molim za pregled log-a...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:25 PM, on 7/26/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\PixArt\i-Look110\Monitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\regx32.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Software Informer\softinfo.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Ovislink\Common\TurboG-UI.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\PROGRA~1\Bandoo\Bandoo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Bandoo\BndCore.exe
C:\PROGRA~1\BEARSH~1\BEARSH~1\BearShare.exe
C:\PROGRA~1\FREEDO~1\fdm.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Documents and Settings\Korisnik\Desktop\New Folder\hhhhhh.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.ba/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: UrlHelper Class - {74322BF9-DF26-493f-B0DA-6D2FC5E6429E} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.2.0.750\ssd.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: ToggleEN Toolbar - {038cb5c7-48ea-4af9-94e0-a1646542e62b} - C:\Program Files\ToggleEN\tbTog0.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [PAC207_Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\i-Look110\Monitor.exe
O4 - HKLM\..\Run: [BMISR] C:\Program Files\KYE\WebMate\BM.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NodLogin] C:\Program Files\Eset\nodlogin.exe
O4 - HKLM\..\Run: [TrialReset] C:\WINDOWS\regx32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe -silent
O4 - HKLM\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKCU\..\Policies\Explorer\Run: [servises] C:\WINDOWS\system32\servises.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirLive Turbo-G Wireless Utility.lnk = C:\Program Files\Ovislink\Common\TurboG-UI.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/microsoftupdate/v6.....0416271828
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com/microsoftupdate/v6/V5C.....0413590921
O17 - HKLM\System\CCS\Services\Tcpip\..\{1031C108-067E-4354-B263-40D47CC7D671}: NameServer = 79.143.173.161 79.143.172.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{B1DBD771-0146-493C-AFD4-F78336B867DE}: NameServer = 79.143.173.161,79.143.172.2
O17 - HKLM\System\CS1\Services\Tcpip\..\{1031C108-067E-4354-B263-40D47CC7D671}: NameServer = 79.143.173.161 79.143.172.3
O20 - AppInit_DLLs: c:\progra~1\bandoo\bndhook.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bandoo Coordinator - Discordia Limited - C:\PROGRA~1\Bandoo\Bandoo.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NetServices (NetService) - Installaware Corporation - C:\Program Files\Common Files\Services\netservices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O23 - Service: Windows Media Connect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Connect 2\wmccds.exe (file missing)

--
End of file - 13975 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-07-25.08 - Korisnik 07/26/2009 23:04.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.338 [GMT 2:00]
Running from: c:\downloads\Software\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\_tm181.tmp
c:\documents and settings\Korisnik\Local Settings\Temporary Internet Files\stb06759.tmp
c:\program files\Internet Saving Optimizer
c:\program files\Internet Saving Optimizer\2.0.0.2440\Data\config.md
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome.manifest
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.js
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\content\NPAddOn.xul
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\chrome\NPAddOn.jar
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFAddOn.xpt
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\components\NPFFHelperComponent.js
c:\program files\Internet Saving Optimizer\2.0.0.2440\FF\install.rdf
c:\program files\Internet Saving Optimizer\2.0.0.2440\NPCommon.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\NPIEAddOn.dll
c:\program files\Internet Saving Optimizer\2.0.0.2440\unins000.dat
c:\program files\Internet Saving Optimizer\2.0.0.2440\unins000.exe
c:\program files\Nice Prosper
c:\program files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
c:\program files\Nice Prosper\CashBackAssistant\cfcpxlog.mx
c:\program files\Nice Prosper\CashBackAssistant\MatchingData.zd5
c:\program files\Nice Prosper\CashBackAssistant\setup.exe
c:\program files\Nice Prosper\CashBackAssistant\unins000.dat
c:\program files\Nice Prosper\CashBackAssistant\unins000.exe
c:\program files\Ovislink\AirLive WT-2000PCI\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win2k\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\win9x\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winme\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winx64\_desktop.ini
c:\program files\Ovislink\AirLive WT-2000PCI\Installer\winxp\_desktop.ini
c:\program files\System Search Dispatcher\1.2.0.750\ssd.dll
c:\windows\Installer\210ac.msi
c:\windows\system32\_id.dat
c:\windows\system32\ieupdates.exe.tmp
c:\windows\Temp\tmp3.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETSERVICE
-------\Service_NetService


((((((((((((((((((((((((( Files Created from 2009-06-26 to 2009-07-26 )))))))))))))))))))))))))))))))
.

