 23:26:50 10,752 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
+ 2005-05-26 23:26:50 39,424 ----a-w C:\WINDOWS\$hf_mig$\KB896358\SP2QFE\hh.exe
- 2005-06-11 00:17:13 57,856 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
+ 2005-06-11 00:17:13 86,528 ----a-w C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
- 2005-06-29 23:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
+ 2005-06-29 23:54:32 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB896423\update\arpidfix.exe
- 2005-05-10 23:51:10 75,776 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
+ 2005-05-10 23:51:10 104,448 ----a-w C:\WINDOWS\$hf_mig$\KB896428\SP2QFE\telnet.exe
- 2005-06-29 23:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
+ 2005-06-29 23:54:32 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB899587\update\arpidfix.exe
- 2005-06-29 23:54:32 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
+ 2005-06-29 23:54:32 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB899591\update\arpidfix.exe
- 2005-09-27 00:36:24 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
+ 2005-09-27 00:36:24 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB900725\update\arpidfix.exe
- 2005-09-09 23:26:26 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
+ 2005-09-09 23:26:26 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB901017\update\arpidfix.exe
- 2005-07-25 23:42:35 8,704 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
+ 2005-07-25 23:42:35 37,376 ----a-w C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\migregdb.exe
- 2005-07-26 02:21:18 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
+ 2005-07-26 02:21:18 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB902400\update\arpidfix.exe
- 2005-08-19 23:50:31 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
+ 2005-08-19 23:50:31 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB905414\update\arpidfix.exe
- 2005-08-23 01:01:30 30,720 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
+ 2005-08-23 01:01:30 59,392 ----a-w C:\WINDOWS\$hf_mig$\KB905749\update\arpidfix.exe
- 2006-03-17 01:05:35 28,672 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
+ 2006-03-17 01:05:35 57,344 ----a-w C:\WINDOWS\$hf_mig$\KB908531\SP2QFE\verclsid.exe
- 2006-10-12 11:54:07 256,512 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
+ 2006-10-12 11:54:07 285,184 ----a-w C:\WINDOWS\$hf_mig$\KB920213\SP2QFE\agentsvr.exe
- 2006-08-21 09:43:32 23,040 ----a-w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
+ 2006-08-21 09:43:32 51,712 ----a-w C:\WINDOWS\$hf_mig$\KB922582\SP2QFE\fltmc.exe
- 2007-02-28 09:53:04 2,137,600 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
+ 2007-02-28 09:53:04 2,166,272 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlmp.exe
- 2007-02-28 09:15:56 2,059,392 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
+ 2007-02-28 09:15:56 2,088,064 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
- 2007-02-28 09:15:59 2,017,280 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
+ 2007-02-28 09:15:59 2,045,952 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrpamp.exe
- 2007-02-28 09:55:14 2,182,144 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
+ 2007-02-28 09:55:14 2,210,816 ----a-w C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
- 2007-06-13 11:26:03 1,033,216 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
+ 2007-06-13 11:26:03 1,061,888 ----a-w C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
- 2007-11-13 11:02:46 60,416 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
+ 2007-11-13 11:02:46 89,088 ----a-w C:\WINDOWS\$hf_mig$\KB942763\SP2QFE\tzchange.exe
- 2007-12-06 08:34:28 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
+ 2007-12-06 08:34:28 99,328 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ie4uinit.exe
- 2007-12-06 08:34:29 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
+ 2007-12-06 08:34:29 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\ieudinit.exe
- 2007-12-06 08:34:45 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
+ 2007-12-06 08:34:45 654,336 ----a-w C:\WINDOWS\$hf_mig$\KB944533-IE7\SP2QFE\iexplore.exe
- 2008-02-22 09:39:56 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
+ 2008-02-22 09:39:56 99,328 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ie4uinit.exe
- 2008-02-22 09:39:56 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
+ 2008-02-22 09:39:56 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\ieudinit.exe
- 2008-02-22 09:40:22 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
+ 2008-02-22 09:40:22 654,336 ----a-w C:\WINDOWS\$hf_mig$\KB947864-IE7\SP2QFE\iexplore.exe
- 2008-02-15 09:07:53 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
+ 2008-02-15 09:07:53 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB947864\SP2QFE\iedw.exe
- 2008-04-22 08:02:19 70,656 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
+ 2008-04-22 08:02:19 99,328 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ie4uinit.exe
- 2008-04-22 08:02:19 13,824 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
+ 2008-04-22 08:02:19 42,496 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\ieudinit.exe
- 2008-04-22 08:02:46 625,664 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
+ 2008-04-22 08:02:46 654,336 ----a-w C:\WINDOWS\$hf_mig$\KB950759-IE7\SP2QFE\iexplore.exe
- 2008-04-17 10:46:59 18,432 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
+ 2008-04-17 10:46:59 47,104 ----a-w C:\WINDOWS\$hf_mig$\KB950759\SP2QFE\iedw.exe
- 2004-08-03 22:56:54 77,312 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
+ 2004-08-03 22:56:54 105,984 -c----w C:\WINDOWS\$MSI31Uninstall_KB893803v2$\msiexec.exe
