Hijack this - log file, molim pomoć.

Hijack this - log file, molim pomoć.

offline
  • neman1 
  • Novi MyCity građanin
  • Pridružio: 05 Apr 2009
  • Poruke: 3

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:23:43, on 05. 04. 09
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\PS2USBKbdDrv.exe
C:\Program Files\Trust\R-Series Mouse And Keyboard\MouseDrv.exe
D:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\User\Desktop\Nešto drugačije\Naći ću te.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = search.live.com/sphome.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - (no file)
O1 - Hosts: 66.98.148.65 auto.search.msn.com
O1 - Hosts: 66.98.148.65 auto.search.msn.es127.0.0.1 activate.adobe.com
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - D:\Program Files\rpbrowserrecordplugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [WireLessMouse] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe MouseDrv.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Program Files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "e:\Program Files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" "e:\Program Files\CyberLink\PowerDirector\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [Power2GoExpress] "C:\Program Files\CyberLink\Power2Go\Power2GoExpress.exe" /Startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Spyware Cleaner Monitor] "D:\Program Files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" /start /minimize
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Pošalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Po&šalji u OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - pcpitstop.com/pcpitstop/PCPitStop.CAB
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V7 (AdobeActiveFileMonitor7.0) - Adobe Systems Incorporated - D:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Unknown owner - C:\Program Files\Bonjour\mDNSResponder.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: SentinelProtectionServer - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--
End of file - 12138 bytes

Stalno mi se ruše aplikacije ( hangupp) kao Firefox, WinExplorer...

U zadnje vrijeme prilikom paljenja automatski radi chkdisk zbog provjere "disk consistency".

Hvala unaprijed na odgovoru i ev. pomoći.

Pozdrav...

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Klikni desnim tasterom miša na BitDefender ikonicu ( ) u donjem, desnom uglu ekrana i izaberi Show.
Nakon toga, takođe, u donjem, desnom uglu prozora izaberi Settings.
Zatim odštikliraj Real-Time potection is enabled, i u padajućem meniju izaberi Permanently i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.



Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

offline
  • neman1 
  • Novi MyCity građanin
  • Pridružio: 05 Apr 2009
  • Poruke: 3

za sada ne mogu napraviti ništa s combofixom jer mi javlja da je avg antivirus uključen, mada sam ga skinuo i nemam ga više na kompu.

Jel veliki problem ako ostavim combo da skenira mada javlja o za AVG??

Dopuna: 07 Apr 2009 14:19

ComboFix 09-04-04.01 - User 2009-04-07 14:10:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.2814.2176 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
AV: Bitdefender Antivirus *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\User\Application Data\inst.exe
c:\windows\IE4 Error Log.txt
c:\windows\system32\_004810_.tmp.dll
c:\windows\system32\_004811_.tmp.dll
c:\windows\system32\_004812_.tmp.dll
c:\windows\system32\_004813_.tmp.dll
c:\windows\system32\_004820_.tmp.dll
c:\windows\system32\_004821_.tmp.dll
c:\windows\system32\_004822_.tmp.dll
c:\windows\system32\_004823_.tmp.dll
c:\windows\system32\_004825_.tmp.dll
c:\windows\system32\_004826_.tmp.dll
c:\windows\system32\_004829_.tmp.dll
c:\windows\system32\_004830_.tmp.dll
c:\windows\system32\_004832_.tmp.dll
c:\windows\system32\_004833_.tmp.dll
c:\windows\system32\_004834_.tmp.dll
c:\windows\system32\_004836_.tmp.dll
c:\windows\system32\_004839_.tmp.dll
c:\windows\system32\_004840_.tmp.dll
c:\windows\system32\_004844_.tmp.dll
c:\windows\system32\_004845_.tmp.dll
c:\windows\system32\_004847_.tmp.dll
c:\windows\system32\_004850_.tmp.dll
c:\windows\system32\_004852_.tmp.dll
c:\windows\system32\_004853_.tmp.dll
c:\windows\system32\_004854_.tmp.dll
c:\windows\system32\_004855_.tmp.dll
c:\windows\system32\_004856_.tmp.dll
c:\windows\system32\_004859_.tmp.dll
c:\windows\system32\_004860_.tmp.dll
c:\windows\system32\_004861_.tmp.dll
c:\windows\system32\_004862_.tmp.dll
c:\windows\system32\_004863_.tmp.dll
c:\windows\system32\_004868_.tmp.dll
c:\windows\system32\_004870_.tmp.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-07 to 2009-04-07 )))))))))))))))))))))))))))))))
.

