Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.

Problem oko sistema

[es] :: Zaštita :: Problem oko sistema

Strane: 1 2

[ Pregleda: 8009 | Odgovora: 27 ] > FB > Twit

Postavi temu Odgovori

Autor

Pretraga teme: Traži
Markiranje Štampanje RSS

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
79.101.138.*



Profil

icon Problem oko sistema24.01.2010. u 11:22 - pre 172 meseci
juce nisam imao sta da "radim"pa sam isprobavao mcafee antivirus,naso je neke sitnice koje sam vec znao da ih ima u sistem volume,ali kada sam resio da ga deinstaliram(mcafee) sa revo pocelo nesto da blokira nekako sam uspeo da ga izbrisem i posle restarta je izaslo ovo obavestenje

hteo sam da pogledam u pomocnik za pretragu dali nije ostao neki trag kad ono tu samo kucence a sve ostalo obrisano,onda pokusam da bekapujem sistem ali ne moze da otvori uopste oporavak sistema,osim toga pukli su mozila,tune up,windows media player izlazi ovo obavestenje:

znaci uspem da ih otvorim ali odmah blokiraju.
deinstalirao sam te programe i opet instalirao ali nista, ne rade,sve ostalo radi perfektno,google chrome opera rade super download ide, rade svi playeri itd...
pokusao sam popravku sistema preko run > SFC /scannow sa odgovarajucim diskom ali nista odradi do kraja i to je to nista ne popravi,probao sam sa Advanced SystemCare odradio je sve ali nista nije popravio.
iz biosa odradeo vracanje sistema putem chkdsk recovery sistema...i delimicno se popravilo stanje,uspem da otvorim mozilu nadje google stranicu i onda posle 5 sekunde blokira zamrzne se i pojavi se prozor:this program is not responding!!!!
ima li neko neku ideju ili mora obaranje sistema!!!!
p.s.pustio sam i specijalni alat za deinstalaciju i ciscenje mcafee-a da ga ocisti i ocistio je sve tragove ali se nista nije popravilo!!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 13:51 - pre 172 meseci
Skini program Malwarebytes' Anti-Malware
Update-uj ga pa idi na Quick Scan...cisto da bi proverili da li mozda problem pravi malware.
Po zavrsetku procesa klikni OK, Show Results >>> klikni Remove Selected.

Po zavrsetku ciscenja zakaci MBAM log na forum i reci nam ima li poboljsanja.

Posle skeniranja postavi svez HijackThis log na forum (imas uputsvo u top temi o nacinu koriscenja)

[Ovu poruku je menjao magna86 dana 24.01.2010. u 15:33 GMT+1]
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
79.101.138.*



Profil

icon Re: Problem oko sistema24.01.2010. u 15:14 - pre 172 meseci
ovako vec sam imao malwerebytes ali kada da ga pokrenem kaze neka greska,ja ga deinstaliram instaliram novi sve se lepo instaliralo ali kada da odradim update izbacuje ovo:

medjutim odskenirao sam i bez update i evo loga:
Malwarebytes' Anti-Malware 1.40
Verzija baze podataka: 2551
Windows 5.1.2600 Service Pack 2

24.1.2010 15:46:11
mbam-log-2010-01-24 (15-46-08).txt

Tip skeniranja: Brzo Skeniranje
Skeniranih objekata: 89302
Proteklo vreme: 3 minute(s), 12 second(s)

Inficirani procesi u memoriji: 0
Inficirani moduli u memoriji: 0
Inficirani ključevi u registru: 0
Inficirane vrednosti u registru: 0
Inficirani podaci u registru: 3
Inficirane fascikle: 0
Inficirane datoteke: 0

Inficirani procesi u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani moduli u memoriji:
(Maliciozne stavke nisu detektovane)

Inficirani ključevi u registru:
(Maliciozne stavke nisu detektovane)

Inficirane vrednosti u registru:
(Maliciozne stavke nisu detektovane)

Inficirani podaci u registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Inficirane fascikle:
(Maliciozne stavke nisu detektovane)

Inficirane datoteke:
(Maliciozne stavke nisu detektovane)
pc je skeniran sa a-squared,sa trend micro housecall,dr web curelt(koji nisu imali nikakvih problema sa update-om)i nista nisu nasli!
evo hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:48:44, on 24.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\mspaint.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Korisnik\LOCALS~1\Temp\Rar$EX00.094\boban.exe

O4 - HKLM\..\Run: [WinPatrol] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\CyberLink\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\CyberLink\PowerCinema\Kernel\TV\CLSched.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe

napomena ovo: O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll,je mozda od programa winstock fix,koga sam koristio da popravim konekciju,pokusao sam da ga fiksujem ali nece nikako da se obrise,probao sam i sa kill box ali nece,ne znam dali je problem tu ili......????
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 15:17 - pre 172 meseci
procitaj Top temu o koriscenju Combofix programa pa odradi po uputstvu

http://www.elitesecurity.org/t...e-programa-HijackThis-ComboFix

i ta 010 stavka je "Microsoft Client Services for Netware" i legitimna je.
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
79.101.138.*



Profil

icon Re: Problem oko sistema24.01.2010. u 16:14 - pre 172 meseci
druze hijack this mi je bio vec preimenovan u boban.exe,ali mi kazi el treba nesto da fiksujem combom ili ne,jer cini mi se da u logu nema nista sumnjivo!!
p.s.evo odjednom je mozila proradela!!!! evo bas sada je testiram i radi extra.
znaci ostalo samo pomocnik za pretragu i sistem restore!



ok.nisam odmah ukapirao,verovatno si mislio da odradim log combo fix-om pa da postavim log!!