2009-07-26 19:59 . 2009-07-26 19:59 -------- d-----w- c:\program files\VS Revo Group
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\documents and settings\Korisnik\Application Data\TeamViewer
2009-07-26 19:34 . 2009-07-26 19:34 -------- d-----w- c:\program files\TeamViewer
2009-07-26 19:33 . 2009-07-26 19:33 -------- d-----w- c:\documents and settings\Korisnik\temp
2009-07-26 12:22 . 2009-07-26 12:22 -------- d-----w- c:\documents and settings\All Users\Application Data\34119
2009-07-25 18:37 . 2009-07-25 18:37 -------- d-----w- c:\documents and settings\Korisnik\Application Data\GRETECH
2009-07-25 18:33 . 2009-07-25 18:33 -------- d-----w- c:\program files\GRETECH
2009-07-22 13:56 . 2009-07-22 13:56 -------- d-----w- c:\documents and settings\All Users\Application Data\2B148
2009-07-18 10:09 . 2009-07-18 10:11 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Temp
2009-07-18 09:38 . 2009-07-18 09:38 -------- d-----w- c:\documents and settings\All Users\Application Data\16109
2009-07-16 13:53 . 2009-07-16 13:53 -------- d-----w- c:\documents and settings\All Users\Application Data\3ACC
2009-07-15 16:22 . 2009-07-15 16:22 -------- d-----w- c:\documents and settings\All Users\Application Data\3A138
2009-07-14 06:59 . 2009-07-14 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\281D4
2009-07-11 17:32 . 2009-07-11 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\69C
2009-07-10 17:03 . 2009-02-21 17:06 2933624 ----a-w- c:\documents and settings\Korisnik\Application Data\Simply Super Software\Trojan Remover\kbs245.exe
2009-07-10 06:33 . 2009-07-10 06:33 -------- d-----w- c:\documents and settings\All Users\Application Data\1A232
2009-07-06 14:35 . 2009-07-06 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\F251
2009-07-06 14:14 . 2009-07-06 14:14 -------- d-----w- C:\ProgramData
2009-07-06 14:08 . 2009-07-06 14:08 -------- d-----w- c:\documents and settings\All Users\Application Data\1930D
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\program files\Electronic Arts
2009-07-05 17:05 . 2009-07-05 17:05 7248 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-07-05 17:05 . 2009-07-05 17:05 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Downloaded Installations
2009-07-05 16:37 . 2009-07-05 16:37 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Leadertech
2009-07-04 14:54 . 2009-07-05 17:25 -------- d-----w- C:\Temp
2009-07-04 14:44 . 2009-07-04 14:44 -------- d-----w- c:\documents and settings\All Users\Application Data\120
2009-07-02 18:40 . 2009-07-02 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\F109
2009-07-02 12:11 . 2009-07-02 12:11 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Sony
2009-07-02 12:06 . 2009-07-02 12:06 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-07-02 12:04 . 2009-07-02 12:04 -------- d-----w- c:\program files\QuickTime
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\program files\Avanquest update
2009-07-02 11:57 . 2009-07-02 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-07-02 11:56 . 2009-07-02 11:56 -------- d-----w- c:\documents and settings\Korisnik\Application Data\InstallShield
2009-07-02 11:45 . 2009-07-02 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\ToggleEN
2009-07-02 11:45 . 2009-07-02 11:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\documents and settings\Korisnik\Local Settings\Application Data\Apple
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\program files\Apple Software Update
2009-07-02 11:30 . 2009-07-02 11:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-07-02 11:23 . 2009-07-02 17:18 -------- d-----w- c:\windows\system32\drivers\UMDF
2009-07-02 11:22 . 2005-02-14 07:57 32768 ----a-w- c:\documents and settings\All Users\Application Data\Sony Ericsson\Sony Ericsson PC Suite\LiveUpdate\Temp\CleanBuild.exe
2009-06-28 15:46 . 2009-06-28 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\1B3D8
2009-06-28 15:45 . 2009-06-28 15:45 -------- d-----w- c:\documents and settings\All Users\Application Data\213B9
2009-06-28 15:44 . 2009-06-28 15:44 -------- d-----w- c:\documents and settings\All Users\Application Data\2C242
2009-06-28 11:34 . 2009-06-28 11:34 -------- d-----w- c:\documents and settings\All Users\Application Data\263E
2009-06-28 11:22 . 2009-06-28 11:22 -------- d-----w- c:\documents and settings\All Users\Application Data\5186