2009-04-07 14:06 . 2009-04-07 14:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Avg7
2009-04-07 00:01 . 2009-04-07 00:01 0 --a------ c:\windows\system32\commonpriv.log.lock
2009-04-06 08:46 . 2008-04-14 05:42 539,136 --a------ c:\windows\system32\SET1719.tmp
2009-04-06 08:46 . 2008-04-14 05:42 354,304 --a------ c:\windows\system32\SET16EB.tmp
2009-04-06 08:46 . 2008-04-14 05:42 80,896 --a------ c:\windows\system32\SET16E6.tmp
2009-04-06 08:46 . 2008-04-14 05:41 16,896 --a------ c:\windows\system32\SET1747.tmp
2009-04-06 08:46 . 2008-04-14 05:42 13,824 --a------ c:\windows\system32\SET16E7.tmp
2009-04-06 08:46 . 2008-04-14 05:42 6,656 --a------ c:\windows\system32\SET16E1.tmp
2009-04-06 08:43 . 2008-04-14 05:42 8,461,312 --a------ c:\windows\system32\SET679.tmp
2009-04-06 08:42 . 2004-08-04 14:00 2,897,920 --a------ c:\windows\system32\xpsp2res.dll
2009-04-06 08:41 . 2004-08-04 14:00 2,148,352 --a------ c:\windows\system32\ntoskrnl.exe
2009-04-05 21:37 . 2009-04-05 21:37 <DIR> d-------- c:\documents and settings\User\Application Data\Lavasoft
2009-04-05 16:44 . 2007-11-18 01:43 943,872 -ra------ c:\windows\system32\drivers\nvnrm.sys
2009-04-05 16:44 . 2007-11-07 23:31 356,352 --a------ c:\windows\system32\nvunrm.exe
2009-04-05 16:44 . 2007-11-18 01:41 197,120 -ra------ c:\windows\system32\fdco1.dll
2009-04-05 16:44 . 2007-11-18 01:43 54,016 -ra------ c:\windows\system32\drivers\NVENETFD.sys
2009-04-05 16:44 . 2007-11-07 23:32 35,328 -ra------ c:\windows\system32\nvconrm.dll
2009-04-05 16:44 . 2007-11-18 01:43 22,016 -ra------ c:\windows\system32\drivers\nvnetbus.sys
2009-04-05 16:44 . 2007-11-18 01:40 9,216 -ra------ c:\windows\system32\bdco1.dll
2009-04-05 16:44 . 2007-11-07 23:28 5,815 -ra------ c:\windows\system32\nvnrm.nvu
2009-04-05 03:19 . 2009-04-05 03:19 319,488 --a------ c:\windows\HideWin.exe
2009-04-05 02:38 . 2005-04-14 14:42 141,582 --------- c:\windows\system32\drivers\NVCAP.SYS
2009-04-05 02:38 . 2005-04-14 14:42 29,696 --------- c:\windows\system32\FILTER.AX
2009-04-05 02:38 . 2005-04-14 14:42 16,496 --------- c:\windows\system32\drivers\NVXBAR.SYS
2009-04-04 14:01 . 2009-04-04 14:01 <DIR> d-------- c:\documents and settings\User\Application Data\CD-LabelPrint
2009-03-30 23:33 . 2009-03-30 23:33 7,680 --ahs---- c:\windows\Thumbs.db
2009-03-29 01:10 . 2009-03-29 01:10 <DIR> d-------- c:\program files\City Interactive
2009-03-27 18:41 . 2009-03-27 18:41 <DIR> d-------- c:\program files\Boilsoft Video Joiner
2009-03-27 17:55 . 2009-03-27 17:55 <DIR> d--h----- c:\windows\$hf_mig$
2009-03-27 10:03 . 2009-03-27 10:03 1,253,376 --a------ c:\windows\system32\NvPVEnc.ax
2009-03-27 10:03 . 2009-03-27 10:03 401,408 --a------ c:\windows\system32\nvcuvid.dll
2009-03-26 17:05 . 2009-03-26 17:05 <DIR> d--h----- c:\windows\system32\GroupPolicy
2009-03-26 03:25 . 2007-10-26 20:40 353,280 --a------ c:\windows\system32\idecoi.dll