[Ovu poruku je menjao bobanz75 dana 24.01.2010. u 17:25 GMT+1]
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 16:54 - pre 172 meseci
Citat:
ok.nisam odmah ukapirao,verovatno si mislio da odradim log combofix-om pa da postavim log!!


aha ;)
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 17:43 - pre 172 meseci
combogfix me je obavestio da nemam recovery sistem i pitao dali da ga download-ujem i instaliram,prihvatio sam i on je sve zavrsio i postavio log.
kada kada je zavrsio combofix proverim pc i vidim sve se vratilo u normalu cak i recovery sistem ima tacke pre havarije.
e sada evo loga eventualno ako ima nesto da se fix-uje ako ne kazi mi kako se deinstalira combofix!!!

ComboFix 10-01-23.06 - Korisnik 24.01.2010 17:33:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2047.1514 [GMT 1:00]
Running from: c:\documents and settings\Korisnik\Desktop\ComboFix.exe
.
ADS - WINDOWS: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.com
c:\windows\system32\NTVBSvcW.tlb
c:\windows\system32\taskmgr.com

.
((((((((((((((((((((((((( Files Created from 2009-12-24 to 2010-01-24 )))))))))))))))))))))))))))))))
.

2010-01-24 14:40 . 2009-08-03 12:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 14:40 . 2010-01-24 14:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-24 14:40 . 2009-08-03 12:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-23 23:49 . 2010-01-23 23:52 -------- d-----w- C:\!KillBox
2010-01-23 21:46 . 2010-01-23 21:46 -------- d-----w- c:\program files\MSXML 6.0
2010-01-23 18:40 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-23 18:40 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-23 18:40 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-23 18:40 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-23 18:40 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-23 18:40 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-23 18:40 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-23 18:40 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-23 18:40 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-23 18:40 . 2004-08-03 23:56 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-23 18:38 . 2001-08-17 21:36 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-23 18:37 . 2004-08-03 21:41 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-01-23 18:36 . 2004-08-03 22:00 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-01-23 18:36 . 2001-08-17 12:28 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-01-23 18:36 . 2001-08-17 12:28 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-01-23 18:36 . 2001-08-17 12:28 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2010-01-23 18:36 . 2004-08-03 23:56 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-01-23 18:36 . 2001-08-17 21:36 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-01-23 18:36 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-23 18:36 . 2001-08-17 12:51 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-01-23 18:36 . 2004-08-03 22:00 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2010-01-23 18:36 . 2001-08-17 12:53 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-01-23 18:36 . 2001-08-17 12:53 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-01-23 18:36 . 2001-08-17 12:53 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-01-23 18:34 . 2004-08-03 23:56 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-01-23 18:33 . 2001-08-17 12:52 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-01-23 18:32 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-23 18:31 . 2001-08-17 21:36 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-01-23 18:30 . 2001-08-17 11:10 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2010-01-23 18:29 . 2004-08-03 22:00 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-23 18:28 . 2004-08-03 23:56 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-01-23 18:27 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-23 16:28 . 2010-01-23 16:29 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-01-23 15:32 . 2010-01-23 15:32 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-22 23:59 . 2009-11-24 23:48 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-01-22 23:59 . 2009-11-24 23:49 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-01-22 23:59 . 2009-11-24 23:47 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-01-22 23:59 . 2009-11-24 23:51 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-01-22 23:59 . 2009-11-24 23:47 97480 ----a-w- c:\windows\system32\AvastSS.scr
2010-01-22 23:59 . 2009-09-15 11:56 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-01-22 23:59 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-01-22 23:59 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-01-22 23:59 . 2009-11-24 23:54 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2010-01-22 20:44 . 2010-01-22 20:44 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Sophos
2010-01-22 20:41 . 2010-01-22 20:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos
2010-01-22 18:38 . 2010-01-22 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-22 18:37 . 2010-01-22 20:01 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SUPERAntiSpyware.com
2010-01-21 23:39 . 2010-01-21 23:54 -------- d-----w- c:\program files\IKARUS
2010-01-21 22:20 . 2010-01-21 22:58 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Webroot
2010-01-21 21:36 . 2010-01-21 21:36 -------- d-----w- c:\program files\Common Files\Skype
2010-01-21 19:42 . 2010-01-21 21:11 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-21 19:02 . 2010-01-21 19:35 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2010-01-21 19:01 . 2010-01-21 21:12 -------- d-----w- c:\program files\Common Files\BitDefender
2010-01-21 18:15 . 2010-01-21 18:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Panda Security
2010-01-21 18:09 . 2010-01-21 18:09 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-01-21 18:09 . 2010-01-21 18:09 -------- d-----w- c:\program files\Panda Security
2010-01-20 21:17 . 2010-01-21 18:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-01-20 20:23 . 2010-01-20 21:16 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-14 12:04 . 2010-01-14 12:04 -------- d-----w- c:\documents and settings\All Users\Application Data\D167
2010-01-14 10:15 . 2010-01-14 10:15 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Media Player Classic
2010-01-14 10:14 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-14 10:14 . 2009-07-14 00:15 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-14 10:14 . 2009-07-14 00:15 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-14 10:14 . 2008-11-06 16:37 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-14 10:14 . 2010-01-14 12:29 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-01-14 09:47 . 2010-01-14 09:47 -------- d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-01-14 09:47 . 2010-01-14 09:47 -------- d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-01-14 09:47 . 2010-01-14 10:25 -------- d-----w- c:\program files\DScaler5
2010-01-14 09:47 . 2010-01-14 10:25 -------- d-----w- c:\program files\AC3Filter
2010-01-14 09:46 . 2010-01-14 10:24 -------- d-----w- c:\program files\OpenSource Flash Video Splitter
2010-01-14 08:17 . 2010-01-14 10:24 -------- d-----w- c:\program files\DirectVobSub
2010-01-14 08:17 . 2010-01-14 08:46 -------- d-----w- c:\program files\Haali
2010-01-14 08:17 . 2010-01-14 08:17 -------- d-----w- c:\program files\Bass Audio Decoder
2010-01-14 08:14 . 2010-01-14 09:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\vlc
2010-01-14 07:47 . 2010-01-14 09:37 -------- d-----w- c:\program files\Ringz Studio
2010-01-05 13:21 . 2010-01-05 13:21 -------- d-----w- c:\program files\MSECache
2010-01-05 11:04 . 2010-01-05 11:04 -------- d-----w- c:\program files\WinDjView
2009-12-30 19:01 . 2009-12-30 19:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton Installer
2009-12-30 11:55 . 2010-01-23 19:50 -------- d-----w- c:\windows\system32\NtmsData
2009-12-29 23:42 . 2009-12-29 23:46 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Audacity
2009-12-29 23:42 . 2009-12-29 23:42 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-29 23:21 . 2009-12-29 23:21 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\RadarSync
2009-12-29 23:21 . 2009-12-09 09:26 458664 ----a-w- c:\documents and settings\All Users\Application Data\iolo\IRestartStub.exe
2009-12-29 23:20 . 2009-12-29 23:20 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-29 23:14 . 2009-12-29 23:25 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Disk Cleaner
2009-12-29 23:08 . 2009-12-29 23:21 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2009-12-29 23:08 . 2009-12-29 23:20 -------- d-----w- c:\documents and settings\Korisnik\Application Data\iolo
2009-12-26 23:31 . 2010-01-23 16:30 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-26 23:31 . 2009-04-27 12:21 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-26 23:31 . 2010-01-23 16:29 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-26 00:08 . 2010-01-21 12:07 44672 ----a-w- c:\windows\system32\drivers\SDTHOOK.SYS
2009-12-25 23:49 . 2009-12-25 23:49 524288 ----a-w- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr
2009-12-25 23:49 . 2009-12-25 23:49 34304 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Symantec Threat Monitor, Powered By DeepSight\saver1.dll
2009-12-25 23:49 . 2009-12-25 23:49 18192 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Symantec Threat Monitor, Powered By DeepSight\saver2.dll
2009-12-25 23:49 . 2009-12-25 23:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime
2009-12-25 23:49 . 2009-12-25 23:50 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Screentime

