MyCity » Ambulanta -> Arhiva Ambulante » problem sa iemultjx.exe (log.txt)

problem sa iemultjx.exe (log.txt)

Napisano na dan: 19.3.2009
1

problem sa iemultjx.exe (log.txt)
Sledeća strana Pagination

Idi na vrh

Poslao: 19 Mar 2009 10:01
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

log.txt


Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-19 09:37:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 1014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:11, on 19.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winsystem.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = login.live.com/login.srf?wa=wsignin1.0&.....;id=251248
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows API Control Center] winsystem.exe
O4 - HKLM\..\Run: [iemultjx] C:\WINDOWS\system32\iemultjx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTracePro\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4237728078
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kap.me
O17 - HKLM\Software\..\Telephony: DomainName = kap.me
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kap.me
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11499 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP WEP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F5B5BA-E3C2-4b70-BF51-42A557914FAD}]
CashBackAssistant - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll [2008-12-22 835584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-20 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll [2009-02-17 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-06 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live pomagač za prijavljivanje - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2009-03-06 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2009-03-06 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-11 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-11 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-11 143360]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-06 1932568]
"Windows API Control Center"=C:\WINDOWS\winsystem.exe [2009-03-19 18944]
"iemultjx"=C:\WINDOWS\system32\iemultjx.exe [2009-03-19 37146]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
C:\Program Files\Di recnik\Di.exe [2007-03-16 518656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
C:\WINDOWS\system32\iemultjx.exe [2009-03-19 37146]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-11-10 1253376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-18 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-24 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-20 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
C:\Program Files\Weather Watcher\ww.exe [2008-11-18 1081344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows API Control Center]
C:\WINDOWS\winsystem.exe [2009-03-19 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\Windows Desktop Search\WindowsSearch.exe /startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-06 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"G:\SkypePortable\App\Skype\Phone\Skype.exe"="G:\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\CDStart.Exe
shell\Install\command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\setup.exe /CD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\CDStart.Exe
shell\Install\command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11bfb72c-9e73-11dd-a626-001e0baac5f9}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38180398-9c1f-11dd-a61c-ca3a80902254}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe