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-26 21:14 . 2009-02-01 15:30 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Software Informer
2009-07-26 21:13 . 2009-02-01 15:30 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Free Download Manager
2009-07-26 20:02 . 2008-11-11 17:03 -------- d-----w- c:\program files\Yahoo!
2009-07-26 12:23 . 2008-06-20 14:54 -------- d-----w- c:\documents and settings\Korisnik\Application Data\BearShare
2009-07-25 22:42 . 2009-01-09 21:52 -------- d-----w- c:\documents and settings\Korisnik\Application Data\uTorrent
2009-07-10 17:03 . 2008-11-03 20:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-07-05 17:05 . 2007-10-26 16:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-04 10:11 . 2009-03-25 19:01 -------- d-----w- c:\documents and settings\Korisnik\Application Data\Skype
2009-07-02 12:05 . 2009-07-02 11:10 -------- d-----w- c:\program files\Sony Ericsson
2009-07-02 12:04 . 2008-12-11 19:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-07-02 11:10 . 2009-07-02 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-07-02 11:08 . 2008-12-11 18:33 -------- d-----w- c:\program files\Common Files\Teleca Shared
2009-06-26 13:44 . 2009-06-26 13:44 -------- d-----w- c:\documents and settings\All Users\Application Data\72EE
2009-06-22 10:49 . 2009-06-22 10:49 -------- d-----w- c:\documents and settings\All Users\Application Data\132CE
2009-06-21 11:52 . 2009-06-21 11:52 -------- d-----w- c:\documents and settings\All Users\Application Data\1B7D
2009-06-18 14:48 . 2009-06-18 14:48 -------- d-----w- c:\documents and settings\All Users\Application Data\246D
2009-06-18 12:55 . 2009-06-18 12:55 -------- d-----w- c:\documents and settings\All Users\Application Data\B1C5
2009-06-18 12:52 . 2009-06-18 12:52 -------- d-----w- c:\documents and settings\All Users\Application Data\22CE
2009-06-12 17:00 . 2009-06-12 17:00 -------- d-----w- c:\documents and settings\All Users\Application Data\29349
2009-06-10 15:52 . 2009-06-10 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\2C271
2009-06-09 14:12 . 2009-06-09 14:12 -------- d-----w- c:\documents and settings\All Users\Application Data\365D
2009-06-08 20:54 . 2009-06-08 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\2D261
2009-06-07 15:04 . 2009-06-07 15:04 -------- d-----w- c:\documents and settings\All Users\Application Data\127E
2009-06-06 21:26 . 2009-06-06 21:26 -------- d-----w- c:\documents and settings\All Users\Application Data\343C8
2009-06-04 15:10 . 2009-06-04 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\3ACB
2009-06-02 16:25 . 2009-06-02 16:25 -------- d-----w- c:\documents and settings\All Users\Application Data\72E
2009-06-01 14:35 . 2009-06-01 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\110
2009-05-31 12:48 . 2009-05-31 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\0271
2009-05-29 18:11 . 2009-05-29 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\E2AF
2009-05-29 16:55 . 2009-05-29 16:55 -------- d-----w- c:\documents and settings\All Users\Application Data\23280
2009-05-29 11:14 . 2009-05-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\173C8
2009-05-28 16:30 . 2009-05-28 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\35382
2009-07-26 19:30 . 2009-07-01 20:12 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]
2009-07-26 20:50 2215960 ----a-w- c:\program files\ToggleEN\tbTog1.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74322BF9-DF26-493f-B0DA-6D2FC5E6429E}]
2008-09-02 14:05 398776 ----a-w- c:\program files\BearShare Applications\BearShare MediaBar\BearShareIEHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{038cb5c7-48ea-4af9-94e0-a1646542e62b}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{038CB5C7-48EA-4AF9-94E0-A1646542E62B}"= "c:\program files\ToggleEN\tbTog1.dll" [2009-07-26 2215960]

[HKEY_CLASSES_ROOT\clsid\{038cb5c7-48ea-4af9-94e0-a1646542e62b}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-23 68856]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-11-05 4347120]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2009-01-31 3399727]
"Software Informer"="c:\program files\Software Informer\softinfo.exe" [2009-03-24 1785925]
"Google Update"="c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-02 133104]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2006-04-20 2048000]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2009-03-11 24095528]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"PAC207_Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"Monitor"="c:\windows\PixArt\i-Look110\Monitor.exe" [2007-12-10 323584]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-01 185872]
"TrialReset"="c:\windows\regx32.exe" [2008-07-03 285327]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-03-06 949376]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-02-21 1211784]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-28 413696]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" - c:\windows\system32\hdashcut.exe [2005-10-13 61952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AirLive Turbo-G Wireless Utility.lnk - c:\program files\Ovislink\Common\TurboG-UI.exe [2008-5-22 679936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Bandoo\BndHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\call of duty 4\\iw3mp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Sony Ericsson\\Sony Ericsson Media Manager\\MediaManager.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=

