molim pomoc

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 11 Maj 2010 17:51

e ovako, kompjuter mi je usporio totalno, bojim se da cu da uzgubim podatke koji su mi veoma bitini pa vas MOLIM POMAGAJTE...

PODACI O KOMPJUTERU TJ. LAP TOPU

DELL
INSPIRION 1501
AMD Athlon(64) x2 dual - core procesor TK-55 1.8 GHz
894 MB
32-BIT OPERATING SYSTEM

OPERATIVNI SISTEM MI JE:
WINDOS VISTA HOME BASIC

KADA ZELIM DA SKINEM TJ DAUNLOADUJEM, POTREBNE PROGRAME KOJI SU POTREBNI DA POSALJEM VAMA KAKO BI VI ZNALI STA JE PROBLEM NA RACUNARU (NPR.COMBOFIX ILI BILO KOJI DRUGI LINK KOJI STE VI POSTAVILI NE DOZVOLJAVA MI... MISLIM DA JE TOME RAZLOG VISTA ALI I NE ZNAM KAKO DA TO PROMJENIM U PODESAVANJIMA... MOLIM VAS POMOZITE MI KAO I DO SADA STO JESTE

UNAPRIJED ZAHVALAN

Dopuna: 11 Maj 2010 21:35

ne znam ako ce vam pomoci ali evo i ove podatke da vam dam:

racunar je u kanadi

internet konekcija je wirelles

nadam se da mi se moze pomoci jer zaista mi je bitno...

HVALA!!!

I ZNACI SVE STO SKIDAM TJ DOWNLOAD-UJEM JE UREDU DOK NE DODJE DO KRAJA A TADA MI SE OTVORI PROZOR KOJI ME PITA OVO:

POGLEDAJ NA SLICI

I KADA MU JA DAM KOMANDU "RUN" ONDA TO TRAJE DO BESKONACNOSTI I NISTA NE JAVLJA

PLEASEEE HELP MEEEE

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Start \ All Programs \ Accessories \ Notepad

Klikni desni klik na Notepad pa Run as Administrator

Kad se otvori Notepad prati ovu putanju:

File \ Open\ My Com... \ C:\windows\system32\drivers\etc\hosts


Iskopiraj mi sadrzaj hosts fajla.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

etc je prazan folder ?!?!?!?!?!?!

ne mogu hijack da uradim prekine mi na pola ne mogu combofixom samo stane na pola..... grrrrr ima li mi pomoci

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Skini program RSIT na Desktop:

http://images.malwareremoval.com/random/RSIT.exe


Pokreni ga dvoklikom a zatim klikni Continue.


Na kraju procesa će se otvoriti dva loga: prvi, log.txt će biti maksimizovan i njega je potrebno iskopirati u temu na forumu, te drugi, info.txt koji će biti minimizovan (koji nam za sada ne treba).


Postavi sadržaj file-a log.txt u iduću poruku (taj file će biti sačuvan kao C:\rsit\log.txt).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 18 Maj 2010 22:14

evo uspio sam nekako da otvorim:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host


#

Dopuna: 18 Maj 2010 22:17

ne mogu nista da skinem sa neta, skida mi do 99% tada kao javi da radi:

"preparing to copy"

i tako do besvjesti ni jedan program ne mogu da skinem sa neta

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probaj ovako:

Safe Mode with Networking evo ti uputstvo

http://www.mycity.rs/Uputstva/Kako-uci-u-Safe-Mode-2.html

Ukoliko ne uspes na ovaj nacin, skini programe sa pocetka teme na nekom drugom komjuteru pa prebaci kod tebe.

