Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

dali moze da se popravi?

[es] :: Zaštita :: dali moze da se popravi?

Strane: 1 2

[ Pregleda: 10728 | Odgovora: 29 ] > FB > Twit

Postavi temu Odgovori

Autor
Pretraga teme: Traži
Markiranje Štampanje RSS

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon dali moze da se popravi?21.01.2008. u 14:47 - pre 197 meseci
imam jedan problem izgleda da mi je uletio neki virus i sad ne mogu da instaliram ni jedan antivirusni program
imao sam zone alarm ali izgleda da nije funkcionisao! kad ocu da otvorim neku web stranicu iskoci mi u donjem desnom uglu kao obavestenje da ako otvorim stranicu moze da mi uleti virus i onda mi zakoci i ne mogu da udjem ni na jedan veb sajt
sta da radim
dali neko zna o cemu se radi i dali bih mogao rucno da maknem to i racunara bez antivirusa
da obrisem taj fajl koji je napao virus ako nije sistemski i dali bih mogao da instaliram antivirus u safe modu?
ne smijem da formatiram disk jer se radi o racunaru koji mi je na posao a na njega su neke kamere pa se bojim da ne sjeebem nesto
pomagajteeee
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?21.01.2008. u 17:39 - pre 197 meseci
Skini neki rootkit alat poput Rootkit Revealer-a i proskeniraj. Takodje okachi HiJackThis! log. Mislim da se radi o kombinaciji trojanaca i rootkit-ova.
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?21.01.2008. u 18:08 - pre 197 meseci
sta znaci hijack ? jeli to isto neki program?
aj daj jos po jednu...
 
Odgovor na temu

laki_srt
laki_srt
ucenik

Član broj: 166987
Poruke: 183
*.tippnet.co.yu.



Profil

icon Re: dali moze da se popravi?21.01.2008. u 19:02 - pre 197 meseci
Da to je program koji ce da vidi procese na tvom racunaru,skeniras i posle toga save log file i onda ostavis taj log fajl na forumu. Da ne moras traziti evo ti prikacio sam uz poruku HijackThis 2.
Prikačeni fajlovi
HijackThis.zip HijackThis.zip - 362.07k
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?22.01.2008. u 11:36 - pre 197 meseci
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:34:46 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Software Tools\DS-IRECClient\DS-IRECClient.exe
C:\WINDOWS\system32\wgp.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\ddd\My Documents\zmaj\My Pictures\slike\RootkitRevealer.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {3251FBC9-A99D-410F-8AB2-89F6DFD074EB} - C:\WINDOWS\system32\dfrgu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: QNGQNSW - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\QNGQNSW.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 5124 bytes
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?22.01.2008. u 16:21 - pre 197 meseci
I ti si zakacio trojanace (Trojan.Lodeight.C. i Trojan-Spy.Win32.BZub.btx).

Skini ovo: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

i pokreni ga duplim klikom. Prati promptove i posle skeniranja log ce biti napravljen koji bi mogao da okacis zajedno sa novim HJT! logom pa cemo onda dalje da vidimo sta valja ciniti. Dok skenira Combofix ne pomeraj misa i ne radi nista sa racunarom.
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:32 - pre 197 meseci
ComboFix 08-01-23.2 - ddd 2008-01-23 15:20:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.386.1033.18.164 [GMT 1:00]
Running from: C:\Documents and Settings\ddd\Desktop\ComboFix.exe
* Created a new restore point

[color=red]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/color]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_SROSA
-------\LEGACY_TLRLKINA
-------\srosa
-------\tlrlkina


((((((((((((((((((((((((( Files Created from 2007-12-23 to 2008-01-23 )))))))))))))))))))))))))))))))
.

