Kontrola

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:03:52 PM, on 5/17/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.21020)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\PremierOpinion\pmropn.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\Xtras\VisualTaskTips\VisualTaskTips.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
C:\WINDOWS\Mixer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
E:\Programi\VLC\vlc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Documents and Settings\Mirkovic\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.rs/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [VisualTaskTips] C:\Program Files\Xtras\VisualTaskTips\VisualTaskTips.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Programi\quik time plajer\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [C-Media Echo Control] C:\Program Files\PCI Audio Applications\Bin\EchoCtrl.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Programi\adobe\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [iParent] E:\\iParent.exe /t
O4 - HKLM\..\Run: [Power Saver] C:\DOCUME~1\Mirkovic\LOCALS~1\Temp\Rar$EX00.812\Power Saver.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [RAM Medic] C:\Program Files\Iomatic\RAM Medic\RAMMedic.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ShellToys XP Utility Manager] "C:\Program Files\CFi\ShellToys\CFiShlMan.exe" -start (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: PremierOpinion - C:\Program Files\PremierOpinion\pmls.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 6678 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa jedne od sledećih adresa na Desktop:


Bleeping Computer . . . . . Geeks to Go!
Klikni desnim tasterom na neki od linkova i odaberi opciju Save Target As... (Save As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
zatvori pokrenute programe;
deaktiviraj zaštitni softver (uputstvo);
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Maj 2009 9:30

ComboFix 09-05-17.04 - Mirkovic 05/18/2009 9:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.796 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ICON.ico

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 06:38 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 18:49 . 2009-04-02 14:41 -------- d-----w c:\program files\PremierOpinion
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"Ø[‘|€ø"= Ø[‘|€ø:Nod32 Service
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\program files\\premieropinion\\pmropn.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iParent - e:\\iParent.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-ShellToys XP Utility Manager - c:\program files\CFi\ShellToys\CFiShlMan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: e:\programi\adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npdsplay.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin2.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin3.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin4.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin5.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin6.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin7.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPSWF32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npwmsdrm.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin2.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin3.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin4.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin5.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin6.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728-)
c:\program files\PremierOpinion\pmls.dll
.
Completion time: 2009-05-18 9:26
ComboFix-quarantined-files.txt 2009-05-18 07:26
ComboFix2.txt 2009-02-02 21:21

Pre-Run: 595,345,408 bytes free
Post-Run: 631,730,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
172 --- E O F --- 2009-05-17 20:16

Dopuna: 18 Maj 2009 9:31

ComboFix 09-05-17.04 - Mirkovic 05/18/2009 9:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.796 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ICON.ico

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 06:38 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 18:49 . 2009-04-02 14:41 -------- d-----w c:\program files\PremierOpinion
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"Ø[‘|€ø"= Ø[‘|€ø:Nod32 Service
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\program files\\premieropinion\\pmropn.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iParent - e:\\iParent.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-ShellToys XP Utility Manager - c:\program files\CFi\ShellToys\CFiShlMan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: e:\programi\adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npdsplay.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin2.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin3.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin4.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin5.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin6.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin7.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPSWF32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npwmsdrm.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin2.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin3.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin4.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin5.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin6.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728-)
c:\program files\PremierOpinion\pmls.dll
.
Completion time: 2009-05-18 9:26
ComboFix-quarantined-files.txt 2009-05-18 07:26
ComboFix2.txt 2009-02-02 21:21

Pre-Run: 595,345,408 bytes free
Post-Run: 631,730,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
172 --- E O F --- 2009-05-17 20:16

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Maj 2009 9:30

ComboFix 09-05-17.04 - Mirkovic 05/18/2009 9:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.796 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ICON.ico