Ukoliko ni to ne mozes, onda se bojim da ti ne mogu pomoci.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Napisano: 19 Maj 2010 20:47

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Ceca at 14:32:47,22 on ??? 19.05.2010
Internet Explorer: 7.0.6000.17037
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.2.1033.18.893.290 [GMT -4:00]

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\atashost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnscfg.exe
F:\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://home.alot.com/?client_id=2B5F573001CA5A810C3501B5&install_time=31-10-2009:19:24&src_id=11031&camp_id=609&tb_version=2.5.4.463
uWindow Title = Internet Explorer provided by Dell
uSearch Bar = hxxp://www.google.com/ie
uDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080117
mDefault_Page_URL = hxxp://www.google.ca/ig/dell?hl=en&client=dell-row&channel=ca&ibd=2080117
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ALOT Toolbar Helper: {14ceeaff-96dd-4101-ae37-d5ecdc23c3f6} - c:\program files\alot\bin\alot.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [Microsoft Windows Visual V2.0] c:\windows\msiutil.exe
uRun: [Legacy VGA Drivers V1.0] c:\windows\certproc32.exe
uRun: [Sony DVDRam Version 1.8B] c:\windows\uiengine32.exe
uRun: [A00F441FE54.exe] c:\users\ceca\appdata\local\temp\_A00F441FE54.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Prauge DVDRam Version 2.3A] c:\windows\system32\spfx\hypinit32.exe
uRun: [Microsoft Task Scheduler] c:\windows\system32\dlha\mstask32.com
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [sysgif32] c:\users\ceca\appdata\local\temp\~TM4EB8.tmp
mRun: [Microsoft Task Scheduler] c:\windows\system32\dlha\mstask32.com
mRunOnce: [<NO NAME>]
mRunOnce: [GrpConv] grpconv -o
dRun: [Prauge DVDRam Version 2.3A] c:\windows\system32\spfx\hypinit32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pervas~1.lnk - c:\pvsw\bin\w3dbsmgr.exe
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {45FEA75B-C4B8-4189-BB86-319F6B41E479} = 67.55.0.11,67.55.0.13
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
mASetup: Legacy VGA Drivers V1.0 - c:\windows\certproc32.exe
mASetup: Prauge DVDRam Version 2.3A - c:\windows\system32\spfx\hypinit32.exe
mASetup: Sony DVDRam Version 1.8B - c:\windows\uiengine32.exe

============= SERVICES / DRIVERS ===============

R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2009-8-5 20376]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-10-5 30192]

=============== Created Last 30 ================

2010-05-19 18:22:56 0 d-s---w- C:\ComboFix
2010-05-18 20:13:37 0 d-----w- c:\programdata\Sun
2010-05-18 20:11:49 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-18 16:18:48 98816 ----a-w- c:\windows\sed.exe
2010-05-18 16:18:48 77312 ----a-w- c:\windows\MBR.exe
2010-05-18 16:18:48 256512 ----a-w- c:\windows\PEV.exe
2010-05-18 16:18:48 161792 ----a-w- c:\windows\SWREG.exe
2010-05-18 03:37:22 0 d-sh--w- C:\found.000
2010-05-11 20:50:30 65536 --sha-w- c:\users\ceca\NTUSER.DAT{d8932e6c-6a6f-11db-b6ab-a038f15a5785}.TxR.blf
2010-05-11 20:50:30 1048576 --sha-w- c:\users\ceca\NTUSER.DAT{d8932e6c-6a6f-11db-b6ab-a038f15a5785}.TxR.2.regtrans-ms
2010-05-11 20:50:30 1048576 --sha-w- c:\users\ceca\NTUSER.DAT{d8932e6c-6a6f-11db-b6ab-a038f15a5785}.TxR.1.regtrans-ms
2010-05-11 20:50:30 1048576 --sha-w- c:\users\ceca\NTUSER.DAT{d8932e6c-6a6f-11db-b6ab-a038f15a5785}.TxR.0.regtrans-ms
2010-05-09 13:40:52 121 ----a-w- c:\windows\initiate.inf

==================== Find3M ====================

2010-05-18 13:31:04 51200 ----a-w- c:\windows\inf\infpub.dat
2010-05-18 13:31:03 86016 ----a-w- c:\windows\inf\infstor.dat
2010-05-18 13:31:02 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-03-09 16:54:49 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:50:34 56320 ----a-w- c:\windows\system32\iesetup.dll
2010-03-09 16:50:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 16:48:34 72704 ----a-w- c:\windows\system32\admparse.dll
2010-03-09 14:17:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-09 12:43:52 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-03-04 19:24:26 434176 ----a-w- c:\windows\system32\vbscript.dll
2008-12-12 12:43:05 174 --sha-w- c:\program files\desktop.ini
2008-09-17 01:24:23 190 ----a-w- c:\program files\common files\psasetup.log
2008-06-11 07:11:51 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-17 21:12:32 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:34:44,56 ===============

mycity.rs/must-login.png

Dopuna: 19 Maj 2010 21:50

OVO JE NAKON STO SAM PRENIO RIST SA DRUGOG KOMPJUTERA I POKRENUO GA U SAFE MODE, POSTOJE DVA IZVJESTAJA...