2008-01-23 15:16 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-22 09:00 . 2008-01-22 09:03 10,485,760 --a------ C:\WINDOWS\system32\cxl1705
2008-01-22 08:57 . 2008-01-22 12:27 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-22 08:57 . 2008-01-22 09:04 920 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-21 22:54 . 2008-01-21 22:55 <DIR> d-------- C:\Program Files\Wormux 0.7
2008-01-21 22:50 . 2008-01-21 22:50 <DIR> d-------- C:\Programas
2008-01-21 21:08 . 2004-05-10 12:42 110,592 --a------ C:\WINDOWS\system32\suppdll.dll
2008-01-21 21:08 . 2008-01-21 21:08 35,363 --a------ C:\WINDOWS\system32\windrvNT.sys
2008-01-21 19:01 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-21 15:55 . 2008-01-21 19:04 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-21 15:55 . 2008-01-21 15:55 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-21 15:55 . 2008-01-21 15:55 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-21 15:55 . 2008-01-21 15:55 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-20 14:55 . 2008-01-21 19:11 <DIR> d-------- C:\Program Files\Spyware Doctor
2008-01-20 14:55 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-01-20 14:55 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-20 14:55 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-20 14:55 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-01-20 14:55 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-19 09:26 . 2008-01-22 10:58 70,660 --a------ C:\WINDOWS\system32\mdelk.exe
2008-01-19 07:26 . 2006-01-18 03:01 827,442 --------- C:\WINDOWS\system32\drivers\hldrrr.exe
2008-01-19 07:21 . 2008-01-22 11:04 <DIR> d-------- C:\WINDOWS\system32\drivers\down
2008-01-19 07:13 . 2006-10-07 17:31 221,184 --a------ C:\WINDOWS\system32\rspencr330.ocx
2008-01-19 07:07 . 2008-01-23 15:27 448,032 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-19 07:07 . 2008-01-23 15:26 8,096 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-19 07:03 . 2007-11-14 16:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-01-07 16:56 . 2008-01-07 17:35 <DIR> d-------- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-21 20:10 --------- d-----w C:\Program Files\Folder Lock
2008-01-21 15:16 --------- d-----w C:\Program Files\MediaMonkey
2008-01-21 15:15 --------- d-----w C:\Program Files\Common Files\LightScribe
2008-01-20 13:33 --------- d-----w C:\Program Files\Google
2008-01-19 07:28 --------- d-----w C:\Program Files\eMule
2007-12-20 12:02 --------- d-----w C:\Program Files\Apple Software Update
2007-12-20 12:01 --------- d-----w C:\Program Files\Common Files\Apple
2007-12-01 16:45 --------- d-----w C:\Program Files\janusware
2007-11-30 19:57 --------- d-----w C:\Program Files\PC Connectivity Solution
2007-11-30 19:57 --------- d-----w C:\Program Files\Nokia
2007-11-30 19:57 --------- d-----w C:\Program Files\DIFX
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\PCSuite
2007-11-30 19:57 --------- d-----w C:\Program Files\Common Files\Nokia
2007-11-26 18:37 --------- d-----w C:\Program Files\MP3Gain
2007-11-14 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
2007-10-24 10:30 512 ----a-w C:\ScanSectorLog.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"german.exe"="C:\WINDOWS\system32\wintems.exe" [ ]
"mule_st_key"="C:\Documents and Settings\ddd\Application Data\m\flec006.exe" [2008-01-22 10:58 96260]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2005-10-31 21:15 163840 C:\WINDOWS\system32\VTTrayp.exe]
"C-Media Mixer"="Mixer.exe" [2001-10-22 10:24 1216512 C:\WINDOWS\mixer.exe]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:56 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Network Chat AutoStart.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Network Chat AutoStart.lnk
backup=C:\WINDOWS\pss\Network Chat AutoStart.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^ddd^Start Menu^Programs^Startup^Metacafe.lnk]
path=C:\Documents and Settings\ddd\Start Menu\Programs\Startup\Metacafe.lnk
backup=C:\WINDOWS\pss\Metacafe.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-12-23 17:05 143360 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP10_EnsureFileVer]
--a------ 2004-08-04 00:56 208896 C:\WINDOWS\inf\unregmp2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-11-09 13:16 688128 C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-07-12 03:00 132496 C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2006-01-18 03:01 827442 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2003-12-13 01:50 33792 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZoneAlarm Client]
--a------ 2008-01-23 15:20 919016 C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38]
R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39]
S3 BSJYS;BSJYS;C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe [2008-01-21 19:06]