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-24 15:45 . 2009-10-21 22:35 -------- d-----w- c:\program files\a-squared Free
2010-01-23 21:36 . 2009-10-02 15:30 -------- d-----w- c:\program files\geswall
2010-01-23 16:28 . 2009-06-27 19:44 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{55A29068-F2CE-456C-9148-C869879E2357}
2010-01-23 15:31 . 2008-09-26 13:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-23 15:27 . 2009-11-07 22:10 -------- d-----w- c:\program files\Nexus Radio
2010-01-22 22:59 . 2009-03-09 10:05 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2010-01-22 22:58 . 2009-03-09 10:08 -------- d-----w- c:\documents and settings\Korisnik\Application Data\skypePM
2010-01-21 22:59 . 2009-12-10 21:57 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-01-21 21:36 . 2009-03-09 10:04 -------- d-----r- c:\program files\Skype
2010-01-21 21:36 . 2009-03-09 10:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-01-21 18:09 . 2009-12-14 16:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
2010-01-20 19:12 . 2008-12-03 18:35 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2010-01-17 19:04 . 2009-08-22 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-01-14 17:41 . 2008-06-05 17:26 -------- d-----w- c:\documents and settings\Korisnik\Application Data\ZoomBrowser EX
2010-01-14 10:35 . 2008-12-17 18:06 -------- d-----w- c:\program files\Common Files\Real
2010-01-05 13:23 . 2008-05-21 13:07 69032 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-01 18:09 . 2009-10-16 21:53 -------- d-----w- c:\program files\cladDVD.NET 3.5.7
2009-12-29 22:15 . 2009-09-12 14:37 504024 ----a-w- c:\documents and settings\Korisnik\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-12-17 22:33 . 2008-10-07 20:04 65144 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 23:14 . 2009-12-14 23:14 -------- d-----w- c:\program files\AoA Audio Extractor
2009-12-14 16:32 . 2009-07-28 10:03 -------- d-----w- c:\program files\Panda USB Vaccine
2009-12-12 14:15 . 2003-05-15 06:39 178176 ----a-w- c:\windows\system32\unrar.dll
2009-12-12 07:20 . 2009-09-22 12:41 -------- d-----w- c:\program files\Unlocker
2009-12-10 22:42 . 2009-12-10 21:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2009-12-08 00:02 . 2009-12-08 00:02 -------- d-----w- c:\documents and settings\Korisnik\Application Data\SpamBayes
2009-11-28 13:54 . 2009-11-28 13:53 868352 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
2009-11-28 13:54 . 2009-11-28 13:53 53760 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\zlib.dll
2009-11-28 13:54 . 2009-11-28 13:53 1712128 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\GdiPlus.dll
2009-11-28 13:54 . 2009-11-28 13:53 640000 ----a-w- c:\documents and settings\All Users\Application Data\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\dbghelp.dll
2009-11-26 18:26 . 2009-01-05 10:48 -------- d-----w- c:\program files\Opera 10 Preview
2009-11-19 19:36 . 2009-11-19 19:36 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-11-19 19:36 . 2009-11-19 19:36 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-11-19 00:32 . 2009-11-19 00:31 6147544 ----a-w- c:\documents and settings\Korisnik\Application Data\GRETECH\GomPlayer\GrLauncherTempSetup.exe
2009-11-07 22:10 . 2009-11-07 22:10 126976 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\NewShortcut3_3578F861852C40E8B00D3E8FBA99B79A.exe
2009-11-07 22:10 . 2009-11-07 22:10 126976 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\NewShortcut1_3578F861852C40E8B00D3E8FBA99B79A.exe
2009-11-07 22:10 . 2009-11-07 22:10 10134 ----a-r- c:\documents and settings\Korisnik\Application Data\Microsoft\Installer\{3050C7C3-DA0C-4DE8-AF7C-AB0BA152C0D7}\ARPPRODUCTICON.exe
2009-11-05 19:00 . 2009-11-05 19:00 164 ----a-w- c:\windows\install.dat
2009-10-30 15:18 . 2009-10-30 15:18 146952 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2009-08-16 20:07 . 2009-08-16 19:54 2 --shatr- c:\windows\winstart.bat
2009-06-11 16:42 . 2009-06-11 16:42 21 --sha-r- c:\windows\system32\101207.cmd
2009-08-24 13:23 . 2009-08-24 13:19 80 --sh--r- c:\windows\system32\224A26C87A.dll
2009-06-11 16:42 . 2009-06-11 16:42 83 --sha-r- c:\windows\system32\9055.vbs
2009-06-11 16:42 . 2009-06-11 16:42 17 --sha-r- c:\windows\system32\config\101007.cmd
2009-06-11 16:42 . 2009-06-11 16:42 21 --sha-r- c:\windows\system32\config\101207.cmd
2009-06-11 16:42 . 2009-06-11 16:42 83 --sha-r- c:\windows\system32\config\9055.vbs
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]
@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"
[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Pending Delete Icon]
@="{0847B599-9191-4A27-BD61-DE11598D3B1B}"
[HKEY_CLASSES_ROOT\CLSID\{0847B599-9191-4A27-BD61-DE11598D3B1B}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]
@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"
[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]
2009-11-02 08:00 312576 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-07-27 341312]
"PCMService"="c:\program files\CyberLink\PowerCinema\PCMService.exe" [2007-02-09 159744]
"PSUNMain"="c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2009-10-30 361728]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFileUrl"= 0 (0x0)
"NoUpdateCheck"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Neobee Speeedy Internet Accelerator.lnk]