info.txt logfile of random's system information tool 1.06 2010-05-19 15:27:23

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
ALOT Toolbar-->"C:\Program Files\alot\alotUninst.exe"
ATI Catalyst Control Center Ex-->MsiExec.exe /I{15CC668C-F37C-CE24-9047-40EC8034E29D}
ATI PCI Express (3GIO) Filter Driver-->C:\Program Files\InstallShield Installation Information\{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}\setup.exe -runfromtemp -l0x0009 -removeonly
Cisco EAP-FAST Module-->MsiExec.exe /I{BF53252E-4AB2-4C7F-A0FD-6100755745E3}
Cisco LEAP Module-->MsiExec.exe /I{76F9CF97-FC4B-4E20-B363-D127C888448F}
Cisco PEAP Module-->MsiExec.exe /I{4E5386F5-C0F6-4532-A54A-374865AEAB71}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Conexant HDA D110 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3\HXFSETUP.EXE -U -IDellHDAz.inf
Dell Wireless WLAN Card-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
Google Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstall
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}
Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Highlight Viewer (Windows Live Toolbar)-->MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}
Java(TM) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}
Junk Mail filter update-->MsiExec.exe /I{E2DFE069-083E-4631-9B6C-43C48E991DE5}
Map Button (Windows Live Toolbar)-->MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
Microsoft .NET Framework 3.5 SP1-->c:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Office Live Add-in 1.3-->MsiExec.exe /I{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0122-0409-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688-)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Pervasive System Analyzer-->C:\Windows\IsUninst.exe -f"C:\Program Files\Common Files\Pervasive Software Shared\PSA\psa.isu"
Pervasive.SQL 9.60 Workgroup for Windows-->MsiExec.exe /X{D8C0330E-C815-4C6F-9BFD-0FD570155790}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Setup.exe" -l0x9 -cluninstall
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Roxio Creator Audio-->MsiExec.exe /I{83FFCFC7-88C6-41c6-8752-958A45325C82}
Roxio Creator BDAV Plugin-->MsiExec.exe /I{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}
Roxio Creator Copy-->MsiExec.exe /I{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}
Roxio Creator Data-->MsiExec.exe /I{0D397393-9B50-4c52-84D5-77E344289F87}
Roxio Creator DE-->MsiExec.exe /I{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}
Roxio Creator Tools-->MsiExec.exe /I{0394CDC8-FABD-4ed8-B104-03393876DFDF}
Roxio Express Labeler-->MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Roxio MyDVD DE-->MsiExec.exe /I{D639085F-4B6E-4105-9F37-A0DBB023E2FB}
Roxio Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Sage Accpac 500 ERP Student Edition 5.4A-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{56700FAD-5F22-4DD8-955E-33F13A3D8F70}\Setup.exe" -l0x9 -removeonly
Scientific Notebook 5.5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E066DE16-50F3-4A8C-953C-E67118894B2F}\setup.exe" -l0x9 -removeonly
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar)-->MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic Activation Module-->MsiExec.exe /I{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\Windows\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
User's Guides-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\setup.exe"
WebEx-->C:\PROGRA~2\WebEx\atcliun.exe
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}
Windows Live Family Safety-->MsiExec.exe /X{139E303E-1050-497F-98B1-9AE87B15C463}
Windows Live Favorites for Windows Live Toolbar-->MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live Mail-->MsiExec.exe /I{6412CECE-8172-4BE5-935B-6CECACD2CA87}
Windows Live Messenger-->MsiExec.exe /X{A85FD55B-891B-4314-97A5-EA96C0BD80B5}
Windows Live Movie Maker-->MsiExec.exe /X{3D5044A5-97B8-45C0-B956-BB2376569188}
Windows Live Photo Gallery-->MsiExec.exe /X{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Live Sync-->MsiExec.exe /X{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}
Windows Live Toolbar Extension (Windows Live Toolbar)-->MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{178832DE-9DE0-4C87-9F82-9315A9B03985}
Windows Mobile Device Center Driver Update-->MsiExec.exe /X{E7044E25-3038-4A76-9064-344AC038043E}
Windows Mobile Device Center-->MsiExec.exe /X{904CCF62-818D-4675-BC76-D37EB399F917}