2009-03-26 02:23 . 2009-03-26 02:23 <DIR> d-------- c:\windows\Philips
2009-03-26 02:23 . 2009-03-26 02:23 <DIR> d-------- c:\program files\Common Files\SPC530NC
2009-03-26 02:13 . 2007-10-16 03:02 8,535 -ra------ c:\windows\system32\nvide.nvu
2009-03-26 02:11 . 2007-07-06 01:01 356,352 -ra------ c:\windows\system32\nvusmb.exe
2009-03-26 02:11 . 2007-04-03 04:06 1,950 -ra------ c:\windows\system32\nvsmb.nvu
2009-03-26 01:21 . 2009-03-26 01:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner
2009-03-26 01:21 . 2009-03-26 01:21 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83FC5D7A-8875-4931-80D6-1E3AC725D336}
2009-03-26 01:09 . 2009-03-26 01:22 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{DC840DBC-2CB0-4FEA-98ED-F4E3BD2970C7}
2009-03-26 01:05 . 2009-03-26 01:14 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{F19A02B4-1684-448C-B152-43B554F2E722}
2009-03-26 00:43 . 2009-03-26 00:43 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{E18C8A94-0667-4A02-B59B-9CB3A8F22628}
2009-03-26 00:43 . 2009-03-26 00:43 <DIR> dr-h----- C:\AHCache
2009-03-26 00:42 . 2009-03-26 01:21 <DIR> d-------- c:\program files\Uniblue
2009-03-26 00:01 . 2009-03-26 01:29 <DIR> d-------- c:\documents and settings\User\Application Data\Uniblue
2009-03-25 23:34 . 2009-04-07 01:21 69 --a------ c:\windows\NeroDigital.ini
2009-03-21 19:38 . 2009-03-25 23:45 <DIR> d-------- c:\documents and settings\User\Application Data\Ahead
2009-03-21 19:38 . 2009-03-21 19:38 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-03-21 19:36 . 2009-03-21 19:36 <DIR> d-------- c:\program files\Nero
2009-03-21 19:36 . 2009-03-21 19:37 <DIR> d-------- c:\program files\Common Files\Ahead
2009-03-21 19:36 . 2009-03-21 19:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-03-21 17:52 . 2009-03-21 17:52 685,816 --a------ c:\windows\system32\drivers\sptd.sys
2009-03-21 17:31 . 2004-08-04 01:56 116,224 --a--c--- c:\windows\system32\dllcache\xrxwiadr.dll
2009-03-21 17:31 . 2001-08-17 23:37 99,865 --a--c--- c:\windows\system32\dllcache\xlog.exe
2009-03-21 17:31 . 2001-08-17 23:37 27,648 --a--c--- c:\windows\system32\dllcache\xrxftplt.exe
2009-03-21 17:31 . 2001-08-17 23:36 23,040 --a--c--- c:\windows\system32\dllcache\xrxwbtmp.dll
2009-03-21 17:31 . 2004-08-03 23:29 19,455 --a--c--- c:\windows\system32\dllcache\wvchntxx.sys
2009-03-21 17:31 . 2001-08-17 23:36 17,408 --a--c--- c:\windows\system32\dllcache\xrxscnui.dll
2009-03-21 17:31 . 2001-08-17 13:11 16,970 --a--c--- c:\windows\system32\dllcache\xem336n5.sys
2009-03-21 17:31 . 2004-08-03 23:29 12,063 --a--c--- c:\windows\system32\dllcache\wsiintxx.sys
2009-03-21 17:31 . 2004-08-04 01:56 8,192 --a--c--- c:\windows\system32\dllcache\wshirda.dll
2009-03-21 17:31 . 2001-08-17 23:37 4,608 --a--c--- c:\windows\system32\dllcache\xrxflnch.exe
2009-03-21 17:29 . 2001-08-17 14:28 794,654 --a--c--- c:\windows\system32\dllcache\usr1801.sys