.
Contents of the 'Scheduled Tasks' folder
"2008-01-18 20:58:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-23 15:27:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

disk error: C:\WINDOWS\

**************************************************************************
.
aj daj jos po jednu...
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:40 - pre 197 meseci
HKU\.DEFAULT\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\.DEFAULT\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-21-1292428093-113007714-1417001333-1003\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup 2008-01-23 15:17 0 bytes Security mismatch.
HKU\S-1-5-18\Control Panel\international_combofixbackup\Geo 2008-01-23 15:17 0 bytes Security mismatch.
HKLM\SECURITY\Policy\Secrets\SAC* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 2007-06-27 20:31 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesProcessed 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher\TracesSuccessful 2008-01-23 15:32 4 bytes Data mismatch between Windows API and raw hive data.
C: 1601-01-01 01:00 0 bytes Error mounting volume
aj daj jos po jednu...
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 14:41 - pre 197 meseci
eto izbacio sam prvi log iz combofixa a drugi je rotkit

kako ti se cini_?
aj daj jos po jednu...
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 15:54 - pre 197 meseci
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16:54, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Documents and Settings\ddd\Application Data\m\flec006.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4757 bytes
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?23.01.2008. u 18:31 - pre 197 meseci
Combofix je odradio svoje i vidim jos trojanaca Nema rootkitova. E sad ovo treba rucno da odstranis (probaj da ubijes proces u Task Manager-u i potom da rucno odstanis fajl a mozda i ceo folder):

Code:

C:\Documents and Settings\ddd\Application Data\m\flec006.exe


A ovo treba da stikliras i obrises pomocu HiJackThis!-a (Fix Checked):

Code:

O4 - HKCU\..\Run: [german.exe] C:\WINDOWS\system32\wintems.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Documents and Settings\ddd\Application Data\m\flec006.exe


Takodje povedi racuna o putanji:

Code:

C:\WINDOWS\system32\wintems.exe


Mislim da je taj fajl trebao da obrise combofix ali ako nije trebas taj fajl rucno obrisati...

Ako bude jos problema vici.
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?23.01.2008. u 19:16 - pre 197 meseci
... kada sve odradis ili probas da odradis kako sam napisao ponovo proskeniraj combofixom, okachi novi log. Isto uradi i sa HiJackThis-om.
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 20:01 - pre 197 meseci
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:01, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\ddd\LOCALS~1\Temp\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = www.google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 111.225.225.123
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O17 - HKLM\System\CS3\Services\Tcpip\..\{1B4E51FF-8168-4A44-8313-B28BAF1DC1B6}: NameServer = 192.168.150.254
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BSJYS - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ddd\LOCALS~1\Temp\BSJYS.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 4623 bytes
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-3.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?23.01.2008. u 20:43 - pre 197 meseci
Kako se sad racunar ponasa? Po logovima bi trebalo da je sve uredu.
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
*.crnagora.net.



+1 Profil

icon Re: dali moze da se popravi?23.01.2008. u 22:53 - pre 197 meseci
ponasa se super normalno se kaci na net i otvara sve super uspio sam da instaliram neke programe koje nisam mogao ali ne mogu da instaliram nod antivirus iskoci mi poruka da neki servis nece da se starrtuje
posle svega ovoga sto si mi ti rekao da uradim instalirao sam spywaredoctor i nasao mi je neke viruse i jednog trojanca koji se zove email
kako da instaliram nod?
hvala ti puno sto si mi pomogao spasio si me brate :)
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-1.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?23.01.2008. u 23:04 - pre 197 meseci
Ja sam gledao aktivnu gamad. Ovi ostali programi su nasli gamad koja cuci u potaji

Moras mi reci tacnu gresku koju NOD javlaja. Da li si probao da instaliras neki drugi antivirusni program poput Avasta, Kasperskog, AVG itd.?
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
85.94.112.*



+1 Profil

icon Re: dali moze da se popravi?24.01.2008. u 15:22 - pre 197 meseci
pisalo mi je kao servis (eknr) no star instalation filed tako nesto
__???
aj daj jos po jednu...
 
Odgovor na temu

Binary Mind
11040

Član broj: 28245
Poruke: 13289
*.adsl-4.sezampro.yu.



+3779 Profil

icon Re: dali moze da se popravi?24.01.2008. u 16:55 - pre 197 meseci
Hajde vidi da li su slucajno sledeci fajlovi ostali u C:\Windows\system32 i C:\Windows\system32\drivers:

Code:

C:\WINDOWS\system32\dfrgu.dll
C:\WINDOWS\system32\drivers\jsflbcso.dat
C:\WINDOWS\system32\drivers\srosa.sys
C:\WINDOWS\system32\wintems.exe


ako jesu makni ih rucno i onda probaj da instaliras NOD... Ova 4 fajla su inace ostaci 2 trojanca koje si imao a bilo ih je i vise nego ona 2 koje sam naveo na pocetku.