======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-03-19 09:37:45 ----D---- C:\rsit
2009-03-19 09:37:45 ----D---- C:\Program Files\trend micro
2009-03-19 09:29:00 ----RSH---- C:\WINDOWS\winsystem.exe
2009-03-19 09:28:55 ----A---- C:\WINDOWS\system32\iemultjx.exe
2009-03-19 08:26:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-19 08:26:27 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-19 07:51:17 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-18 12:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2009-03-18 12:29:06 ----A---- C:\AdobeDebug.txt
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\px.dll
2009-03-16 09:23:54 ----D---- C:\ubuntu
2009-03-13 11:36:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Samsung
2009-03-13 11:34:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-03-13 11:34:35 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-03-13 11:04:20 ----D---- C:\Program Files\Common Files\PCSuite
2009-03-13 11:04:17 ----D---- C:\Program Files\Common Files\Nokia
2009-03-13 11:04:06 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-03-13 11:04:06 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-03-13 10:42:42 ----D---- C:\Program Files\Oxygen Software
2009-03-12 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-12 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 14:31:20 ----D---- C:\Program Files\Chess
2009-03-11 11:12:16 ----D---- C:\Program Files\VS Revo Group
2009-03-11 09:58:31 ----D---- C:\Program Files\directx
2009-03-11 09:57:52 ----D---- C:\Program Files\Rockstar Games
2009-03-09 12:18:37 ----D---- C:\BMW M3 Challenge
2009-03-06 10:32:51 ----HD---- C:\$AVG8.VAULT$
2009-03-06 10:00:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-06 09:59:57 ----D---- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:59:47 ----D---- C:\Program Files\AVG
2009-03-06 09:59:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-06 09:42:42 ----A---- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
2009-03-06 08:51:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Symantec
2009-03-06 08:40:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-06 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-05 13:19:11 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-03-05 13:19:10 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-03 07:10:00 ----D---- C:\Documents and Settings\Administrator\Application Data\IObit
2009-02-26 14:22:24 ----D---- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21:43 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-26 14:21:39 ----D---- C:\Program Files\ACD Systems
2009-02-24 10:56:54 ----D---- C:\Program Files\EA GAMES
2009-02-24 08:44:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-24 08:42:19 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-02-24 08:37:36 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-02-24 07:17:57 ----D---- C:\Program Files\City Interactive
2009-02-23 14:28:50 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator
2009-02-20 08:12:51 ----D---- C:\WINDOWS\system32\porttalk22
2009-02-20 07:57:33 ----D---- C:\Program Files\uTorrent
2009-02-20 07:57:25 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-02-20 07:30:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 07:30:10 ----D---- C:\Program Files\Nice Prosper
2009-02-20 07:29:48 ----D---- C:\Program Files\Internet Saving Optimizer
2009-02-20 07:29:39 ----D---- C:\Program Files\System Search Dispatcher
2009-02-20 07:29:33 ----D---- C:\Program Files\DoubleD
2009-02-20 07:20:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2009-03-19 09:37:48 ----D---- C:\WINDOWS\Prefetch
2009-03-19 09:37:45 ----RD---- C:\Program Files
2009-03-19 09:29:00 ----D---- C:\WINDOWS
2009-03-19 09:28:59 ----D---- C:\WINDOWS\system32
2009-03-19 09:28:40 ----D---- C:\WINDOWS\Temp
2009-03-19 09:26:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-19 09:23:37 ----RSH---- C:\boot.ini
2009-03-19 09:23:37 ----A---- C:\WINDOWS\win.ini
2009-03-19 09:23:37 ----A---- C:\WINDOWS\system.ini
2009-03-19 08:29:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-19 08:26:30 ----SHD---- C:\WINDOWS\Installer
2009-03-19 08:26:10 ----D---- C:\Program Files\Common Files
2009-03-19 08:15:39 ----D---- C:\Program Files\Windows Desktop Search
2009-03-19 08:12:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-19 08:12:19 ----HD---- C:\WINDOWS\inf
2009-03-19 08:12:19 ----D---- C:\WINDOWS\system32\wbem
2009-03-19 07:49:08 ----D---- C:\Temp
2009-03-19 07:42:19 ----D---- C:\WINDOWS\security
2009-03-18 12:24:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-03-18 12:11:13 ----D---- C:\Program Files\Common Files\Adobe
2009-03-18 12:08:42 ----RD---- C:\WINDOWS\Fonts
2009-03-18 12:07:43 ----D---- C:\Program Files\Adobe
2009-03-18 12:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-18 12:07:38 ----D---- C:\WINDOWS\system32\drivers
2009-03-18 12:07:06 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-18 09:38:00 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-03-18 06:58:15 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-13 11:36:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-13 11:34:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-13 11:17:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Nokia
2009-03-13 11:04:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-13 11:04:18 ----D---- C:\Program Files\Nokia
2009-03-13 10:57:20 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-03-13 10:45:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-12 03:01:15 ----A---- C:\WINDOWS\imsins.BAK
2009-03-12 03:01:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-12 03:01:09 ----D---- C:\WINDOWS\WinSxS
2009-03-12 03:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-11 11:22:22 ----D---- C:\WINDOWS\system32\config
2009-03-11 11:09:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-11 11:07:58 ----D---- C:\Program Files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 11:07:50 ----RSD---- C:\WINDOWS\assembly
2009-03-11 11:07:14 ----D---- C:\WINDOWS\Lhsp
2009-03-11 11:06:51 ----D---- C:\Program Files\Hair Pro 2008 Light
2009-03-11 11:05:57 ----D---- C:\Program Files\3D Home Architect
2009-03-06 11:15:41 ----A---- C:\WINDOWS\matlab.ini
2009-03-06 09:48:56 ----D---- C:\Program Files\Di recnik
2009-03-03 07:10:00 ----D---- C:\Program Files\IObit
2009-02-27 10:28:39 ----D---- C:\Program Files\Pawn 2
2009-02-26 14:21:50 ----D---- C:\Program Files\Common Files\ACD Systems
2009-02-24 10:57:16 ----D---- C:\WINDOWS\Registration
2009-02-24 10:56:50 ----D---- C:\WINDOWS\system32\DirectX
2009-02-24 10:55:53 ----D---- C:\WINDOWS\system32\Restore
2009-02-24 10:53:30 ----SHD---- C:\System Volume Information
2009-02-24 10:08:55 ----SHD---- C:\WINDOWS\CSC
2009-02-24 08:09:00 ----SD---- C:\WINDOWS\Tasks
2009-02-20 07:21:02 ----D---- C:\Documents and Settings\Administrator\Application Data\funkitron