======Security center information======

AS: Windows Defender (disabled)

======System event log======

Computer Name: Ceca-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Record Number: 1563848
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100519192443.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 7001
Message: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.
Record Number: 1563866
Source Name: Service Control Manager
Time Written: 20100519192449.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 7026
Message: The following boot-start or system-start driver(s) failed to load:
spldr
Wanarpv6
Record Number: 1563876
Source Name: Service Control Manager
Time Written: 20100519192449.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{9E175B6D-F52A-11D8-B9A5-505054503030}
Record Number: 1563878
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100519192450.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 10005
Message: DCOM got error "1084" attempting to start the service MDM with arguments "" in order to run the server:
{0C0A3666-30C9-11D0-8F20-00805F2CD064}
Record Number: 1563879
Source Name: Microsoft-Windows-DistributedCOM
Time Written: 20100519192451.000000-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Ceca-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 35277
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100519182200.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 18
Message: Volume Shadow Copy Service error: The COM Server with CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} and name Coordinator cannot be started during Safe Mode. The Volume Shadow Copy service cannot start while in safe mode. [0x8007043c]

Operation:
Instantiating VSS server
Record Number: 35278
Source Name: VSS
Time Written: 20100519183448.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 8193
Message: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x8007043c.

Operation:
Instantiating VSS server
Record Number: 35279
Source Name: VSS
Time Written: 20100519183448.000000-000
Event Type: Error
User:

Computer Name: Ceca-PC
Event Code: 6000
Message: The winlogon notification subscriber <GPClient> was unavailable to handle a notification event.
Record Number: 35283
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100519192408.000000-000
Event Type: Warning
User:

Computer Name: Ceca-PC
Event Code: 4609
Message: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 8007043c from line 45 of d:\vista_gdr\com\complus\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Record Number: 35288
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100519192443.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Ceca-PC
Event Code: 5032
Message: Windows Firewall was unable to notify the user that it blocked an application from accepting incoming connections on the network.

Error Code: 2
Record Number: 77359
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100518025633.079917-000
Event Type: Audit Failure
User:

Computer Name: Ceca-PC
Event Code: 1101
Message: Audit events have been dropped by the transport. The real time backup file was corrupt due to improper shutdown.
Record Number: 77360
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100518035032.551543-000
Event Type: Audit Success
User:

Computer Name: Ceca-PC
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 77361
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100518034940.531250-000
Event Type: Audit Success
User:

Computer Name: Ceca-PC
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 77362
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100518034940.578125-000
Event Type: Audit Success
User:

Computer Name: Ceca-PC
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x10b03
Record Number: 77363
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100518034946.609375-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;C:\Users\Ceca\Desktop\Accounting Package\RUNTIME;C:\Program Files\Common Files\Pervasive Software Shared\pvswcore;C:\PVSW\bin;C:\Program Files\ATI Technologies\ATI.ACE;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 104 Stepping 1, AuthenticAMD
"PROCESSOR_REVISION"=6801
"NUMBER_OF_PROCESSORS"=2
"RoxioCentral"=C:\Program Files\Common Files\Roxio Shared\9.0\Roxio Central33\
"CLASSPATH"=C:\PVSW\bin\pvjdbc2x.jar;C:\PVSW\bin\pvjdbc2.jar;C:\PVSW\bin\jpscs.jar
"VSL"=C:\PVSW\\bin
"SAFEBOOT_OPTION"=NETWORK