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 06:38 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 18:49 . 2009-04-02 14:41 -------- d-----w c:\program files\PremierOpinion
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"Ø[‘|€ø"= Ø[‘|€ø:Nod32 Service
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\program files\\premieropinion\\pmropn.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iParent - e:\\iParent.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-ShellToys XP Utility Manager - c:\program files\CFi\ShellToys\CFiShlMan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: e:\programi\adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npdsplay.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin2.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin3.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin4.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin5.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin6.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin7.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPSWF32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npwmsdrm.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin2.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin3.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin4.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin5.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin6.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728-)
c:\program files\PremierOpinion\pmls.dll
.
Completion time: 2009-05-18 9:26
ComboFix-quarantined-files.txt 2009-05-18 07:26
ComboFix2.txt 2009-02-02 21:21

Pre-Run: 595,345,408 bytes free
Post-Run: 631,730,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
172 --- E O F --- 2009-05-17 20:16

Dopuna: 18 Maj 2009 9:31

ComboFix 09-05-17.04 - Mirkovic 05/18/2009 9:20.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.796 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090517-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ICON.ico

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 06:38 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-04-11 18:49 . 2009-04-02 14:41 -------- d-----w c:\program files\PremierOpinion
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"Ø[‘|€ø"= Ø[‘|€ø:Nod32 Service
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\program files\\premieropinion\\pmropn.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-17 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-iParent - e:\\iParent.exe
HKU-Default-Run-TaskSwitchXP - c:\program files\TaskSwitchXP\TaskSwitchXP.exe
HKU-Default-Run-ShellToys XP Utility Manager - c:\program files\CFi\ShellToys\CFiShlMan.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll
FF - plugin: e:\programi\adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npdsplay.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin2.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin3.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin4.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin5.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin6.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin7.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPSWF32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npwmsdrm.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin2.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin3.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin4.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin5.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin6.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 09:23
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(728-)
c:\program files\PremierOpinion\pmls.dll
.
Completion time: 2009-05-18 9:26
ComboFix-quarantined-files.txt 2009-05-18 07:26
ComboFix2.txt 2009-02-02 21:21

Pre-Run: 595,345,408 bytes free
Post-Run: 631,730,176 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
c:\$win_nt$.~bt\BOOTSECT.DAT="Microsoft Windows XP Professional Setup"

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
172 --- E O F --- 2009-05-17 20:16

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\program files\PremierOpinion

Firefox::
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - component: c:\program files\PremierOpinion\components\pmxg.dll

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\program files\\premieropinion\\pmropn.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PremierOpinion]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-17.04 - Mirkovic 05/18/2009 22:31.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.782 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mirkovic\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090518-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\PremierOpinion
c:\program files\PremierOpinion\chrome.manifest
c:\program files\PremierOpinion\components\pmxg.dll
c:\program files\PremierOpinion\install.rdf
c:\program files\PremierOpinion\pmls.dll
c:\program files\PremierOpinion\pmoci.bin
c:\program files\PremierOpinion\pmph.dll
c:\program files\PremierOpinion\pmropn.exe
c:\program files\PremierOpinion\pmservice.exe
c:\program files\PremierOpinion\pmxf.dll

.
((((((((((((((((((((((((( Files Created from 2009-04-18 to 2009-05-18 )))))))))))))))))))))))))))))))
.

2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-18 06:38 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_07.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-18 15:19 . 2009-05-18 15:19 16384 c:\windows\Temp\Perflib_Perfdata_5e8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"Ø[‘|€ø"= Ø[‘|€ø:Nod32 Service
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-18 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-18 22:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-05-18 22:37
ComboFix-quarantined-files.txt 2009-05-18 20:36
ComboFix2.txt 2009-05-18 07:26
ComboFix3.txt 2009-02-02 21:21

Pre-Run: 530,370,560 bytes free
Post-Run: 575,401,984 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
149 --- E O F --- 2009-05-18 09:34

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Skini ovaj fajl na desktop i pokreni ga dvoklikom

https://www.mycity.rs/must-login.png

Otvorice ti neki tekst u Notepadu. Iskopiraj mi taj tekst ovde na forum, opcija Copy/Paste