2009-03-21 17:28 . 2001-08-17 23:36 525,568 --a--c--- c:\windows\system32\dllcache\tridxp.dll
2009-03-21 17:27 . 2001-08-17 15:56 172,768 --a--c--- c:\windows\system32\dllcache\t2r4disp.dll
2009-03-21 17:26 . 2001-08-17 13:18 285,760 --a--c--- c:\windows\system32\dllcache\stlnata.sys
2009-03-21 17:25 . 2004-08-03 23:41 404,990 --a--c--- c:\windows\system32\dllcache\slntamr.sys
2009-03-21 17:24 . 2001-08-17 23:36 495,616 --a--c--- c:\windows\system32\dllcache\sblfx.dll
2009-03-21 17:23 . 2001-08-17 14:28 899,146 --a--c--- c:\windows\system32\dllcache\r2mdkxga.sys
2009-03-21 17:22 . 2004-08-04 01:56 259,328 --a--c--- c:\windows\system32\dllcache\perm3dd.dll
2009-03-21 17:21 . 2004-08-03 23:59 2,056,832 --a--c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-21 17:20 . 2004-08-03 23:31 132,695 --a--c--- c:\windows\system32\dllcache\netwlan5.sys
2009-03-21 17:19 . 2004-08-04 01:56 1,737,856 --a--c--- c:\windows\system32\dllcache\mtxparhd.dll
2009-03-21 17:18 . 2001-08-17 14:28 802,683 --a--c--- c:\windows\system32\dllcache\ltsm.sys
2009-03-21 17:17 . 2001-08-17 23:36 372,824 --a--c--- c:\windows\system32\dllcache\iconf32.dll
2009-03-21 17:16 . 2004-08-03 23:41 1,041,536 --a--c--- c:\windows\system32\dllcache\hsfdpsp2.sys
2009-03-21 17:15 . 2001-08-17 15:56 1,733,120 --a--c--- c:\windows\system32\dllcache\g400d.dll
2009-03-21 17:14 . 2001-08-17 14:28 595,647 --a--c--- c:\windows\system32\dllcache\es56cvmp.sys
2009-03-21 17:13 . 2001-08-17 13:14 952,007 --a--c--- c:\windows\system32\dllcache\diwan.sys
2009-03-21 17:12 . 2001-08-17 23:36 419,357 --a--c--- c:\windows\system32\dllcache\dgconfig.dll
2009-03-21 17:11 . 2001-08-17 13:13 980,034 --a--c--- c:\windows\system32\dllcache\cicap.sys
2009-03-21 17:10 . 2004-08-04 01:56 516,768 --a--c--- c:\windows\system32\dllcache\ativvaxx.dll
2009-03-21 11:45 . 2004-08-04 01:56 1,888,992 --a--c--- c:\windows\system32\dllcache\ati3duag.dll
2009-03-21 11:44 . 2004-08-04 00:20 2,180,992 --a--c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-21 11:40 . 2009-04-05 21:15 1,175,388 --a------ c:\windows\setupapi.log.0.old
2009-03-21 03:15 . 2009-03-21 03:15 <DIR> d-------- c:\documents and settings\User\Application Data\Desktopicon
2009-03-16 02:27 . 2009-03-16 02:27 <DIR> d-------- c:\program files\SafeNet Sentinel
2009-03-16 02:27 . 2009-03-16 02:27 <DIR> d-------- c:\program files\Common Files\SafeNet Sentinel
2009-03-16 02:04 . 2009-03-16 02:04 438,976 --a------ c:\windows\system32\mshflxgd.ocx
2009-03-16 02:00 . 2009-03-16 02:00 1,044,480 --a------ c:\windows\system32\Roboex32.dll
2009-03-16 01:58 . 2009-03-16 01:58 118,848 --a------ c:\windows\system32\SHW32.DLL
2009-03-16 01:49 . 2009-03-16 01:49 48,640 --a------ c:\windows\system32\Inetwh32.dll
2009-03-10 12:15 . 2009-03-10 12:15 <DIR> d-------- c:\documents and settings\All Users\Application Data\Saitek