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-06 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-06 107912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-04-19 40704]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2006-05-12 72704]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-10-22 54784]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-18 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-01 654848]
S3 fsssvc;Windows Live Porodična bezbednost; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------

Poslao: 19 Mar 2009 11:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Arrow Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 23 Mar 2009 09:50
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

log koji je napravio combofix

ComboFix 09-03-22.01 - Administrator 2009-03-23 9:37:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.518 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\IE4 Error Log.txt
c:\windows\n.tmp
c:\windows\winsystem.exe

----- BITS: Possible infected sites -----

hxxp://kap-srv-ex1.kap.me
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-23 09:02 . 2009-03-23 09:02 37,662 --a------ c:\documents and settings\radomir.dasic\iemultjx.exe
2009-03-23 09:02 . 2009-03-23 09:02 33,634 --a------ c:\documents and settings\radomir.dasic\cmgrs.exe
2009-03-23 09:02 . 2009-03-23 09:02 8,552 --a------ c:\documents and settings\radomir.dasic\bv2.exe
2009-03-23 09:01 . 2009-03-23 09:01 30,782 --a------ c:\documents and settings\radomir.dasic\mscupdate.exe
2009-03-23 09:01 . 2009-03-23 09:01 18,944 --a------ c:\documents and settings\radomir.dasic\tvs2.exe
2009-03-23 06:44 . 2009-03-23 09:19 37,662 --a------ c:\windows\system32\iemultjx.exe
2009-03-20 14:44 . 2009-03-23 09:18 33,634 --a------ c:\documents and settings\Administrator\cmgrs.exe
2009-03-20 14:44 . 2009-03-23 06:43 8,552 --a------ c:\documents and settings\Administrator\bv2.exe
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 13:19 . 2009-03-23 09:18 18,944 --a------ c:\documents and settings\Administrator\tvs2.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-23 09:18 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-23 06:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 10:56 . 2009-03-11 11:14 <DIR> d-------- c:\program files\EA GAMES
2009-02-24 10:08 . 2009-02-24 10:08 0 --a------ C:\-1464429064
2009-02-24 08:44 . 2009-03-06 09:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-24 08:42 . 2009-02-24 08:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-24 08:37 . 2009-02-24 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-24 07:17 . 2009-02-24 10:56 <DIR> d-------- c:\program files\City Interactive
2009-02-23 14:28 . 2009-02-24 10:56 <DIR> d-------- c:\program files\NokiaFREE Unlock Codes Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"iemultjx"="c:\windows\system32\iemultjx.exe" [2009-03-23 37662]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
--a------ 2009-03-23 09:19 37662 c:\windows\system32\iemultjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\CDStart.Exe
\Shell\Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe /CD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows API Control Center - winsystem.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Windows API Control Center - winsystem.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-23 09:41:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,92,f9,b5,0e,e2,50,41,bf,be,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,92,f9,b5,0e,e2,50,41,bf,be,0c,\

[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}*]
"habfaoeilfhpoicb"=hex:6a,61,6f,6f,6e,6b,6b,6a,66,6c,6d,69,66,63,64,6f,69,70,
62,62,00,00
"iadfokhghkpdifikmh"=hex:6a,61,6f,6f,6e,6b,6b,6a,66,6c,6d,69,66,63,64,6f,69,70,
62,62,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}\InProcServer32*]
"fanfnfeinpll"=hex:70,61,69,6f,69,6e,67,70,6a,64,69,6b,6b,6e,66,68,61,68,6e,68,
67,6c,66,6f,67,6a,6a,70,69,6b,62,6e,00,09
"nanfhdkckieeodggojgboinejpff"=hex:70,61,69,65,6d,6c,6a,6a,6f,66,64,63,64,6a,
6f,66,62,6d,68,66,67,6e,6d,62,6b,6e,64,61,67,65,64,62,00,09