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"E:\\Igrice\\Kanter\\hl.exe"="E:\\Igrice\\Kanter\\hl.exe:*:Disabled:Half-Life Launcher"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Disabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"E:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"="E:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe:*:Disabled:CS 1.8 Goiceasoft"
"Ø[‘|€ø"="Ø[‘|€ø:Enabled:Nod32 Service"
"E:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"="E:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe:*:Disabled:VIRTUA_TENNIS_PC"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Disabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Ø[‘|€ø"=-

Snimiti na Desktop fajl iz Notepada kao "CFScript" Za Encoding postavi na Unicode slika ispod






Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-05-17.04 - Mirkovic 05/20/2009 18:39.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1152.815 [GMT 2:00]
Running from: c:\documents and settings\Mirkovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mirkovic\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090519-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2009-04-20 to 2009-05-20 )))))))))))))))))))))))))))))))
.

2009-05-19 16:59 . 2009-05-19 17:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\SecondLife
2009-05-14 07:13 . 2009-05-14 09:23 -------- d-----w c:\program files\Web Publish
2009-05-09 10:09 . 2009-05-09 10:09 -------- d-----w c:\documents and settings\Mirkovic\Application Data\vlc
2009-05-08 18:49 . 2009-05-08 18:49 56 ---ha-w c:\windows\system32\ezsidmv.dat
2009-05-08 18:49 . 2009-05-08 18:49 -------- d-----w c:\documents and settings\Mirkovic\Application Data\skypePM
2009-05-08 18:47 . 2009-05-13 21:00 -------- d-----w c:\documents and settings\Mirkovic\Application Data\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----w c:\program files\Common Files\Skype
2009-05-08 18:47 . 2009-05-08 18:47 -------- d-----r c:\program files\Skype
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\windows\AAF817C59B994025A5C18D0DB5717F2C.TMP
2009-05-01 09:16 . 2009-05-01 09:16 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-28 13:54 . 2009-04-28 14:19 -------- d-----w c:\program files\Teslain KidLogger
2009-04-21 18:35 . 2005-11-30 19:20 2314332 ----a-w c:\windows\system32\LIBMMD.DLL
2009-04-21 17:14 . 2009-04-21 17:14 -------- d-----w c:\documents and settings\All Users\Application Data\NVIDIA
2009-04-21 17:13 . 2009-04-21 17:13 -------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-20 08:07 . 2008-06-05 19:39 -------- d-----w c:\program files\Mozilla Firefox 3 Beta 5
2009-05-11 18:53 . 2008-12-14 09:19 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-10 19:59 . 2008-06-16 14:50 -------- d-----w c:\program files\Common Files\Real
2009-04-30 10:36 . 2007-10-02 16:47 -------- d-----w c:\program files\Google
2009-04-22 21:10 . 2008-12-27 07:02 21320 ----a-w c:\documents and settings\Mirkovic\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-16 20:42 . 2009-04-16 20:42 -------- d-----w c:\program files\Common Files\Windows Live
2009-04-16 18:13 . 2007-10-02 16:36 -------- d-----w c:\program files\LClock
2009-04-15 17:15 . 2007-11-05 16:40 -------- d-----w c:\program files\Common Files\InstallShield
2009-04-13 19:35 . 2009-04-13 19:35 -------- d-----w c:\program files\Common Files\Adobe AIR
2009-04-13 19:32 . 2008-02-28 22:44 -------- d-----w c:\program files\Common Files\Adobe
2009-04-13 18:50 . 2007-11-05 16:45 -------- d--h--w c:\program files\InstallShield Installation Information
2009-03-29 09:54 . 2007-10-02 16:36 -------- d-----w c:\program files\CCleaner
2009-03-28 18:17 . 2007-10-02 16:47 -------- d-----w c:\program files\Mozilla Thunderbird
2009-03-21 17:52 . 2007-10-18 17:24 66 -c--a-w c:\windows\popcinfo.dat
2009-03-06 13:49 . 2008-04-14 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:17 . 2008-06-23 16:01 828416 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2007-08-13 16:45 78336 ----a-w c:\windows\system32\ieencode.dll
2007-11-20 13:52 . 2007-11-20 13:50 24 -csh--w c:\windows\SE25FB3B7.tmp
.