backup=c:\windows\pss\Neobee Speeedy Internet Accelerator.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Adobe Gamma.lnk]
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^Secunia PSI.lnk]
backup=c:\windows\pss\Secunia PSI.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Korisnik^Start Menu^Programs^Startup^_uninstall_is-1F4TO.bat]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\a-squared
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Device Detector]
DevDetect.exe -autorun [X]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriverMagicSchedule
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PhoneRecorderPlus
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SlipStream
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ThreatFire
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrojanScanner
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]
2007-10-04 16:38 307200 ----a-w- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]
2009-03-16 20:16 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-03 22:56 15360 ------w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-08-18 15:58 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-03-11 19:34 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2009-08-03 12:36 419088 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
2005-02-10 15:00 1937408 ------w- c:\program files\Ahead\Nero BackItUp\NBJ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 08:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nexus Radio]
2009-09-15 18:49 4745216 ----a-w- c:\program files\Nexus Radio\Nexus Radio.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCMService]
2007-02-09 14:34 159744 ------w- c:\program files\CyberLink\PowerCinema\PCMService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-12 17:16 65536 ----a-w- c:\program files\ASUS\ASUS Remote\RemoteControlAppl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\startccc]
2009-03-17 19:24 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
2006-11-26 18:30 97357 ----a-w- c:\program files\Ringz Studio\Storm Codec\StormSet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-12-17 18:06 185872 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2009-10-26 07:33 15872 ----a-w- c:\program files\Unlocker\UnlockerAssistant.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZSSnp211]
2007-04-06 10:06 57344 ----a-w- c:\windows\ZSSnp211.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wuauserv"=2 (0x2)
"CLCapSvc"=2 (0x2)
"MDM"=2 (0x2)
"CCALib8"=2 (0x2)
"uxtuneup"=2 (0x2)
"tuneup.programstatisticssvc"=2 (0x2)
"sdCoreService"=2 (0x2)
"sdAuxService"=2 (0x2)
"PDEngine"=3 (0x3)
"PDAgent"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"ATI Smart"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"StarWindServiceAE"=2 (0x2)
"WZCSVC"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"SCardSvr"=3 (0x3)
"IS360service"=2 (0x2)
"SPIDERNT"=2 (0x2)
"DrWebEngine"=2 (0x2)
"RichVideo"=2 (0x2)
"OAcat"=2 (0x2)
"MBAMService"=2 (0x2)
"a2free"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"CTFMON.EXE"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PowerCinema.exe"=
"c:\\Program Files\\CyberLink\\PowerCinema\\PCMService.exe"=
"c:\\Program Files\\Opera 10 Preview\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [13.2.2009 10:33 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [23.1.2010 0:59 114768]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [13.10.2009 15:50 114312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [23.1.2010 0:59 20560]
R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [26.8.2009 20:49 3424]
R2 NanoServiceMain;NanoServiceMain;c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [30.10.2009 17:29 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [30.10.2009 16:18 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [13.10.2009 15:50 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [13.10.2009 15:50 101512]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [13.4.2009 20:44 6852]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [21.5.2008 14:30 2831232]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [21.5.2008 15:41 469935]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [10.12.2008 15:56 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [10.12.2008 15:56 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [10.12.2008 15:56 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [10.12.2008 15:56 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [10.12.2008 15:56 86368]
S3 NTGUARD;NTGUARD;\??\c:\program files\IKARUS\virus.utilities\bin\NTGUARD.SYS --> c:\program files\IKARUS\virus.utilities\bin\NTGUARD.SYS [?]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [20.8.2009 14:54 92464]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\DRIVERS\TMPassthru.sys --> c:\windows\system32\DRIVERS\TMPassthru.sys [?]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\Drivers\VMUVC.sys --> c:\windows\system32\Drivers\VMUVC.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys --> c:\windows\system32\drivers\vvftav211.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftUVC.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [28.1.2009 19:07 1534464]
S4 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [21.10.2009 23:35 1858144]
S4 TZKESOAZ;TZKESOAZ; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-24 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-04-27 13:37]