Takodje obrishi sledece u registry ako postoji:

Code:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run] 
"drvsyskit" = "%System%\drivers\hidr.exe"


Jedan od ovih trojanace je, kako sam rekao, kombinacija trojanca i rootkita i zato imas problem pri instalaciji antivirusnih programa.

[Ovu poruku je menjao Binary Mind dana 24.01.2008. u 18:34 GMT+1]
 
Odgovor na temu

NIKSICKO_PIVO

Član broj: 20194
Poruke: 369
195.66.191.*



+1 Profil

icon Re: dali moze da se popravi?26.01.2008. u 19:13 - pre 197 meseci
brate sve sam napravio hvala ti puno
aj daj jos po jednu...
 
Odgovor na temu

mister Mrva
Beograd , Zvezdara

Član broj: 22296
Poruke: 29
213.244.208.*



Profil

icon Re: dali moze da se popravi?13.02.2008. u 01:37 - pre 197 meseci
I ja sam danas, tj već juče, zakačio nešto slično. Kaspersky IS 7 ne mogu da pokrenem
već izbaci poruku avp.exe is not a valid Win32 application. Nisam mogao da uđem u safe mod
ali sam to sredio SafeBootKeyRepair-CF-om. Pomoću HirenBoot CD-a sa obrisao C:\WINDOWS\system32\drivers\hldrrr.exe.
HijackThis neće nikako da se pokrene, ComboFix kao odradi posao i obriše srosa.sys evo šta kaže ComboFix.txt
Code:

ComboFix 08-02-13.2 - Petar 2008-02-13  2:01:36.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.1250.1.1033.18.802 [GMT 1:00]
Running from: c:\Downloads\Combo-Fix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

    Unable to gain System Privileges

kao i ComboDel.txt:
Code:
Files to Move:
C:\WINDOWS\system32\drivers\srosa.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir
C:\WINDOWS\system32\drivers\srosa.sys|C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\srosa.sys.vir


DDS (Deckard System Scanner) logovi:
Main
Code:
Deckard's System Scanner v20071014.68
Run by Petar on 2008-02-13 01:24:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

System Restore is disabled; attempting to re-enable...success.


-- Last 1 Restore Point(s) --
1: 2008-02-13 00:24:38 UTC - RP104 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-02-13 01:28:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\TaskSwitch.exe
C:\Program Files\ATITool\ATITool.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\RSSoft\RedSwoosh.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\RasLogger\RasLogger3\RasLogger3.exe
C:\WINDOWS\system32\msiexec.exe
C:\Downloads\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinAlarm] C:\Program Files\WinAlarm\WinAlarm.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ATITool] "C:\Program Files\ATITool\ATITool.exe" -s
O4 - HKLM\..\Run: [AtiPTA] C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [Red Swoosh] C:\Program Files\RSSoft\RedSwoosh.exe /S
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Startup: The RAS Logger System.lnk = ?
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download with GetRight Pro - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Pro Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save page with WinMHT... - C:\Program Files\WinMHT\iewmht0.htm
O8 - Extra context menu item: Save selection with WinMHT... - C:\Program Files\WinMHT\iewmht2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O10 - Broken Internet access because of LSP provider 'c:\Program Files\Bonjour\mdnsNSP.dll' missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia....ockwave/cabs/flash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{579CC83D-7F7F-44DE-9B68-93859ABBBE63}: NameServer = 213.244.255.2 213.244.255.3
O18 - Protocol: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll
O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe


--
End of file - 9024 bytes

-- File Associations -----------------------------------------------------------

[COLOR=red].hlp - ABC Amber HLP Converter for HLP - DefaultIcon - unable to read value[/COLOR]
[COLOR=red].hlp - ABC Amber HLP Converter for HLP - shell\open\command - unable to read value[/COLOR]