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-07 12:15 81,984 ----a-w c:\windows\system32\bdod.bin
2009-04-06 21:27 --------- d-----w c:\documents and settings\User\Application Data\Azureus
2009-04-05 22:35 --------- d-----w c:\documents and settings\User\Application Data\Vso
2009-04-05 17:52 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-04-05 17:07 --------- d-----w c:\program files\Vuze
2009-04-05 17:05 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-05 00:38 --------- d-----w c:\program files\Common Files\InstallShield
2009-04-05 00:21 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2009-04-04 18:50 --------- d-----w c:\documents and settings\User\Application Data\LimeWire
2009-04-04 18:50 --------- d-----w c:\documents and settings\User\Application Data\FrostWire
2009-04-03 20:26 --------- d-----w c:\program files\Windows Live
2009-04-03 14:03 --------- d-----w c:\program files\Nokia
2009-04-03 14:03 --------- d-----w c:\program files\Common Files\Nokia
2009-04-03 14:02 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-27 21:19 --------- d---a-w c:\documents and settings\All Users\Application Data\Temp
2009-03-27 06:14 453,152 ----a-w c:\windows\system32\NVUNINST.EXE
2009-03-24 06:09 --------- d-----w c:\documents and settings\User\Application Data\ICAClient
2009-03-21 14:37 --------- d-----w c:\program files\Philips_VLounge
2009-03-21 01:25 --------- d-----w c:\program files\Saitek Dual Analog Rumble Pad
2009-03-21 01:25 --------- d-----w c:\program files\LimeWire
2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\espionServerData
2009-03-21 01:21 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink
2009-03-10 10:23 --------- d-----w c:\program files\Common Files\Logitech
2009-03-10 10:22 --------- d-----w c:\program files\Logitech
2009-03-03 07:37 45,984 ----a-w c:\windows\system32\ins2.exe
2009-02-27 22:28 --------- d-----w c:\documents and settings\User\Application Data\Nokia
2009-02-27 21:54 --------- d-----w c:\program files\Common Files\Common Share
2009-02-24 22:39 --------- d-----w c:\documents and settings\User\Application Data\GARMIN
2009-02-13 16:47 720,896 ----a-w c:\windows\iun6002ev.exe
2009-02-07 20:59 --------- d-----w c:\program files\Combined Community Codec Pack
2009-02-07 20:53 --------- d-----w c:\program files\TimeAdjuster
2009-02-07 20:18 --------- d-----w c:\program files\URUSoft
2009-02-07 19:46 --------- d-----w c:\program files\inKline Global
2009-02-07 19:41 --------- d-----w c:\program files\Subtitle Workshop
2009-01-13 18:13 244,232 ----a-w c:\windows\system32\WmJoyFrc.dll
2009-01-11 10:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-07 23:51 47,360 ----a-w c:\documents and settings\User\Application Data\pcouffin.sys
2005-11-29 15:17 24,848 ----a-w c:\program files\opera\program\plugins\cgpcfg.dll
2005-11-29 15:17 74,000 ----a-w c:\program files\opera\program\plugins\cgpcore.dll
2005-11-29 15:17 45,328 ----a-w c:\program files\opera\program\plugins\icalogon.dll
2005-11-29 15:17 28,944 ----a-w c:\program files\opera\program\plugins\pscript.dll
2005-11-29 15:17 69,904 ----a-w c:\program files\opera\program\plugins\sslsdk_b.dll
2005-11-29 15:17 24,848 ----a-w c:\program files\opera\program\plugins\tcppserv.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spyware Cleaner Monitor"="d:\program files\PC Health Optimizer Free Edition\SpywareCleaner\RealTimeMonitorSC.exe" [2008-05-21 2186752]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
"Uniblue RegistryBooster 2009"="c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe" [2008-08-29 2019624]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WireLessMouse"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"WireLessKeyboard"="c:\program files\Trust\R-Series Mouse And Keyboard\StartAutorun.exe" [2007-03-06 212992]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2008\IEShow.exe" [2007-10-09 61440]
"BDAgent"="c:\program files\BitDefender\BitDefender 2008\bdagent.exe" [2008-11-03 368640]
"UpdatePDRShortCut"="e:\program files\CyberLink\PowerDirector\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-01-04 222504]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-14 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-01-21 92168]
"Power2GoExpress"="c:\program files\CyberLink\Power2Go\Power2GoExpress.exe" [2007-10-05 2680104]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-27 13684736]
"CLMLServer"="c:\program files\Cyberlink\Power2Go\CLMLSvc.exe" [2007-09-29 122880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-27 86016]
"UnlockerAssistant"="d:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"nwiz"="nwiz.exe" [2009-03-27 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-29 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="c:\program files\TGTSoft\StyleXP\Logon\CurrentLogon.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.mjpg"= pvmjpg30.dll
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AVerQuick.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^MagicDisc.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
--a------ 2008-08-14 08:58 611712 c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 18:05 81920 d:\program files\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--------- 2004-01-14 03:10 409600 c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--------- 2006-10-27 00:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 16:57 153136 c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Warlords\\Civ4Warlords_PitBoss.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword.exe"=
"c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Beyond the Sword\\Civ4BeyondSword_PitBoss.exe"=
"e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"e:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"e:\\Program Files\\CyberLink\\PowerDirector\\PowerDirector\\PDR.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=
"d:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"d:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\R-Series Mouse And Keyboard\KMWDSrv.exe [2007-02-28 208896]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2008-10-29 1290240]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2008-12-17 88704]
R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [2008-12-17 486912]
R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [2008-12-17 7680]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2008-12-08 533344]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2009-01-19 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2009-01-19 8320]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2008-11-24 137600]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-07 c:\windows\Tasks\RegCure Program Check.job
- d:\program files\RegCure\RegCure.exe [2009-03-23 15:02]