-----------------EOF-----------------

Dopuna: 19 Maj 2010 21:52

Logfile of random's system information tool 1.07 (written by random/random)
Run by Ceca at 2010-05-19 15:27:09
Microsoft® Windows Vista™ Home Basic
System drive C: has 28 GB (27%) free of 104 GB
Total RAM: 893 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:27:20, on 19.5.2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.17037)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Ceca\Desktop\RSIT.exe
C:\Program Files\trend micro\Ceca.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.ca/ig/dell?hl=en&client=dell.....bd=2080117
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = home.alot.com/?client_id=2B5F573001CA5A810C.....=2.5.4.463
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = google.ca/ig/dell?hl=en&client=dell.....bd=2080117
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ALOT Toolbar Helper - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - C:\Program Files\alot\bin\alot.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ALOT Toolbar - {5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - C:\Program Files\alot\bin\alot.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [sysgif32] C:\Users\Ceca\AppData\Local\Temp\~TM4EB8.tmp
O4 - HKLM\..\Run: [Microsoft Task Scheduler] C:\Windows\system32\dlha\mstask32.com
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Microsoft Windows Visual V2.0] C:\Windows\msiutil.exe
O4 - HKCU\..\Run: [Legacy VGA Drivers V1.0] C:\Windows\certproc32.exe
O4 - HKCU\..\Run: [Sony DVDRam Version 1.8B] C:\Windows\uiengine32.exe
O4 - HKCU\..\Run: [A00F441FE54.exe] C:\Users\Ceca\AppData\Local\Temp\_A00F441FE54.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Prauge DVDRam Version 2.3A] C:\Windows\system32\spfx\hypinit32.exe
O4 - HKCU\..\Run: [Microsoft Task Scheduler] C:\Windows\system32\dlha\mstask32.com
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [Prauge DVDRam Version 2.3A] C:\Windows\system32\spfx\hypinit32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Prauge DVDRam Version 2.3A] C:\Windows\system32\spfx\hypinit32.exe (User 'Default user')
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\PVSW\bin\w3dbsmgr.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} (WorldWinner ActiveX Launcher Control) - worldwinner.com/games/launcher/ie/v2.22.01.0/iewwload.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{45FEA75B-C4B8-4189-BB86-319F6B41E479}: NameServer = 67.55.0.11,67.55.0.13
O17 - HKLM\System\CS1\Services\Tcpip\..\{45FEA75B-C4B8-4189-BB86-319F6B41E479}: NameServer = 67.55.0.11,67.55.0.13
O17 - HKLM\System\CS2\Services\Tcpip\..\{45FEA75B-C4B8-4189-BB86-319F6B41E479}: NameServer = 67.55.0.11,67.55.0.13
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: WebEx Service Host for Support Center (atashost) - WebEx Communications, Inc. - C:\Windows\system32\atashost.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ?????? Google Update (gupdate1c9b0a5d53c4c71) (gupdate1c9b0a5d53c4c71) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9366 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Google Software Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}]
ALOT Toolbar Helper - C:\Program Files\alot\bin\alot.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-05 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-10-05 2403392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-16 764912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-18 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-10-05 2403392]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{5AA2BA46-9913-4dc7-9620-69AB0FA17AE7} - ALOT Toolbar - C:\Program Files\alot\bin\alot.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-17 1006264]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2006-11-20 815104]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 648072]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe [2006-07-11 90112]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2007-02-08 303104]
"Broadcom Wireless Manager UI"=C:\Windows\system32\WLTRAY.exe [2007-12-08 3444736]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-10-03 81920]
""= []
"RoxWatchTray"=C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [2006-11-05 221184]
"PDVDDXSrv"=C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [2006-10-20 118784]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2006-10-03 221184]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-05 185872]
"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"sysgif32"=C:\Users\Ceca\AppData\Local\Temp\~TM4EB8.tmp []
"Microsoft Task Scheduler"=C:\Windows\system32\dlha\mstask32.com []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
"GrpConv"=grpconv -o []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-02-06 1232896]
"MsnMsgr"=C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-07-26 3883856]
"Microsoft Windows Visual V2.0"=C:\Windows\msiutil.exe []
"Legacy VGA Drivers V1.0"=C:\Windows\certproc32.exe []
"Sony DVDRam Version 1.8B"=C:\Windows\uiengine32.exe []
"A00F441FE54.exe"=C:\Users\Ceca\AppData\Local\Temp\_A00F441FE54.exe []
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-29 39408]
"Prauge DVDRam Version 2.3A"=C:\Windows\system32\spfx\hypinit32.exe []
"Microsoft Task Scheduler"=C:\Windows\system32\dlha\mstask32.com []
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Pervasive.SQL Workgroup Engine.lnk - C:\PVSW\bin\w3dbsmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"c:\program files\internet explorer\iexplore.exe"="c:\program files\internet explorer\iexplore.exe:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\LaunchU3.exe -a


