MyCity » Ambulanta -> Arhiva Ambulante » molim za pregled log-a...

molim za pregled log-a...

Napisano na dan: 26.7.2009

molim za pregled log-a...
Sledeća strana Pagination

Idi na vrh

Poslao: 26 Jul 2009 22:20
Idi na vrh
offline
  • Pridružio: 26 Jul 2009
  • Poruke: 2

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:25 PM, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\regx32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\Korisnik\Desktop\New Folder\hhhhhh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [Link mogu videti samo ulogovani korisnici]
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\Eset\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
O8 - Extra context menu item: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [Link mogu videti samo ulogovani korisnici]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1031C108-067E-4354-B263-40D47CC7D671}: NameServer = 79.143.173.161 79.143.172.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1DBD771-0146-493C-AFD4-F78336B867DE}: NameServer = 79.143.173.161,79.143.172.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1031C108-067E-4354-B263-40D47CC7D671}: NameServer = 79.143.173.161 79.143.172.3
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetServices (NetService) - Installaware Corporation - C:\Program Files\Common Files\Services\netservices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 13975 bytes



Poslao: 26 Jul 2009 22:37
Idi na vrh
offline
  • diarno  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 15 Jun 2007
  • Poruke: 5572

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.



Poslao: 26 Jul 2009 23:21
Idi na vrh
offline
  • Pridružio: 26 Jul 2009
  • Poruke: 2

ComboFix 09-07-25.08 - Korisnik 07/26/2009 23:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.338 [GMT 2:00]
Running from: c:\downloads\Software\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm181.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.0.0.2440\Data\config.md
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.0.0.2440\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\unins000.dat
c:\program files\Internet Saving Optimizer\2.0.0.2440\unins000.exe
c:\program files\Nice Prosper
c:\program files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
c:\program files\Nice Prosper\CashBackAssistant\cfcpxlog.mx
c:\program files\Nice Prosper\CashBackAssistant\MatchingData.zd5
c:\program files\Nice Prosper\CashBackAssistant\setup.exe
c:\program files\Nice Prosper\CashBackAssistant\unins000.dat
c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
c:\program files\Ovislink\AirLive WT-2000PCI\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win2k\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win9x\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winme\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winx64\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winxp\_desktop.ini
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\windows\Installer\210ac.msi
c:\windows\system32\_id.dat
c:\windows\system32\ieupdates.exe.tmp
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETSERVICE
-------\Service_NetService


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 19:59 . 2009-07-26 19:59 -------- d-----w- c:\program files\VS Revo Group
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\documents and settings\Korisnik\Application Data\TeamViewer
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\program files\TeamViewer
2009-07-26 19:33 . 2009-07-26 19:33 -------- d-----w- c:\documents and settings\Korisnik\temp
2009-07-26 12:22 . 2009-07-26 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\34119
2009-07-25 18:37 . 2009-07-25 18:37 -------- d-----w- c:\documents and settings\Korisnik\Application Data\GRETECH
2009-07-25 18:33 . 2009-07-25 18:33 -------- d-----w- c:\program files\GRETECH
2009-07-22 13:56 . 2009-07-22 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\2B148
2009-07-18 10:09 . 2009-07-18 10:11 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp
2009-07-18 09:38 . 2009-07-18 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\16109
2009-07-16 13:53 . 2009-07-16 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\3ACC
2009-07-15 16:22 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\3A138
2009-07-14 06:59 . 2009-07-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\281D4
2009-07-11 17:32 . 2009-07-11 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\69C
2009-07-10 17:03 . 2009-02-21 17:06 2933624 ----a-w- c:\documents and settings\Korisnik\Application Data\Simply Super Software\Trojan Remover\kbs245.exe
2009-07-10 06:33 . 2009-07-10 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\1A232
2009-07-06 14:35 . 2009-07-06 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\F251
2009-07-06 14:14 . 2009-07-06 14:14 -------- d-----w- C:\ProgramData
2009-07-06 14:08 . 2009-07-06 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\1930D
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\program files\Electronic Arts
2009-07-05 17:05 . 2009-07-05 17:05 7248 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Downloaded Installations
2009-07-05 16:37 . 2009-07-05 16:37 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Leadertech
2009-07-04 14:54 . 2009-07-05 17:25 -------- d-----w- C:\Temp
2009-07-04 14:44 . 2009-07-04 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\120
2009-07-02 18:40 . 2009-07-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F109
2009-07-02 12:11 . 2009-07-02 12:11 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Sony
2009-07-02 12:06 . 2009-07-02 12:06 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 12:04 . 2009-07-02 12:04 -------- d-----w- c:\program files\QuickTime
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\program files\Avanquest update
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-07-02 11:56 . 2009-07-02 11:56 -------- d-----w- c:\documents and settings\Korisnik\Application Data\InstallShield
2009-07-02 11:45 . 2009-07-02 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ToggleEN
2009-07-02 11:45 . 2009-07-02 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Apple
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 11:23 . 2009-07-02 17:18 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-02 11:22 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2009-06-28 15:46 . 2009-06-28 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\1B3D8
2009-06-28 15:45 . 2009-06-28 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\213B9
2009-06-28 15:44 . 2009-06-28 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\2C242
2009-06-28 11:34 . 2009-06-28 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\263E
2009-06-28 11:22 . 2009-06-28 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\5186