2009-04-05 c:\windows\Tasks\RegCure.job
- d:\program files\RegCure\RegCure.exe [2009-03-23 15:02]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Memory Optimizer - (no file)
Notify-avgrsstarter - avgrsstx.dll


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Windows &Live Favorites - favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: rba.hr\nfuse
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9tqxatni.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - component: d:\program files\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Opera\program\plugins\npican.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Netscape6\nppl3260.dll
FF - plugin: d:\program files\Netscape6\nprjplug.dll
FF - plugin: d:\program files\Netscape6\nprpjplug.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-04-07 14:15:15
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:c8,28,51,af,b0,29,a3,98,91,a2,39,9f,aa,
bd,37,4e,c8,28,51,af,b0,29,a3,98,d5,5d,ba,af,b5,3a,47,f0,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:46,47,15,b0,92,4b,c7,ef,6a,83,7d,f4,1c,
e1,78,11,71,3b,04,66,8b,46,0d,96,1c,56,97,38,6f,10,70,30,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,a2,3a,e3,ee,6e,
31,cc,e6,25,da,ec,7e,55,20,c9,26,d3,0b,31,93,cd,cb,44,58,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,70,cb,84,86,68,
51,af,05,3e,1e,9e,e0,57,5a,93,61,f7,0e,11,6a,c8,c6,cf,ee,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,d5,91,c3,fd,23,
b2,3a,72,cd,44,cd,b9,a6,33,6c,cd,49,d1,bd,eb,29,be,ea,4a,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,d5,7a,f8,be,a7,
ed,2a,e6,b0,18,ed,a7,3f,8d,37,a4,7a,20,20,a0,dc,d3,85,40,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:fb,a7,78,e6,12,2f,9a,ea,95,69,32,57,f3,
2f,db,53,31,77,e1,ba,b1,f8,68,02,35,e1,92,77,40,2e,07,e7,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,6d,90,e6,b4,3b,
d7,79,f8,83,6c,56,8b,a0,85,96,ab,ce,f6,90,f6,08,30,04,30,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,6c,61,12,8f,15,
05,0d,78,51,fa,6e,91,28,9e,14,cc,ec,ff,a8,b9,7f,e1,7b,a3,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:37,a4,aa,c3,a6,15,56,0a,45,36,f6,33,cf,
c4,b1,97,b1,cd,45,5a,a8,c4,f8,b9,f8,38,ea,3d,d5,da,a9,64,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:e3,0e,66,d5,eb,bc,2f,6b,0f,6c,21,f5,fc,
c1,b1,6a,e3,0e,66,d5,eb,bc,2f,6b,2f,94,c7,03,a1,0b,38,88,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="c:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,4f,a6,85,3a,66,
f5,0f,48,fa,ea,66,7f,d4,3b,6b,70,11,7c,60,5a,1b,08,03,6c,6c,43,2d,1e,aa,22,\
.
Completion time: 2009-04-07 14:16:38
ComboFix-quarantined-files.txt 2009-04-07 12:16:20