2009-11-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

2010-01-24 c:\windows\Tasks\PandaUSBVaccine.job
- c:\program files\Panda USB Vaccine\RunInteractiveWin.exe [2009-07-28 15:45]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\6oxf5fhd.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\np_gp.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\Opera 10 Preview\program\plugins\npwmsdrm.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034} - (no file)
MSConfigStartUp-AdobeUpdater - :c:\program files\Common Files\Adobe\Updater\AdobeUpdater.exe
MSConfigStartUp-PWRISOVM - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-24 17:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(684)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-24 17:37:35
ComboFix-quarantined-files.txt 2010-01-24 16:37

Pre-Run: 30.907.056.128 bytes free
Post-Run: 30.931.251.200 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - C9205376E23581ABDF6800E251DDE54B
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 20:10 - pre 172 meseci
Otvori Notepad i kopiraj tekst koji se nalazi ispod:

Citat:
Driver::
TZKESOAZ


Klikni na File\Save as i sacuvaj tekst kao CFScript na desktop



Prati uputstvo sa slike i prevuci CFScript.txt preko ikonice ComboFix.exe
To ce startovati ComboFix, mozda ce doci do restarta sistema (to je normalno)
Kada zavrsi,pojavice se log (C:\ComboFix.txt)

..................................................................

Preuzmi http://files.thespykiller.co.uk/catchme.exe.

Dvoklikom pokreni catchme.exe i predi na Script tab.
U (beli) prozor programa iskopiraj tekst koji se nalazi unutar kod polja:

Citat:
files:
c:\windows\system32\drivers\PSINAflt.sys
c:\windows\system32\drivers\PSINFile.sys
c:\windows\system32\drivers\PSINProc.sys
c:\windows\system32\drivers\pxsec.sys



Klikni na taster Run

Kada se pojavi poruka sa obavestenjem, kliknuti OK


Kad zavrsi, na Desktopu ce se nalaziti file catchme.zip

Upload-uj ga preko megaupload.com i link mi posalji na PP



 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 20:32 - pre 172 meseci
!!!Upozorenje!!!

Malopre mi je prijavljena greska na Combofix-u.
Tvoja verzija Combofix-a je verovatno ispravna ali za svaki slucaj nemoj da pokreces ili skidas svez Combofix bez moje dozvole


odradi samo ovaj drugi korak ( Catchme )
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 22:21 - pre 172 meseci
kasno vec sam odradio sve i spremam se da uplodujem!!

evo proverio sam combofix na virustotal i ovo je pokazao!!!



[Ovu poruku je menjao bobanz75 dana 24.01.2010. u 23:48 GMT+1]
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 23:05 - pre 172 meseci
nisam mislio da Combofix upload-ujes na VT.
Combofix je skup vise programa i radi takve radnje da njegov kod AV detektuju kao maliciozni.
Zato i gasimo real time protection da ne bi omeo CF u radu. No...
desila se neka greska ( bag ) u radu Combofix-a.
Linkovi su offline.
Obrisi taj Combofix (ikonicu obrisi) a ove fajlove uploaduj na VT ( pojedinacno )

Citat:
c:\windows\system32\drivers\PSINAflt.sys
c:\windows\system32\drivers\PSINFile.sys
c:\windows\system32\drivers\PSINProc.sys
c:\windows\system32\drivers\pxsec.sys



Mozes upotrebiti program catchme (napisao sam u mom predhodnom postu kako) da bi ih skupio



PS: Na VirusTotal prvo uploaduj ovaj file:
c:\windows\system32\drivers\pxsec.sys

onda ostale fajlove

I jesi li ti pokretao Combofix posle mog upozorenja?
Ako jesi onda nadji i postavi mi ovaj log:
C:\Qoobox\ComboFix-quarantined-files.txt




 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 23:10 - pre 172 meseci
uplodovao ali posto sam ti vec poslao poruku pise mi da sacekam 6 000 sekundi!?!
kako da ti posaljem link??
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 23:19 - pre 172 meseci
ma nemoras mi poslati link...bitni su mi samo rezultati skeniranja tih fajlova.
nadji te fajlove i uploaduj ih na virustotal.
javi mi rezultate ( samo kopiraj link kao na slici)

Prikačeni fajlovi
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 23:24 - pre 172 meseci
znaci ovaj ga uopste i nema:
c:\windows\system32\drivers\pxsec.sys
ove ostale sam uplodovao cisti su,pokazalo mi da su to driveri od pande clouds!!!
evo i linka http://www.megaupload.com/?d=F33MXEG6
ne znam dali je bitno ali u svakoj particiji mi se pojavila fascikla autorun.inf!
i kazi da li iz c da brisem sve fascikl od combofix-a i od catchme!!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 23:27 - pre 172 meseci
Citat:
bobanz75
ove ostale sam uplodovao cisti su,pokazalo mi da su to driveri od pande clouds!!!
evo i linka http://www.megaupload.com/?d=F33MXEG6


Predpostavljao sam da jesu ali nisam bio siguran...
Hvala na linku

Hajde sad ovaj sto ga kao "nema"