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ATITool (ATITool Overclocking Utility) - c:\windows\system32\drivers\atitool.sys <Not Verified; ; Low-Level Driver>
R1 Ext2fs - c:\windows\system32\drivers\ext2fs.sys
R1 IfsDrives - c:\windows\system32\drivers\ifsdrives.sys
R1 SCDEmu - c:\windows\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
R1 srosa (Megadrv3) - c:\windows\system32\drivers\srosa.sys
R2 MMK_NTD - c:\windows\system32\drivers\mmk_ntd.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
R2 nxsIO32 (NextSensor Kernel I/O Driver) - c:\windows\system32\drivers\nxsio32.sys
R2 P1C1394 (Phase One 1394 Camera Driver) - c:\windows\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
R3 Intels51 (Intel(R) 536EP Modem) - c:\windows\system32\drivers\intels51.sys <Not Verified; Intel Corporation; Intel® 536EP Modem Driver>

S3 catchme - c:\docume~1\petar\locals~1\temp\catchme.sys (file missing)
S3 ENTECH - c:\windows\system32\drivers\entech.sys <Not Verified; EnTech Taiwan; PowerStrip>
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 StarWindServiceAE (StarWind AE Service) - c:\program files\alcohol soft\alcohol 120\starwind\starwindserviceae.exe <Not Verified; Rocket Division Software; StarWind Alcohol Edition>

S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>
S3 NMIndexingService - 
S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
S4 hpdj - 


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: NVIDIA nForce Networking Controller
Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&23581523&1&00
Manufacturer: NVIDIA
Name: NVIDIA nForce Networking Controller #2
PNP Device ID: {1A3E09BE-1E45-494B-9174-D7385B45BBF5}\NVNET_DEV0373\4&23581523&1&00
Service: NVENETFD