[HKEY_LOCAL_MACHINE\software\MyWebSearch\SearchAssistant]
@DACL=(02 0000)
"pid"="ZRman000"
"fwp"="0"
"Dir"="c:\\Program Files\\MyWebSearch\\SrchAstt\\"
"sr"="11"
"pl"="26"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-03-23 9:44:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 08:44:04

Pre-Run: 35.217.403.904 bytes free
Post-Run: 35,277,467,648 bytes free

349 --- E O F --- 2009-03-12 02:01:15

Poslao: 23 Mar 2009 17:19
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\tvs2.exe

REGLOCK::
[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\MyWebSearch\SearchAssistant]

REGNULL::
[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}\InProcServer32*]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iemultjx"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
[-HKEY_LOCAL_MACHINE\software\MyWebSearch]
[-HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 24 Mar 2009 12:42
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

U ovim fajlovima je AVG pronašao trojance. Zbog toga sam vas i kontaktirao.
Da li da ih vratim jer posle skeniranja sa COMBOFIX-om AVG ništa ne javlja?



c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\tvs2.exe

Poslao: 24 Mar 2009 16:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne razumem šta me pitaš.

Da li si ispratio gornje uputstvo?

Ako jesi, log je C:\ComboFix.txt - postavi ga ovde.

Ako nisi, isprati ga.

Poslao: 25 Mar 2009 08:03
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

ComboFix 09-03-22.01 - Administrator 2009-03-25 7:50:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.543 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\n.tmp

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 13:13 . 2009-03-24 13:13 415 --a------ C:\AutoData2005XP.lnk
2009-03-24 09:55 . 2009-03-24 09:55 450 --a------ C:\Autodata CDA-3.lnk
2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-24 09:35 . 2009-03-24 09:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2009-03-24 08:23 . 2009-03-24 08:23 <DIR> d-------- c:\program files\MagicDisc
2009-03-24 08:23 . 2009-02-24 18:42 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-24 08:13 . 2009-03-24 08:13 2,581 -r-hs---- c:\windows\PCGWIN32.LI5
2009-03-24 08:10 . 2009-03-24 08:10 528 -r-hs---- c:\windows\PCGWIN32.LI4
2009-03-24 08:07 . 2009-03-24 08:07 <DIR> d-------- C:\ADCDTEMP
2009-03-24 07:46 . 2009-03-24 07:46 <DIR> d-------- c:\windows\Sun
2009-03-24 07:42 . 2009-03-24 07:43 <DIR> d-------- c:\program files\MagicISO
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-23 09:02 . 2009-03-23 09:02 37,662 --a------ c:\documents and settings\radomir.dasic\iemultjx.exe
2009-03-23 09:02 . 2009-03-23 09:02 33,634 --a------ c:\documents and settings\radomir.dasic\cmgrs.exe
2009-03-23 09:02 . 2009-03-23 09:02 8,552 --a------ c:\documents and settings\radomir.dasic\bv2.exe
2009-03-23 09:01 . 2009-03-23 09:01 30,782 --a------ c:\documents and settings\radomir.dasic\mscupdate.exe
2009-03-23 09:01 . 2009-03-23 09:01 18,944 --a------ c:\documents and settings\radomir.dasic\tvs2.exe
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-25 07:45 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-24 08:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 12:17 566,784 ----a-w c:\windows\~de74bc.tmp
2009-03-24 07:17 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:14 --------- d-----w c:\program files\EA GAMES
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-06 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\program files\NokiaFREE Unlock Codes Calculator
2009-02-24 09:56 --------- d-----w c:\program files\City Interactive
2009-02-24 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 9.43.06.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 06:54:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-03-24 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6f658-183e-11de-a72a-001e0baac5f9}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-25 07:54:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-03-25 7:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 06:56:13
ComboFix2.txt 2009-03-23 08:44:08

Pre-Run: 35.110.871.040 bytes free
Post-Run: 35,103,084,544 bytes free

318 --- E O F --- 2009-03-12 02:01:15

Poslao: 25 Mar 2009 16:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zamolio bih te da ponoviš postupak (potrebno je da iskopiraš sve što se nalazi unutar Kod polja).