Pre-Run: 11.682.152.448 bytes free
Post-Run: 13,944,705,024 bytes free

401


...evo, bez obzira na sve, pokrenuo sam Combo na vlastitu odgovornost.

Hvala na pomoći!!!

Pozdrav

offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovde ne bi trebalo biti malware-a.

Preporučio bih da ukloniš ostatke AVG-a: http://www.avg.com/download-tools



Deinstalacija ComboFix-a:
Klikni START a zatim RUN.

U liniju za unos teksta ukucaj (iskopiraj) sledeće:

Combofix /u



a zatim klikni OK.

Sačekaj da se proces deinstalacije završi.




Za preostale probleme možeš potražiti savete u forumu Windows.

offline
  • neman1 
  • Novi MyCity građanin
  • Pridružio: 05 Apr 2009
  • Poruke: 3

doktore HVALA!!!!

Ko je trenutno na forumu
 

Ukupno su 875 korisnika na forumu :: 39 registrovanih, 9 sakrivenih i 827 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: _Rade, _Sale, A.R.Chafee.Jr., aramis s, Bane san, bato, Brankoni, celik, Cirkon, cole77, Crazzer, crnitrn, dac, dankisha, Despot1, Dimitrise93, Djokkinen, draggan, Dzoni90, Georgius, girici2, goxin, HrcAk47, ikan, Klecaviks, mane123, Milos ZA, NoOneEver Dreams, pajkan, pera12345, riva, RJ, Serdar98, Srki94, tmanda323, vathra, vlvl, Voivoda, Živković