- 2004-10-14 17:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
+ 2004-10-14 17:36:18 198,656 -c----w C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
- 2004-10-14 18:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
+ 2004-10-14 18:36:18 198,656 -c----w C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
- 2004-10-14 18:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
+ 2004-10-14 18:36:18 198,656 -c----w C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
- 2004-10-14 18:36:16 169,984 -c----w C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
+ 2004-10-14 18:36:16 198,656 -c----w C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
- 2004-08-04 08:06:34 1,667,584 -c----w C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe
+ 2004-08-04 08:06:34 1,696,256 -c----w C:\WINDOWS\$NtUninstallKB887472$\msmsgs.exe
- 2004-10-14 18:36:18 169,984 -c----w C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
+ 2004-10-14 18:36:18 198,656 -c----w C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
- 2004-12-01 03:22:42 169,984 -c----w C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
+ 2004-12-01 03:22:42 198,656 -c----w C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
- 2004-08-03 23:05:44 2,056,832 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
+ 2004-08-03 23:05:44 2,085,504 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntkrnlpa.exe
- 2004-08-03 21:20:00 2,180,992 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
+ 2004-08-03 21:20:00 2,209,664 -c----w C:\WINDOWS\$NtUninstallKB890859$\ntoskrnl.exe
- 2004-12-01 03:22:42 169,984 -c----w C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
+ 2004-12-01 03:22:42 198,656 -c----w C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
- 2004-08-03 22:56:52 10,752 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe
+ 2004-08-03 22:56:52 39,424 -c----w C:\WINDOWS\$NtUninstallKB896358$\hh.exe
- 2004-08-03 22:56:58 57,856 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
+ 2004-08-03 22:56:58 86,528 -c----w C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
- 2004-08-03 22:56:58 75,264 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
+ 2004-08-03 22:56:58 103,936 -c----w C:\WINDOWS\$NtUninstallKB896428$\telnet.exe
- 2004-08-03 22:56:52 7,680 -c----w C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe
+ 2004-08-03 22:56:52 36,352 -c----w C:\WINDOWS\$NtUninstallKB902400$\migregdb.exe
- 2004-08-03 22:56:48 256,512 -c----w C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
+ 2004-08-03 22:56:48 285,184 -c----w C:\WINDOWS\$NtUninstallKB920213$\agentsvr.exe
- 2004-08-03 22:56:50 22,528 -c----w C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe
+ 2004-08-03 22:56:50 51,200 -c----w C:\WINDOWS\$NtUninstallKB922582$\fltmc.exe
- 2005-03-02 00:57:44 2,135,552 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe
+ 2005-03-02 00:57:44 2,164,224 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlmp.exe
- 2005-03-02 00:34:40 2,056,832 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
+ 2005-03-02 00:34:40 2,085,504 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
- 2005-03-02 00:34:42 2,015,232 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe
+ 2005-03-02 00:34:42 2,043,904 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntkrpamp.exe
- 2005-03-02 00:59:53 2,179,328 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
+ 2005-03-02 00:59:53 2,208,000 -c----w C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
- 2004-08-03 22:56:50 1,032,192 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
+ 2004-08-03 22:56:50 1,060,864 -c----w C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
- 2004-08-03 22:56:52 18,432 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
+ 2004-08-03 22:56:52 47,104 -c----w C:\WINDOWS\$NtUninstallKB947864$\iedw.exe
- 2008-02-15 09:23:37 18,432 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
+ 2008-02-15 09:23:37 47,104 -c----w C:\WINDOWS\$NtUninstallKB950759$\iedw.exe
- 2005-10-21 03:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
- 2000-08-31 15:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
+ 2000-08-31 06:00:00 28,672 ----a-w C:\WINDOWS\Nircmd.exe
- 2000-08-31 15:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
+ 2000-08-31 06:00:00 161,792 ----a-w C:\WINDOWS\swreg.exe
- 2008-07-16 18:46:07 61,806 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-01 06:37:19 61,496 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-16 18:46:07 401,708 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-01 06:37:19 401,414 ----a-w C:\WINDOWS\system32\perfh009.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 22:32 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 20:34 5724184]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" [2008-03-27 03:41 1261568]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2008-04-16 21:53 1108480]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 02:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run_CF]
"Monitor"="C:\WINDOWS\PixArt\PAC207\Monitor.exe" [2006-11-03 20:01 319488]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 01:40 184320]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 09:47 31016]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 01:24 54840]
"SoundMan"="SOUNDMAN.EXE" [2002-11-19 15:01 46592 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-04-18 01:27 9146368]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-07-08 21:20:11 142336]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 13:21:22 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"VIDC.ACDV"= ACDV.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=