((((((((((((((((((((((((((((( SnapShot@2009-05-18_07.23.56 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-20 16:27 . 2009-05-20 16:27 16384 c:\windows\Temp\Perflib_Perfdata_68c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-09-20 215845]
"VisualTaskTips"="c:\program files\Xtras\VisualTaskTips\VisualTaskTips.exe" [2006-05-28 36864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"QuickTime Task"="e:\programi\quik time plajer\qttask.exe" [2007-10-19 286720]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"C-Media Echo Control"="c:\program files\PCI Audio Applications\Bin\EchoCtrl.exe" [2001-12-05 147456]
"Adobe Reader Speed Launcher"="e:\programi\adobe\Reader\Reader_sl.exe" [2008-06-12 34672]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-10-22 86016]
"C-Media Mixer"="Mixer.exe" - c:\windows\mixer.exe [2002-01-28 1228800]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-10-22 1622016]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.cpl [2008-01-24 106544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RAM Medic"="c:\program files\Iomatic\RAM Medic\RAMMedic.exe" [2004-01-24 1235968]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-20 2068527]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-12-09 44544]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Igrice\\Kanter\\hl.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"e:\\Igrice\\Counter Strike 1.8 Goiceasoft\\cstrike.exe"=
"e:\\Igrice\\VIRTUA TENNIS\\VIRTUA_TENNIS_PC.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [11/10/2008 4:49 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/10/2008 4:49 PM 20560]
R2 SVKP;SVKP;c:\windows\system32\SVKP.sys [10/2/2007 6:59 PM 2368]
R3 iadusb;MT882;c:\windows\system32\drivers\glauiad.sys [10/2/2007 7:11 PM 30336]
S0 FVDSCSI;FVDSCSI;c:\windows\system32\DRIVERS\fvdscsi.sys --> c:\windows\system32\DRIVERS\fvdscsi.sys [?]
S3 MaplomL;MaplomL; [x]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 11:10 PM 32512]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2009-05-19 c:\windows\Tasks\GoogleUpdateTaskUser.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-11-04 17:43]

2007-10-03 c:\windows\Tasks\RegistryMedicAuotScan.job
- c:\program files\Iomatic\Registry Medic\RegMedical.exe [2004-10-07 17:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.rs/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyServer = socks=
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Administrator\Start Menu\Programs\IMVU\Run IMVU.lnk
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Mirkovic\Application Data\Mozilla\Firefox\Profiles\87ytf53d.default\
FF - plugin: e:\programi\adobe\Reader\browser\nppdf32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npdsplay.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPOFFICE.DLL
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin2.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin3.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin4.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin5.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin6.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npqtplugin7.dll
FF - plugin: e:\programi\Opera browser\program\plugins\NPSWF32.dll
FF - plugin: e:\programi\Opera browser\program\plugins\npwmsdrm.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin2.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin3.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin4.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin5.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin6.dll
FF - plugin: e:\programi\quik time plajer\Plugins\npqtplugin7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-20 18:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1520)
c:\program files\Xtras\VisualTaskTips\VttHooks.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-20 18:46
ComboFix-quarantined-files.txt 2009-05-20 16:45
ComboFix2.txt 2009-05-18 20:37
ComboFix3.txt 2009-05-18 07:26
ComboFix4.txt 2009-02-02 21:21

Pre-Run: 484,052,992 bytes free
Post-Run: 498,622,464 bytes free

Current=2 Default=2 Failed=0 LastKnownGood=4 Sets=1,2,3,4
164 --- E O F --- 2009-05-20 09:33