R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [12/6/2005 5:11 PM 35328]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [3/6/2009 8:34 PM 15424]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/24/2009 4:00 PM 55152]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [7/21/2009 5:40 PM 185640]
R3 PAC207;i-Look 110;c:\windows\system32\drivers\PFC027.SYS [1/3/2009 6:24 PM 618112]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 7:08 PM 533360]
S3 kbeepm;kbeepm;\??\c:\docume~1\Korisnik\LOCALS~1\Temp\kbeepm.sys --> c:\docume~1\Korisnik\LOCALS~1\Temp\kbeepm.sys [?]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [7/2/2009 1:10 PM 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [7/2/2009 1:10 PM 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [7/2/2009 1:10 PM 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [7/2/2009 1:10 PM 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [7/2/2009 1:10 PM 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [7/2/2009 1:10 PM 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [7/2/2009 1:10 PM 117672]
S3 SmartCd;SmartCd;c:\windows\system32\Drivers\SmartCd.sys --> c:\windows\system32\Drivers\SmartCd.sys [?]
S3 z520bus;Sony Ericsson 520 driver (WDM);c:\windows\system32\DRIVERS\z520bus.sys --> c:\windows\system32\DRIVERS\z520bus.sys [?]
S3 z520mdfl;Sony Ericsson 520 USB WMC Modem Filter;c:\windows\system32\DRIVERS\z520mdfl.sys --> c:\windows\system32\DRIVERS\z520mdfl.sys [?]
S3 z520mdm;Sony Ericsson 520 USB WMC Modem Drivers;c:\windows\system32\DRIVERS\z520mdm.sys --> c:\windows\system32\DRIVERS\z520mdm.sys [?]
S3 z520mgmt;Sony Ericsson 520 USB WMC Device Management Drivers;c:\windows\system32\DRIVERS\z520mgmt.sys --> c:\windows\system32\DRIVERS\z520mgmt.sys [?]
S3 z520obex;Sony Ericsson 520 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\z520obex.sys --> c:\windows\system32\DRIVERS\z520obex.sys [?]
S4 cdawdm;CDAWDM;c:\windows\system32\DRIVERS\CDAWDM.sys --> c:\windows\system32\DRIVERS\CDAWDM.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{X9OBC5C0-4FCB-11CF-AAX5-81CX1C635612}]
c:\driver\S-1-4-89-654352344-54323413-6452342-4545\svchost.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 12:57]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-682003330-1003Core.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 19:45]

2009-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-2025429265-682003330-1003UA.job
- c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-02 19:45]

2009-07-26 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-03-10 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - c:\program files\AskTBar\SrchAstt\2.bin\A5SRCHAS.DLL
HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
HKCU-Run-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
HKCU-Run-MSMSGS - c:\program files\Messenger\msmsgs.exe
HKCU-Run-fsm - (no file)
HKLM-Run-NBKeyScan - c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-BMISR - c:\program files\KYE\WebMate\BM.exe
HKLM-Run-WinampAgent - c:\program files\Winamp\winampa.exe
HKLM-Run-NodLogin - c:\program files\Eset\nodlogin.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ba/
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
TCP: {1031C108-067E-4354-B263-40D47CC7D671} = 79.143.173.161 79.143.172.3
TCP: {B1DBD771-0146-493C-AFD4-F78336B867DE} = 79.143.173.161,79.143.172.2
FF - ProfilePath - c:\documents and settings\Korisnik\Application Data\Mozilla\Firefox\Profiles\d7fe8k8p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Live Search
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Free Download Manager\Firefox\Extension\components\vmsfdmff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\Korisnik\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-07-26 23:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f1,be,15,10,ed,85,bb,00,4e,f9,89,c3,1d,35,17,2a,36,29,05,91,13,92,99,
8e,1c,97,f3,28,f2,f9,ae,c4,b2,ed,01,b4,6a,2d,31,e1,c1,b5,98,4b,ec,31,3b,87,\
"??"=hex:69,3e,43,58,9f,64,ba,75,fe,6b,77,07,2a,78,dd,74

[HKEY_USERS\S-1-5-21-220523388-2025429265-682003330-1003\Software\SecuROM\License information*]
"datasecu"=hex:49,32,c3,a3,d3,e4,d9,ec,8b,f0,29,5a,18,da,c6,f8,fb,c9,66,29,f7,
52,ab,54,d3,fa,9f,4e,b1,f7,01,76,54,5d,77,37,3f,45,7e,40,49,69,b4,17,83,05,\
"rkeysecu"=hex:37,89,4f,39,7c,a5,83,4d,72,6c,6e,03,24,10,92,a9
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(768-)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(824)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(2040)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\ESET\nod32krn.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\UAService7.exe
c:\progra~1\Bandoo\Bandoo.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.exe
.
**************************************************************************
.
Completion time: 2009-07-26 23:17 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-26 21:17

Pre-Run: 4,103,217,152 bytes free
Post-Run: 7,066,271,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

336

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Izvini zbog čekanja. Kolega je zauzet.



Zamolio bih te da skineš novu verziju ComboFix-a sa ranije datog linka, pokreneš ga i postaviš novi log kako bih mogao videti kakvo je trenutno stanje.