Odradi ovo
http://www.bleepingcomputer.com/tutorials/tutorial62.html

pa pokusaj ponovo...
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 23:38 - pre 172 meseci
evo ti prvo ovaj log od combofix-a
2010-01-24 22:09:57 . 2010-01-24 22:09:57 2,048 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Service_TZKESOAZ.reg.dat
2010-01-24 22:09:57 . 2010-01-24 22:09:57 806 ----a-w- C:\Qoobox\Quarantine\Registry_backups\Legacy_TZKESOAZ.reg.dat
2010-01-24 22:08:09 . 2010-01-24 22:08:09 0 ----a-w- C:\Qoobox\Quarantine\catchme.txt
2010-01-24 16:36:41 . 2010-01-24 16:36:41 482 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-PWRISOVM.reg.dat
2010-01-24 16:36:40 . 2010-01-24 16:36:40 650 ----a-w- C:\Qoobox\Quarantine\Registry_backups\MSConfigStartUp-AdobeUpdater.reg.dat
2010-01-24 16:36:38 . 2010-01-24 16:36:38 161 ----a-w- C:\Qoobox\Quarantine\Registry_backups\ShellExecuteHooks-{4F07DA45-8170-4859-9B5F-037EF2970034}.reg.dat
2010-01-24 16:35:31 . 2010-01-24 22:09:50 8,623 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-01-24 16:30:24 . 2010-01-24 22:07:21 102 ----a-w- C:\Qoobox\Quarantine\catchme.log
2009-11-19 19:36:17 . 2004-08-03 22:56:58 135,680 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\TASKMGR.COM.vir
2009-11-19 19:36:17 . 2004-08-03 22:56:56 146,432 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\REGEDIT.COM.vir
2002-12-28 18:13:56 . 2002-12-28 18:13:56 7,980 ----a-w- C:\Qoobox\Quarantine\C\WINDOWS\system32\NTVBSvcW.tlb.vir

a onaga fajl nema odradeo sam da se vide svi skriveni fajlovi ali nema ga nigde!!!
pogledaj u mom prethodnom postu sta sam dopisao!!!
i hvala sto se mucis oko mene!!!
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 23:43 - pre 172 meseci
Ok..idemo dalje

Uz poruku sam ti prikacio file. Skini ga na Desktop

Pokreni ga dvoklikom...restartuj komp.

...................


Skini DDS Program na Desktop
http://download.bleepingcomputer.com/sUBs/dds.scr

Dvoklikom pokreni dds.scr

Kad zavrsi, DDS ce otvoriti dva loga:
1. DDS.txt
2. Attach.txt

Oba izvestaja sacuvaj na Desktop.
Kopiraj mi DDS.txt
Prikačeni fajlovi
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema24.01.2010. u 23:52 - pre 172 meseci
samo mi kazi kako da skinem ovaj bat file sto si prikacio???
 
Odgovor na temu

magna86
Anti Malware Fighter

Član broj: 189287
Poruke: 557

Sajt: www.mycity.rs/Ambulanta


+16 Profil

icon Re: Problem oko sistema24.01.2010. u 23:58 - pre 172 meseci
sorry..moja greska...sad sam ga rar-ovao i zakacio novi
skini ga na Desktop..exstraktuj ga...pokreni ga...restartuj komp...i daj mi DDS log

evo ga file
Prikačeni fajlovi
 
Odgovor na temu

bobanz75
zivkovic boban
nezaposlen
zajecar

Član broj: 209593
Poruke: 14
*.dynamic.isp.telekom.rs.



Profil

icon Re: Problem oko sistema25.01.2010. u 00:06 - pre 172 meseci
evo druze!!


DDS (Ver_09-12-01.01) - NTFSx86
Run by Korisnik at 1:04:15,98 on pon 25.01.2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2047.1362 [GMT 1:00]