======List of files/folders created in the last 3 months======

2010-05-19 15:27:09 ----D---- C:\rsit
2010-05-19 15:27:09 ----D---- C:\Program Files\trend micro
2010-05-19 14:22:56 ----SD---- C:\ComboFix
2010-05-19 14:22:26 ----D---- C:\32788R22FWJFW
2010-05-18 16:13:37 ----D---- C:\ProgramData\Sun
2010-05-18 16:11:49 ----A---- C:\Windows\system32\javaws.exe
2010-05-18 16:11:49 ----A---- C:\Windows\system32\javaw.exe
2010-05-18 16:11:49 ----A---- C:\Windows\system32\java.exe
2010-05-18 16:11:49 ----A---- C:\Windows\system32\deployJava1.dll
2010-05-18 12:18:48 ----A---- C:\Windows\zip.exe
2010-05-18 12:18:48 ----A---- C:\Windows\SWXCACLS.exe
2010-05-18 12:18:48 ----A---- C:\Windows\SWSC.exe
2010-05-18 12:18:48 ----A---- C:\Windows\SWREG.exe
2010-05-18 12:18:48 ----A---- C:\Windows\sed.exe
2010-05-18 12:18:48 ----A---- C:\Windows\PEV.exe
2010-05-18 12:18:48 ----A---- C:\Windows\NIRCMD.exe
2010-05-18 12:18:48 ----A---- C:\Windows\MBR.exe
2010-05-18 12:18:48 ----A---- C:\Windows\grep.exe
2010-05-18 12:17:26 ----D---- C:\Windows\ERDNT
2010-05-18 12:17:04 ----D---- C:\Qoobox
2010-05-17 23:37:22 ----SHD---- C:\found.000
2010-04-15 22:57:35 ----D---- C:\ProgramData\McAfee
2010-04-14 01:39:23 ----A---- C:\Windows\system32\ntkrnlpa.exe
2010-04-14 01:39:22 ----A---- C:\Windows\system32\ntoskrnl.exe
2010-04-14 01:39:16 ----A---- C:\Windows\system32\vbscript.dll
2010-04-14 01:39:05 ----A---- C:\Windows\system32\tcpipcfg.dll
2010-04-14 01:39:05 ----A---- C:\Windows\system32\netiougc.exe
2010-04-14 01:39:05 ----A---- C:\Windows\system32\iphlpsvc.dll
2010-04-14 01:39:05 ----A---- C:\Windows\system32\IKEEXT.DLL
2010-04-14 01:39:05 ----A---- C:\Windows\system32\FWPUCLNT.DLL
2010-04-14 01:39:05 ----A---- C:\Windows\system32\BFE.DLL
2010-04-14 01:33:59 ----A---- C:\Windows\system32\wintrust.dll
2010-04-14 01:33:55 ----A---- C:\Windows\system32\cabview.dll
2010-04-12 21:10:08 ----D---- C:\ProgramData\WorldWinner.com
2010-04-12 21:09:01 ----D---- C:\ProgramData\WorldWinner
2010-03-31 10:48:58 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 10:48:54 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 10:48:53 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 10:48:51 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 10:48:49 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 10:48:49 ----A---- C:\Windows\system32\ieapfltr.dll