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 21:14 . 2009-02-01 15:30 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Software Informer
2009-07-26 21:13 . 2009-02-01 15:30 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Free Download Manager
2009-07-26 20:02 . 2008-11-11 17:03 -------- d-----w- c:\program files\Yahoo!
2009-07-26 12:23 . 2008-06-20 14:54 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare
2009-07-25 22:42 . 2009-01-09 21:52 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-07-10 17:03 . 2008-11-03 20:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 17:05 . 2007-10-26 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 10:11 . 2009-03-25 19:01 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2009-07-02 12:05 . 2009-07-02 11:10 -------- d-----w- c:\program files\Sony Ericsson
2009-07-02 12:04 . 2008-12-11 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-02 11:10 . 2009-07-02 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-07-02 11:08 . 2008-12-11 18:33 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-06-26 13:44 . 2009-06-26 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\72EE
2009-06-22 10:49 . 2009-06-22 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\132CE
2009-06-21 11:52 . 2009-06-21 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\1B7D
2009-06-18 14:48 . 2009-06-18 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\246D
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\B1C5
2009-06-18 12:52 . 2009-06-18 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\22CE
2009-06-12 17:00 . 2009-06-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\29349
2009-06-10 15:52 . 2009-06-10 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\2C271
2009-06-09 14:12 . 2009-06-09 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\365D
2009-06-08 20:54 . 2009-06-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\2D261
2009-06-07 15:04 . 2009-06-07 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\127E
2009-06-06 21:26 . 2009-06-06 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\343C8
2009-06-04 15:10 . 2009-06-04 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\3ACB
2009-06-02 16:25 . 2009-06-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\72E
2009-06-01 14:35 . 2009-06-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\110
2009-05-31 12:48 . 2009-05-31 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\0271
2009-05-29 18:11 . 2009-05-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\E2AF
2009-05-29 16:55 . 2009-05-29 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\23280
2009-05-29 11:14 . 2009-05-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\173C8
2009-05-28 16:30 . 2009-05-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\35382
2009-07-26 19:30 . 2009-07-01 20:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-07-26 20:50 2215960 ----a-w- c:\program files\ToggleEN\tbTog1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
"Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-02 133104]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-04-20 2048000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-01 185872]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-06 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\hdashcut.exe [2005-10-13 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2008-5-22 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3/6/2009 8:34 PM 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/24/2009 4:00 PM 55152]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/21/2009 5:40 PM 185640]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [1/3/2009 6:24 PM 618112]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 kbeepm;kbeepm;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Korisnik\LOCALS~1\Temp\kbeepm.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [7/2/2009 1:10 PM 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [7/2/2009 1:10 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [7/2/2009 1:10 PM 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [7/2/2009 1:10 PM 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [7/2/2009 1:10 PM 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [7/2/2009 1:10 PM 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [7/2/2009 1:10 PM 117672]
S3 SmartCd;SmartCd;c:\windows\system32\Drivers\SmartCd.sys --> c:\windows\system32\Drivers\SmartCd.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\DRIVERS\z520bus.sys --> c:\windows\system32\DRIVERS\z520bus.sys [?]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z520mdfl.sys --> c:\windows\system32\DRIVERS\z520mdfl.sys [?]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\z520mdm.sys --> c:\windows\system32\DRIVERS\z520mdm.sys [?]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\z520mgmt.sys --> c:\windows\system32\DRIVERS\z520mgmt.sys [?]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\z520obex.sys --> c:\windows\system32\DRIVERS\z520obex.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{X9OBC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-682003330-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 19:45]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-682003330-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 19:45]