AV: Panda Cloud Antivirus *On-access scanning enabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
AV: avast! antivirus 4.8.1368 [VPS 100124-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\CyberLink\PowerCinema\PCMService.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Korisnik\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [WinPatrol] "c:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [PCMService] "c:\program files\cyberlink\powercinema\PCMService.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
uPolicies-explorer: NoFileUrl = 0 (0x0)
uPolicies-explorer: NoUpdateCheck = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\korisnik\applic~1\mozilla\firefox\profiles\6oxf5fhd.default\
FF - prefs.js: browser.search.selectedEngine - Surf Canyon
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - plugin: c:\documents and settings\korisnik\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\np_gp.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npdsplay.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\NPSWF32.dll
FF - plugin: c:\program files\opera 10 preview\program\plugins\npwmsdrm.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-2-13 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2010-1-23 114768]
R1 PSINKNC;PSINKNC;c:\windows\system32\drivers\PSINKNC.sys [2009-10-13 114312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-23 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2010-1-23 138680]
R2 DirectNT;DirectNT;c:\windows\system32\drivers\DirectNT.sys [2009-8-26 3424]
R2 NanoServiceMain;NanoServiceMain;c:\program files\panda security\panda cloud antivirus\PSANHost.exe [2009-10-30 136448]
R2 PSINAflt;PSINAflt;c:\windows\system32\drivers\PSINAflt.sys [2009-10-30 146952]
R2 PSINFile;PSINFile;c:\windows\system32\drivers\PSINFile.sys [2009-10-13 95880]
R2 PSINProc;PSINProc;c:\windows\system32\drivers\PSINProc.sys [2009-10-13 101512]
R2 Vcs;Vcs support;c:\windows\system32\drivers\Vcs.sys [2009-4-13 6852]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2008-5-21 2831232]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2010-1-23 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2010-1-23 352920]
R3 ham50;Intel V92 HaM Data Fax Voice;c:\windows\system32\drivers\IntelH51.sys [2008-5-21 469935]
S0 pxsec;pxsec;c:\windows\system32\drivers\pxsec.sys --> c:\windows\system32\drivers\pxsec.sys [?]
S1 anf0100.sys;anf0100.sys;\??\c:\windows\system32\drivers\anf0100.sys --> c:\windows\system32\drivers\anf0100.sys [?]
S2 Sophos AutoUpdate Service;Sophos AutoUpdate Service; [x]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?]
S3 K320bus;Sony Ericsson K320 driver (WDM);c:\windows\system32\drivers\K320bus.sys [2008-12-10 61504]
S3 K320mdfl;Sony Ericsson K320 USB WMC Modem Filter;c:\windows\system32\drivers\K320mdfl.sys [2008-12-10 9328]
S3 K320mdm;Sony Ericsson K320 USB WMC Modem Driver;c:\windows\system32\drivers\K320mdm.sys [2008-12-10 97056]
S3 K320mgmt;Sony Ericsson K320 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\K320mgmt.sys [2008-12-10 88560]
S3 K320obex;Sony Ericsson K320 USB WMC OBEX Interface;c:\windows\system32\drivers\K320obex.sys [2008-12-10 86368]
S3 NTGUARD;NTGUARD;\??\c:\program files\ikarus\virus.utilities\bin\ntguard.sys --> c:\program files\ikarus\virus.utilities\bin\NTGUARD.SYS [?]
S3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys --> c:\windows\system32\drivers\pxkbf.sys [?]
S3 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-8-20 92464]
S3 TMPassthruMP;TMPassthruMP;c:\windows\system32\drivers\tmpassthru.sys --> c:\windows\system32\drivers\TMPassthru.sys [?]
S3 VMUVC;Vimicro Camera Service VMUVC;c:\windows\system32\drivers\vmuvc.sys --> c:\windows\system32\drivers\VMUVC.sys [?]
S3 vvftav211;vvftav211;c:\windows\system32\drivers\vvftav211.sys --> c:\windows\system32\drivers\vvftav211.sys [?]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC;c:\windows\system32\drivers\vvftuvc.sys --> c:\windows\system32\drivers\vvftUVC.sys [?]
S3 ZSMC30x;USB PC Camera Service ZSMC30x;c:\windows\system32\drivers\ZS211.sys [2009-1-28 1534464]
S4 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-10-21 1858144]
S4 StarWindServiceAE;StarWind AE Service; [x]