-- Files created between 2008-01-13 and 2008-02-13 -----------------------------

2008-02-13 00:56:51         0 d-------- C:\Combo-Fix
2008-02-13 00:44:44     68096 --a------ C:\WINDOWS\system32\zip.exe
2008-02-13 00:44:44     98816 --a------ C:\WINDOWS\system32\sed.exe
2008-02-13 00:44:44     80412 --a------ C:\WINDOWS\system32\grep.exe
2008-02-13 00:44:44     73728 --a------ C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-02-13 00:44:43     53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-02-12 23:15:32         0 d-------- C:\VundoFix Backups
2008-02-12 22:41:32     14528 -----n--- C:\WINDOWS\system32\drivers\MMK_NTD.SYS <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
2008-02-12 22:41:23         0 d-------- C:\Program Files\LEAP
2008-02-12 22:40:11         0 d-------- C:\Program Files\Luxor
2008-02-12 22:37:46         0 d-------- C:\Program Files\ReflexiveArcade
2008-02-12 22:22:16         0 d-------- C:\Film za snimanje
2008-02-12 22:17:34      1226 --a------ C:\WINDOWS\mozver.dat
2008-02-12 15:13:18         0 d-------- C:\Flash disk
2008-02-11 18:13:16    413696 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-02-11 18:13:16    110592 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions (C) Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL(TM) Library>
2008-02-11 18:13:16         0 d-------- C:\Program Files\OpenAL
2008-02-11 18:13:16         0 d-------- C:\Program Files\Eidos
2008-02-11 18:12:04         0 d-------- C:\WINDOWS\system32\xlive
2008-02-09 22:47:31         0 d-------- C:\WINDOWS\Caps
2008-02-09 17:31:51         0 --a------ C:\WINDOWS\nsreg.dat
2008-02-09 17:31:47         0 d-------- C:\Documents and Settings\Petar\Application Data\Mozilla
2008-02-09 16:58:35         0 d-------- C:\Program Files\RSSoft
2008-02-09 16:33:56         0 d-------- C:\Program Files\Common Files\Akamai
2008-02-08 22:56:42    162304 -----n--- C:\WINDOWS\UNWISE.EXE
2008-02-05 19:31:42         0 d-------- C:\Program Files\Futuremark
2008-02-05 19:31:33         0 d-------- C:\Documents and Settings\Petar\Application Data\Microsoft Games
2008-02-05 19:31:30         0 d-------- C:\Program Files\Microsoft Games
2008-02-05 19:31:11         0 dr-h----- C:\Documents and Settings\Petar\Recent
2008-02-05 12:34:25         0 d-------- C:\Program Files\Universal Extractor
2008-02-03 14:48:47         0 d-------- C:\Bane
2008-02-02 22:15:45    229376 --a------ C:\Documents and Settings\LocalService\ntuser.dat
2008-02-02 21:40:21         0 d-------- C:\Program Files\PowerISO
2008-02-02 20:15:01     77824 --a------ C:\WINDOWS\system32\ODBCTL32.DLL <Not Verified; Microsoft Corporation; Microsoft Open Database Connectivity>
2008-02-02 20:15:01    251664 --a------ C:\WINDOWS\system32\MSRD2X35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:01   1045776 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:00    407312 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-02 20:15:00     24336 --a------ C:\WINDOWS\system32\MSJTER35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:15:00     37136 --a------ C:\WINDOWS\system32\MSJINT35.DLL <Not Verified; Microsoft Corporation; Microsoft® Jet>
2008-02-02 20:14:59         0 d-------- C:\Program Files\HT Audio
2008-02-02 20:13:37    304128 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-02-02 20:00:00         0 d-------- C:\Documents and Settings\Petar\Application Data\PTGui Pro
2008-02-01 15:38:30    398416 --a------ C:\WINDOWS\system\VBRUN300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-02-01 15:38:30     95200 --a------ C:\WINDOWS\system\VBDB300.DLL <Not Verified; Microsoft Corporation; Visual Basic 3.0>
2008-02-01 15:38:30    994496 --a------ C:\WINDOWS\system\MSAJT200.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-01 15:38:30     17440 --a------ C:\WINDOWS\system\MSAJT112.DLL <Not Verified; Microsoft Corporation; Microsoft® Access>
2008-02-01 15:38:30     33280 --a------ C:\WINDOWS\system\MSAES110.DLL <Not Verified; Microsoft Corp.; Microsoft Access>
2008-02-01 15:38:30        34 --a------ C:\WINDOWS\SS2.REG
2008-02-01 15:38:30        34 --a------ C:\WINDOWS\SS1.REG
2008-01-25 23:06:54         0 d-------- C:\Documents and Settings\Petar\Application Data\Bioshock
2008-01-25 23:06:50         0 dr-h----- C:\Documents and Settings\Petar\Application Data\SecuROM
2008-01-25 22:53:30    200704 --a------ C:\WINDOWS\system32\IfsDrives.dll <Not Verified; Stephan Schreiber; IFS for Windows>
2008-01-25 22:53:30      4608 --a------ C:\WINDOWS\system32\drivers\IfsDrives.sys
2008-01-25 22:53:30    132736 --a------ C:\WINDOWS\system32\drivers\ext2fs.sys
2008-01-25 01:57:41         0 d-------- C:\Program Files\digestIT 2004
2008-01-23 17:18:18         0 d-------- C:\Program Files\UltraISO
2008-01-23 00:24:29         0 d-------- C:\Program Files\Electronic Arts
2008-01-22 23:07:10         0 d--hs---- C:\WINDOWS\ftpcache
2008-01-20 20:37:34         0 d-------- C:\Program Files\MediaMonkey
2008-01-20 19:31:09         0 d-------- C:\Documents and Settings\Petar\Application Data\Digital Film Tools
2008-01-20 19:29:09         0 d-------- C:\Documents and Settings\All Users\Application Data\Digital Film Tools
2008-01-20 08:07:58     33292 --a------ C:\WINDOWS\system32\drivers\scdemu.sys <Not Verified; PowerISO Computing, Inc.; scdemu>
2008-01-19 23:36:10         0 d-------- C:\Documents and Settings\Petar\Application Data\Imagenomic
2008-01-19 22:47:35         0 d-------- C:\Documents and Settings\Petar\Application Data\Mask Pro 4.0
2008-01-19 22:37:20         0 d-------- C:\Documents and Settings\Petar\Application Data\Alien Skin
2008-01-19 17:25:32    352256 --a------ C:\WINDOWS\esellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-01-19 17:16:25         0 d-------- C:\Program Files\Imagenomic
2008-01-19 16:54:47    146650 --a------ C:\WINDOWS\Curves 2 Uninstaller.exe
2008-01-19 16:54:47         0 d-------- C:\Program Files\Curvemeister.com
2008-01-19 16:53:00         0 d-------- C:\Program Files\BWStyler
2008-01-19 16:43:51         0 d-------- C:\Program Files\Alien Skin
2008-01-19 16:36:42         0 d-------- C:\Program Files\Albatross
2008-01-19 16:23:16     90112 --a------ C:\WINDOWS\unvise32.exe <Not Verified; MindVision Software; Installer VISE>
2008-01-19 16:21:13    227840 --a------ C:\WINDOWS\system32\Deco_32.dll <Not Verified; Iterated Systems, Inc.; Fractal Image Decoder>
2008-01-19 16:21:13         0 d-------- C:\Program Files\Common Files\onOne Software Shared
2008-01-19 16:20:39         0 d-------- C:\Documents and Settings\Petar\Application Data\onOne Software
2008-01-19 16:18:32         0 d-------- C:\Program Files\onOne Software
2008-01-19 16:17:10        19 --ah----- C:\WINDOWS\system32\ezirioMeD4
2008-01-19 16:16:46     23168 --a------ C:\WINDOWS\system32\drivers\p1c1394.sys <Not Verified; Phase One A/S; Phase One digital imaging>
2008-01-19 16:16:36         0 d-------- C:\Program Files\Phase One
2008-01-17 15:41:02         0 d-------- C:\Documents and Settings\Petar\Application Data\Nokia Multimedia Player
2008-01-15 22:21:47         0 d-------- C:\Program Files\WinHex
2008-01-14 17:14:58         0 d-------- C:\Program Files\Romain's Software