S3 PAC207;i-Look 111;C:\WINDOWS\system32\DRIVERS\PFC027.SYS [2007-06-30 01:32]
S3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys []

*Newly Created Service* - NDISFILESERVICES32
.
Contents of the 'Scheduled Tasks' folder
2008-08-02 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job - s!;2C:\Program Files\Windows Live Toolbar\MSNTBUP.EXESancez0;< []
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2008-08-02 19:18:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\system32\wmdrtc32.dll 40960 bytes executable
C:\WINDOWS\system32\wmdrtc32.dl_ 26066 bytes

scan completed successfully
hidden files: 2

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisFileServices32]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\gonolm.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Completion time: 2008-08-02 19:21:51 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-02 17:21:47
ComboFix2.txt 2008-08-01 18:11:49
ComboFix3.txt 2008-07-30 13:50:34
ComboFix4.txt 2008-07-27 11:20:14

Pre-Run: 6,388,092,928 bytes free
Post-Run: 6,299,041,792 bytes free

351 --- E O F --- 2008-07-20 03:25:33

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zaboravi mobilni, on ti se ne prijavljuje kao particija. Odradi to za flash drajvove.

Kada to uradis, postavi mi USB_blocker log ovde.

Nakon toga restartuj kompjuter, pa ponovo startuj ComboFix da bi mi postavio log.
ComboFix startuj normalno, duplim klikom na ikonicu, ne prevlacenjem CFScripta.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

bobby, update-ovao sam avg, on je poceo sam da skenira komp i nasao mi je u C: particiji 474 virusa neki Win32/Sality ... i nekoliko trojan horse VB.BQF ... i izbrisao sam sve kad sam ponovo ukljucio racunar sve je nesto kao da sam sad reinstal;irao.. pola programa mi ne radi a pola nema ....
ovo nije normalno keve mi

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sality je pravi pravcati virus (fajl infektor), i ugradjuje se u postojece programe na kompu. Kod ciscenja (otklanjanja virusa iz programa koje imas na kompu) ne mora da znaci da ce program biti ponovo osposobljen za rad.
Retko kada ima spasa od fajl infektora, uglavnom ne gine formatiranje particije.