=============== Created Last 30 ================

2010-01-24 16:33:00 0 d-sha-r- C:\cmdcons
2010-01-24 16:30:27 98816 ----a-w- c:\windows\sed.exe
2010-01-24 16:30:27 77312 ----a-w- c:\windows\MBR.exe
2010-01-24 16:30:27 261632 ----a-w- c:\windows\PEV.exe
2010-01-24 16:30:27 161792 ----a-w- c:\windows\SWREG.exe
2010-01-24 14:40:49 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-24 14:40:48 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-24 14:40:48 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-23 21:46:53 0 d-----w- c:\program files\MSXML 6.0
2010-01-23 19:26:15 68608 -c--a-w- c:\windows\system32\dllcache\plugin.ocx
2010-01-23 18:40:24 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-01-23 18:40:24 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-01-23 18:40:24 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-01-23 18:40:24 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-01-23 18:40:23 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-01-23 18:40:09 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-01-23 18:40:08 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-01-23 18:40:07 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-01-23 18:40:04 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-01-23 18:40:03 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-01-23 18:38:58 94720 -c--a-w- c:\windows\system32\dllcache\umaxud32.dll
2010-01-23 18:37:58 13240 -c--a-w- c:\windows\system32\dllcache\slwdmsup.sys
2010-01-23 18:36:59 6016 -c--a-w- c:\windows\system32\dllcache\qic157.sys
2010-01-23 18:36:55 130942 -c--a-w- c:\windows\system32\dllcache\ptserlv.sys
2010-01-23 18:36:55 128286 -c--a-w- c:\windows\system32\dllcache\ptserli.sys
2010-01-23 18:36:55 112574 -c--a-w- c:\windows\system32\dllcache\ptserlp.sys
2010-01-23 18:36:54 159232 -c--a-w- c:\windows\system32\dllcache\ptpusd.dll
2010-01-23 18:36:53 5632 -c--a-w- c:\windows\system32\dllcache\ptpusb.dll
2010-01-23 18:36:53 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-01-23 18:36:52 16128 -c--a-w- c:\windows\system32\dllcache\pscr.sys
2010-01-23 18:36:36 7552 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-01-23 18:36:36 17792 -c--a-w- c:\windows\system32\dllcache\ppa.sys
2010-01-23 18:36:36 17664 -c--a-w- c:\windows\system32\dllcache\ppa3.sys
2010-01-23 18:36:35 7168 -c--a-w- c:\windows\system32\dllcache\pnrmc.sys
2010-01-23 18:34:59 4274816 -c--a-w- c:\windows\system32\dllcache\nv4_disp.dll
2010-01-23 18:33:55 6528 -c--a-w- c:\windows\system32\dllcache\miniqic.sys
2010-01-23 18:32:40 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-01-23 18:31:59 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-01-23 18:30:59 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2010-01-23 18:29:56 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-01-23 18:28:59 32768 -c--a-w- c:\windows\system32\dllcache\ativtmxx.dll
2010-01-23 18:27:44 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-01-23 16:28:56 0 d-----w- c:\program files\TuneUp Utilities 2009
2010-01-23 15:32:42 160272 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-01-22 23:00:07 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-01-22 20:41:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Sophos
2010-01-22 18:38:00 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-22 18:37:35 0 d-----w- c:\docume~1\korisnik\applic~1\SUPERAntiSpyware.com
2010-01-21 23:39:13 0 d-----w- c:\program files\IKARUS
2010-01-21 22:20:02 0 d-----w- c:\docume~1\korisnik\applic~1\Webroot
2010-01-21 19:42:35 81984 ----a-w- c:\windows\system32\bdod.bin
2010-01-21 19:02:17 0 d-----w- c:\docume~1\alluse~1\applic~1\BitDefender
2010-01-21 19:01:45 0 d-----w- c:\program files\common files\BitDefender
2010-01-21 18:15:22 0 d-----w- c:\docume~1\korisnik\applic~1\Panda Security
2010-01-21 18:09:23 264 ----a-w- c:\windows\system32\PSUNCpl.dat
2010-01-21 18:09:10 0 d-----w- c:\program files\Panda Security
2010-01-20 21:17:48 0 d-----w- c:\docume~1\alluse~1\applic~1\Avira
2010-01-20 20:23:44 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-01-14 12:04:13 0 d-----w- c:\docume~1\alluse~1\applic~1\D167
2010-01-14 11:55:50 483328 ----a-w- c:\windows\system32\actskn45.ocx
2010-01-14 10:14:14 38 ----a-w- c:\windows\avisplitter.ini
2010-01-14 10:14:13 839680 ----a-w- c:\windows\system32\lameACM.acm
2010-01-14 10:14:13 414 ----a-w- c:\windows\system32\lame_acm.xml
2010-01-14 10:14:13 118784 ----a-w- c:\windows\system32\ac3acm.acm
2010-01-14 10:14:12 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-01-14 10:14:11 90112 ----a-w- c:\windows\system32\dpl100.dll
2010-01-14 10:14:11 685056 ----a-w- c:\windows\system32\divx.dll
2010-01-14 10:14:11 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2010-01-14 10:14:09 0 d-----w- c:\program files\K-Lite Codec Pack
2010-01-14 09:47:27 0 d-----w- c:\program files\MONOGRAM AMR SplitterDecoder
2010-01-14 09:47:24 0 d-----w- c:\program files\OpenSource DTSAC3DD+ Source Filter
2010-01-14 09:47:19 0 d-----w- c:\program files\DScaler5
2010-01-14 09:47:09 497664 ----a-w- c:\windows\system32\ac3filter.acm
2010-01-14 09:47:09 0 d-----w- c:\program files\AC3Filter
2010-01-14 09:46:43 0 d-----w- c:\program files\OpenSource Flash Video Splitter
2010-01-14 08:17:54 0 d-----w- c:\program files\DirectVobSub
2010-01-14 08:17:44 0 d-----w- c:\program files\Haali
2010-01-14 08:17:28 0 d-----w- c:\program files\Bass Audio Decoder
2010-01-14 07:47:16 0 d-----w- c:\program files\Ringz Studio
2010-01-05 13:21:04 0 d-----w- c:\program files\MSECache
2010-01-05 11:04:47 0 d-----w- c:\program files\WinDjView
2009-12-30 19:04:51 19214336 ----a-w- c:\documents and settings\korisnik\s-1-5-21-448539723-725345543-839522115-1003.rrr
2009-12-30 19:01:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton Installer
2009-12-30 11:55:09 0 d-----w- c:\windows\system32\NtmsData
2009-12-29 23:42:03 0 d-----w- c:\program files\Audacity 1.3 Beta (Unicode)
2009-12-29 23:20:24 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-12-29 23:14:41 0 d-----w- c:\docume~1\korisnik\applic~1\Disk Cleaner
2009-12-29 23:08:33 0 d-----w- c:\docume~1\korisnik\applic~1\iolo
2009-12-29 23:08:33 0 d-----w- c:\docume~1\alluse~1\applic~1\iolo
2009-12-26 23:31:34 604416 ----a-w- c:\windows\system32\TUProgSt.exe
2009-12-26 23:31:33 28928 ----a-w- c:\windows\system32\uxtuneup.dll
2009-12-26 23:31:32 361216 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-26 00:08:36 44672 ----a-w- c:\windows\system32\drivers\SDTHOOK.SYS

==================== Find3M ====================

2010-01-21 22:59:37 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-25 23:49:57 524288 ----a-w- c:\windows\system32\Symantec Threat Monitor, Powered By DeepSight.scr
2009-12-12 14:15:30 178176 ----a-w- c:\windows\system32\unrar.dll
2009-11-19 19:36:20 554240 ----a-w- c:\windows\system32\msvcp80.dll
2009-11-19 19:36:19 34048 ----a-w- c:\windows\system32\eEmpty.exe
2009-08-16 20:07:05 2 --shatr- c:\windows\winstart.bat
2009-06-11 16:42:16 21 --sha-r- c:\windows\system32\101207.cmd
2009-08-24 13:23:11 80 --sh--r- c:\windows\system32\224A26C87A.dll
2009-06-11 16:42:15 83 --sha-r- c:\windows\system32\9055.vbs
2009-06-11 16:42:15 17 --sha-r- c:\windows\system32\config\101007.cmd
2009-06-11 16:42:16 21 --sha-r- c:\windows\system32\config\101207.cmd
2009-06-11 16:42:15 83 --sha-r- c:\windows\system32\config\9055.vbs

============= FINISH: 1:05:02,53 ===============
 
Odgovor na temu

[es] :: Zaštita :: Problem oko sistema

Strane: 1 2

[ Pregleda: 8009 | Odgovora: 27 ] > FB > Twit

Postavi temu Odgovori

Navigacija
Lista poslednjih: 16, 32, 64, 128 poruka.