2009-07-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-03-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-NodLogin - c:\program files\Eset\nodlogin.exe


.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
mStart Page = [Link mogu videti samo ulogovani korisnici]
mSearch Bar = [Link mogu videti samo ulogovani korisnici]*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: Add to Windows &Live Favorites - [Link mogu videti samo ulogovani korisnici]
IE: Download all with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - [Link mogu videti samo ulogovani korisnici]\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {1031C108-067E-4354-B263-40D47CC7D671} = 79.143.173.161 79.143.172.3
TCP: {B1DBD771-0146-493C-AFD4-F78336B867DE} = 79.143.173.161,79.143.172.2
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\d7fe8k8p.default\
FF - prefs.js: browser.search.defaulturl - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - prefs.js: keyword.URL - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-07-26 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,be,15,10,ed,85,bb,00,4e,f9,89,c3,1d,35,17,2a,36,29,05,91,13,92,99,
8e,1c,97,f3,28,f2,f9,ae,c4,b2,ed,01,b4,6a,2d,31,e1,c1,b5,98,4b,ec,31,3b,87,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:49,32,c3,a3,d3,e4,d9,ec,8b,f0,29,5a,18,da,c6,f8,fb,c9,66,29,f7,
52,ab,54,d3,fa,9f,4e,b1,f7,01,76,54,5d,77,37,3f,45,7e,40,49,69,b4,17,83,05,\
"rkeysecu"=hex:37,89,4f,39,7c,a5,83,4d,72,6c,6e,03,24,10,92,a9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-07-26 23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 21:17

Pre-Run: 4,103,217,152 bytes free
Post-Run: 7,066,271,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

336

Poslao: 29 Jul 2009 21:33
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...


Izvini zbog čekanja. Kolega je zauzet.



Zamolio bih te da skineš novu verziju ComboFix-a sa ranije datog linka, pokreneš ga i postaviš novi log kako bih mogao videti kakvo je trenutno stanje.

MyCity » Ambulanta -> Arhiva Ambulante » molim za pregled log-a...

Ko je trenutno na forumu
 

Ukupno su 890 korisnika na forumu :: 77 registrovanih, 11 sakrivenih i 802 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 20624 - dana 04 Apr 2026 04:18

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: Ailton, aleph_one, amonsrb, Ares12356, bavar357, Belac91, blankspace, blatruc82, BojanB93, bojank, boranin45, buducnost, Car89, Cicumile, Cigi, Ciri1994, Coabelgrade, Daba75, darionis, DDragoje, Denaya, Devil city 1989, Dežurni_Automatičar, Dolinc, DragoslavS, Dzoni70, FOX, gajasvi, Georgius, gomago, Haris, Igor Antonic, igorkozar83, jodzula, Jomini, Kalem, kinderpingvin, KizJ, Klonfer83, komenski, kreker, Kruger, Kudun, laurusri, Lester Freamon, ljuba.b, Lotus, mercedesamg, milenko crazy north, Milos ZA, Mis uz pusku, Mićko, nebidrag, Nemanjasrb, nenad81, nisamBot, nnovakis, OKT, Orfanelin, Pekman, Petarvu, proka89, RJ, sap, shaja1, skok, Stoilkovic, styg, TheDictator, VekiJ, veljkovicdani, voja64, Vrač, W123, ZetaMan, Zjmc, Zoran1959