-- Find3M Report ---------------------------------------------------------------

2008-02-13 00:47:37         0 d-------- C:\Documents and Settings\Petar\Application Data\MxBoost
2008-02-13 00:46:25         0 d-------- C:\Program Files\GetRight
2008-02-12 22:30:42         0 d-------- C:\Documents and Settings\Petar\Application Data\The Bat!
2008-02-12 11:39:41         0 d-------- C:\Program Files\Common Files
2008-02-10 09:19:01         0 d-------- C:\Documents and Settings\Petar\Application Data\WinAlarm
2008-02-09 17:03:46         0 d-------- C:\Documents and Settings\Petar\Application Data\uTorrent
2008-02-02 23:04:19         0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-22 22:39:14         0 d-------- C:\Program Files\totalcmd
2008-01-19 17:16:14      1336 --a------ C:\Program Files\INSTALL.LOG
2008-01-19 15:19:35         0 d-------- C:\Program Files\The Bat!
2008-01-15 20:17:06      1128 --a------ C:\Documents and Settings\Petar\Application Data\NMM-MetaData.db
2008-01-14 16:44:55         0 d-------- C:\Documents and Settings\Petar\Application Data\Apple Computer
2008-01-14 15:25:22         0 d-------- C:\Program Files\AlbumArtDownloader
2008-01-13 19:50:57         0 d-------- C:\Documents and Settings\Petar\Application Data\dBpoweramp
2008-01-13 19:46:11         0 d-------- C:\Documents and Settings\Petar\Application Data\AccurateRip
2008-01-12 20:58:05         0 d-------- C:\Program Files\Canon
2008-01-12 20:58:03         0 d-------- C:\Program Files\Common Files\Canon
2008-01-12 16:24:31         0 d-------- C:\Documents and Settings\Petar\Application Data\ABBYY
2008-01-08 18:22:57      2942 --a------ C:\Documents and Settings\Petar\Application Data\prio.ini
2008-01-08 17:57:23         0 d-------- C:\Program Files\Java
2008-01-07 22:49:44         0 d-------- C:\Program Files\Nokia
2008-01-07 22:49:44         0 d-------- C:\Program Files\Common Files\Nokia
2008-01-07 22:46:24         0 d-------- C:\Program Files\DIFX
2008-01-07 22:46:23         0 d-------- C:\Documents and Settings\Petar\Application Data\Nokia
2008-01-07 22:46:06         0 d-------- C:\Program Files\Common Files\PCSuite
2008-01-07 22:45:57         0 d-------- C:\Documents and Settings\Petar\Application Data\PC Suite
2008-01-07 22:45:55         0 d-------- C:\Program Files\PC Connectivity Solution
2008-01-07 22:29:18         0 d-------- C:\Program Files\Paragon Software
2008-01-07 22:17:31         0 d-------- C:\Program Files\TagRename
2008-01-06 12:58:59         0 d-------- C:\Documents and Settings\Petar\Application Data\Adobe
2007-12-28 22:33:40         0 d-------- C:\Documents and Settings\Petar\Application Data\MiniLyrics
2007-12-27 19:22:08         0 d-------- C:\Documents and Settings\Petar\Application Data\vlc
2007-12-27 19:20:46         0 d-------- C:\Program Files\VideoLAN
2007-12-27 19:16:26         0 d-------- C:\Program Files\Alcohol Soft
2007-12-27 19:10:33         0 d-------- C:\Documents and Settings\Petar\Application Data\Maxthon2
2007-12-27 11:23:14         0 d-------- C:\Documents and Settings\Petar\Application Data\Vso
2007-12-27 11:23:13     47360 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-27 11:23:13        33 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.log
2007-12-27 11:23:13      1144 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.inf
2007-12-27 11:23:13      7887 --a------ C:\Documents and Settings\Petar\Application Data\pcouffin.cat
2007-12-24 21:57:37         0 d-------- C:\Documents and Settings\Petar\Application Data\DVDFab
2007-12-24 21:52:19         0 d-------- C:\Program Files\The KMPlayer
2007-12-24 21:46:46         0 d-------- C:\Program Files\Analog Devices
2007-12-24 21:41:46         0 d-------- C:\Program Files\ffdshow
2007-12-24 21:32:03         0 d-------- C:\Program Files\Minilyrics
2007-12-19 14:42:47         0 d-------- C:\Program Files\Intelore
2007-12-17 00:14:09         0 d-------- C:\Documents and Settings\Petar\Application Data\Intelore
2007-12-16 13:27:10         0 d-------- C:\Documents and Settings\Petar\Application Data\UpdateStar
2007-12-08 01:06:20       274 --a------ C:\Documents and Settings\Petar\Application Data\ex_log.txt
2007-12-03 16:34:26      7680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-11-29 12:52:32     60273 --a------ C:\WINDOWS\system32\pthreadGC2.dll <Not Verified; Open Source Software community project; >