2010-03-31 10:48:43 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 10:48:39 ----A---- C:\Windows\system32\iertutil.dll
2010-03-31 10:48:39 ----A---- C:\Windows\system32\dxtmsft.dll
2010-03-31 10:48:37 ----A---- C:\Windows\system32\occache.dll
2010-03-31 10:48:36 ----A---- C:\Windows\system32\msfeeds.dll
2010-03-31 10:48:35 ----A---- C:\Windows\system32\ieaksie.dll
2010-03-31 10:48:32 ----A---- C:\Windows\system32\iepeers.dll
2010-03-31 10:48:30 ----A---- C:\Windows\system32\mshtmled.dll
2010-03-31 10:48:30 ----A---- C:\Windows\system32\icardie.dll
2010-03-31 10:48:29 ----A---- C:\Windows\system32\dxtrans.dll
2010-03-31 10:48:28 ----A---- C:\Windows\system32\ieencode.dll
2010-03-31 10:48:27 ----A---- C:\Windows\system32\jsproxy.dll
2010-03-31 10:48:26 ----A---- C:\Windows\system32\advpack.dll
2010-03-31 10:48:25 ----A---- C:\Windows\system32\admparse.dll
2010-03-31 10:48:24 ----A---- C:\Windows\system32\ieui.dll
2010-03-31 10:48:21 ----A---- C:\Windows\system32\iesetup.dll
2010-03-31 10:48:21 ----A---- C:\Windows\system32\iernonce.dll
2010-03-31 10:48:21 ----A---- C:\Windows\system32\ie4uinit.exe
2010-03-31 10:48:20 ----A---- C:\Windows\system32\ieUnatt.exe
2010-03-31 10:48:19 ----A---- C:\Windows\system32\pngfilt.dll
2010-03-31 10:48:16 ----A---- C:\Windows\system32\ieakui.dll
2010-03-31 10:48:15 ----A---- C:\Windows\system32\mshtmler.dll
2010-03-05 12:29:06 ----A---- C:\Windows\system32\winhttp.dll
2010-03-05 12:28:13 ----A---- C:\Windows\system32\httpapi.dll
2010-03-05 12:28:12 ----A---- C:\Windows\system32\nshhttp.dll
2010-03-04 12:49:04 ----A---- C:\Windows\system32\kerberos.dll
2010-03-04 12:49:01 ----A---- C:\Windows\system32\schannel.dll
2010-02-24 10:08:56 ----A---- C:\Windows\system32\tzres.dll
2010-02-24 10:08:14 ----A---- C:\Windows\system32\secproc.dll
2010-02-24 10:08:13 ----A---- C:\Windows\system32\secproc_isv.dll
2010-02-24 10:08:13 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-02-24 10:08:13 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-02-24 10:08:13 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-02-24 10:08:13 ----A---- C:\Windows\system32\RMActivate.exe
2010-02-24 10:08:12 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-02-24 10:08:12 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-02-24 10:08:12 ----A---- C:\Windows\system32\msdrm.dll