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinAlarm"="C:\Program Files\WinAlarm\WinAlarm.exe" [2004-04-02 06:03]
"nwiz"="nwiz.exe" [2006-10-22 11:22 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 15:30]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-11-10 20:12]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-10-23 18:51]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 16:30]
"ATITool"="C:\Program Files\ATITool\ATITool.exe" [2006-12-08 16:23]
"AtiPTA"="C:\WINDOWS\SYSTEM32\ATIPTAXX.EXE" [2006-02-22 01:05]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-12-18 21:34]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-07-13 07:12]
"Phase One Media Reader"="C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe" [2007-04-24 20:31]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2008-02-13 01:28]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:23]
"Red Swoosh"="C:\Program Files\RSSoft\RedSwoosh.exe" [2007-02-27 02:30]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog

C:\Documents and Settings\Petar\Start Menu\Programs\Startup\
The RAS Logger System.lnk - C:\Documents and Settings\Petar\Application Data\Microsoft\Installer\{6D2E7D97-77E7-487B-9466-5233916ADB49}\_26e91eb.exe [2007-11-06 11:48:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-05 00:49:13]
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [2007-10-05 01:00:40]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=prio.dll,C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

[color=red]SafeBoot registry key needs repairs. This machine cannot enter Safe Mode.[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcSs]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Qshelf.lnk]
backup=C:\WINDOWS\pss\Qshelf.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Petar^Start Menu^Programs^Startup^Anapod Manager.lnk]
backup=C:\WINDOWS\pss\Anapod Manager.lnkStartup


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
"C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\drvsyskit]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
"C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai    Akamai


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{358fb807-7900-11dc-9c8f-c28f287c6bfd}]
AutoRun\command- H:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ce64c0-a403-11dc-80fe-c929521e7eb4}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{36ce64c2-a403-11dc-80fe-c929521e7eb4}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a03bf5de-c7f6-11dc-a23f-b1bcf80735e8}]
Auto\command- AdobeR.exe e
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL AdobeR.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b72f899a-b4a7-11dc-8132-d6a2c3cd9bb5}]
AutoRun\command- H:\setup.exe




-- Hosts -----------------------------------------------------------------------

127.0.0.1 mpa.one.microsoft.com
127.255.255.255 serial.alcohol-soft.com


-- End of Deckard's System Scanner: finished at 2008-02-13 01:29:02 ------------


...
 
Odgovor na temu

[es] :: Zaštita :: dali moze da se popravi?

Strane: 1 2

[ Pregleda: 10728 | Odgovora: 29 ] > FB > Twit

Postavi temu Odgovori

Srodne teme
Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.