======List of files/folders modified in the last 3 months======

2010-05-19 15:27:09 ----RD---- C:\Program Files
2010-05-19 15:25:56 ----A---- C:\Windows\ntbtlog.txt
2010-05-19 14:22:48 ----D---- C:\Windows\system32\drivers
2010-05-19 13:12:53 ----D---- C:\Windows\Temp
2010-05-19 13:02:59 ----D---- C:\Windows\Prefetch
2010-05-19 12:58:46 ----D---- C:\Windows\Tasks
2010-05-19 12:57:23 ----D---- C:\MDT
2010-05-19 11:24:29 ----D---- C:\Windows\System32
2010-05-19 11:24:29 ----D---- C:\Windows\AppPatch
2010-05-19 11:24:29 ----D---- C:\Windows
2010-05-19 11:24:28 ----D---- C:\Program Files\Common Files
2010-05-19 10:38:04 ----SHD---- C:\System Volume Information
2010-05-18 16:13:37 ----SHD---- C:\Windows\Installer
2010-05-18 16:13:37 ----HD---- C:\ProgramData
2010-05-18 16:13:35 ----D---- C:\Program Files\Common Files\Java
2010-05-18 16:10:06 ----D---- C:\Program Files\Java
2010-05-18 13:11:19 ----D---- C:\ProgramData\Google Updater
2010-05-18 12:46:45 ----HD---- C:\Windows\system32\spfx
2010-05-18 12:18:22 ----D---- C:\Windows\inf
2010-05-18 12:18:22 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-05-18 09:31:18 ----D---- C:\Windows\system32\catroot
2010-05-14 20:23:06 ----D---- C:\ProgramData\Roxio
2010-05-13 12:21:33 ----D---- C:\Program Files\Google
2010-05-12 12:07:13 ----SD---- C:\Users\Ceca\AppData\Roaming\Microsoft
2010-05-11 16:50:54 ----D---- C:\Windows\system32\dlha
2010-05-10 12:01:43 ----D---- C:\ProgramData\Norton
2010-05-10 12:01:35 ----D---- C:\ProgramData\Symantec
2010-05-09 19:39:13 ----D---- C:\Windows\system32\catroot2
2010-05-08 15:37:55 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-05-06 10:36:38 ----N---- C:\Windows\system32\MpSigStub.exe
2010-04-30 14:51:06 ----A---- C:\Windows\system32\mrt.exe
2010-04-24 13:17:50 ----SD---- C:\Windows\Downloaded Program Files
2010-04-21 22:58:22 ----D---- C:\Windows\Minidump
2010-04-14 07:46:20 ----D---- C:\Windows\winsxs
2010-04-14 03:25:08 ----D---- C:\Program Files\Windows Mail
2010-04-14 03:25:07 ----D---- C:\Windows\system32\migration
2010-04-01 03:26:02 ----D---- C:\Program Files\Internet Explorer
2010-03-10 12:01:01 ----D---- C:\Program Files\Movie Maker
2010-03-10 11:59:28 ----A---- C:\Windows\win.ini
2010-03-09 20:19:12 ----A---- C:\Windows\cdplayer.ini
2010-03-06 04:22:27 ----D---- C:\Windows\system32\en-US
2010-02-25 11:39:40 ----RSD---- C:\Windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2006-11-20 32256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2007-12-07 1044984]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2007-03-12 45568]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2006-11-20 179256]
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-02-06 11264]
S2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-11-11 12672]
S2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2006-11-11 8192]
S3 BCM42RLY;BCM42RLY; C:\Windows\system32\drivers\BCM42RLY.sys []
S3 catchme;catchme; \??\C:\Users\Ceca\AppData\Local\Temp\catchme.sys []
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-02-06 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\Windows\system32\DRIVERS\e1e6032.sys [2006-11-02 200704]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2009-08-05 54632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2006-11-11 986624]
S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2006-11-11 206848]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 R300;R300; C:\Windows\system32\DRIVERS\atikmdag.sys [2007-10-17 2085888]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-17 82432]
S3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2007-02-08 647680]
S3 StMp3Rec;Player Recovery Device Control Driver; C:\Windows\System32\Drivers\StMp3Rec.sys [2007-02-15 19840]
S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2006-11-11 659968]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S4 rimsptsk;rimsptsk; C:\Windows\system32\drivers\rimsptsk.sys [2006-11-20 43520]
S4 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\drivers\rixdptsk.sys [2006-11-20 37376]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 atashost;WebEx Service Host for Support Center; C:\Windows\system32\atashost.exe [2009-08-05 20376]
S2 Ati External Event Utility;Ati External Event Utility; C:\Windows\system32\Ati2evxx.exe [2007-10-17 557056]
S2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 gupdate1c9b0a5d53c4c71;?????? Google Update (gupdate1c9b0a5d53c4c71); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-29 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-29 183280]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 RoxWatch9;Roxio Hard Drive Watcher 9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe [2006-11-05 159744]
S2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2007-02-08 90112]
S2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2006-11-02 22016]
S2 wltrysvc;Dell Wireless WLAN Tray Service; C:\Windows\System32\WLTRYSVC.EXE [2007-12-08 24064]
S2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2006-11-11 386560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2009-11-28 30192]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 RoxMediaDB9;RoxMediaDB9; C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe [2006-11-05 880640]
S3 stllssvr;stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2006-09-14 73728]

-----------------EOF-----------------

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokretao si Combofix, nigde nije pisalo da ga pokreces.
Imas li log, nalazi se na C:\Combofix.txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ne postoji log... pokretao ga jesam ali blokirao je prije nego je uspio da odradi citav proces!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ako imas ikonicu Combofixa obrisi je (samo ikonicu)
Skini Combofix sa drugog racunara i odradi po sledecem uputstvu:


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.