Poslao: 26 Mar 2009 08:42
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

ComboFix 09-03-22.01 - Administrator 2009-03-26 8:27:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.520 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\tvs2.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-26 06:42 . 2009-03-26 06:42 <DIR> d-------- c:\windows\system32\?z
2009-03-25 09:02 . 2009-03-25 09:38 2,240 --a------ c:\windows\system32\esnecil.nlp
2009-03-25 09:02 . 2009-03-26 06:42 2,240 --a------ c:\windows\system32\esnecil.ind
2009-03-25 09:02 . 2009-03-25 09:38 4 --a------ c:\windows\vx86036.dat
2009-03-25 08:58 . 2009-03-25 08:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\WorkshopData
2009-03-25 08:58 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2009-03-25 08:58 . 2006-09-22 00:33 69,632 --a------ c:\windows\system32\Crypserv.exe
2009-03-25 08:58 . 2006-01-10 03:47 31,846 --a------ c:\windows\system32\Ckldrv.sys
2009-03-25 08:58 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2009-03-25 08:58 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2009-03-25 08:58 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2009-03-25 08:58 . 2009-03-25 08:58 84 --a------ c:\windows\Crypkey.ini
2009-03-25 08:45 . 2009-03-25 08:49 <DIR> d--h----- c:\program files\Zero G Registry
2009-03-25 08:45 . 2009-03-25 09:13 <DIR> d-------- c:\program files\Vivid WorkshopData ATI
2009-03-25 08:44 . 2009-03-25 08:44 <DIR> d--h----- c:\documents and settings\Administrator\InstallAnywhere
2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-24 09:35 . 2009-03-24 09:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2009-03-24 08:23 . 2009-03-24 08:23 <DIR> d-------- c:\program files\MagicDisc
2009-03-24 08:23 . 2009-02-24 18:42 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-24 08:13 . 2009-03-24 08:13 2,581 -r-hs---- c:\windows\PCGWIN32.LI5
2009-03-24 08:10 . 2009-03-24 08:10 528 -r-hs---- c:\windows\PCGWIN32.LI4
2009-03-24 07:46 . 2009-03-24 07:46 <DIR> d-------- c:\windows\Sun
2009-03-24 07:42 . 2009-03-24 07:43 <DIR> d-------- c:\program files\MagicISO
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-25 10:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-24 08:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 12:17 566,784 ------w c:\windows\~de74bc.tmp
2009-03-24 07:17 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:14 --------- d-----w c:\program files\EA GAMES
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-06 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\program files\NokiaFREE Unlock Codes Calculator
2009-02-24 09:56 --------- d-----w c:\program files\City Interactive
2009-02-24 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 9.43.06.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 13:00:41 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-03-25 07:10:34 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
- 2009-02-20 13:00:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-03-25 07:10:35 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
- 2009-02-20 13:00:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-03-25 07:10:35 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2009-02-20 13:00:42 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-03-25 07:10:35 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
- 2009-02-20 13:00:42 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-03-25 07:10:35 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2009-02-20 13:00:41 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-25 07:10:34 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-26 07:31:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6f658-183e-11de-a72a-001e0baac5f9}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-26 08:32:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-03-26 8:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-26 07:34:44
ComboFix2.txt 2009-03-25 06:56:17
ComboFix3.txt 2009-03-23 08:44:08

Pre-Run: 32.648.110.080 bytes free
Post-Run: 33,218,895,872 bytes free

354 --- E O F --- 2009-03-12 02:01:15

Poslao: 26 Mar 2009 17:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok. Ukoliko ne postoji neki konkretan problem,
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To bi bilo sve...

MyCity » Ambulanta -> Arhiva Ambulante » problem sa iemultjx.exe (log.txt)

Ko je trenutno na forumu
 

Ukupno su 980 korisnika na forumu :: 43 registrovanih, 6 sakrivenih i 931 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., amaterSRB, Apok, Bobrock1, ccoogg123, dankisha, darkojbn, dragoljub11987, dushan, flash12, Frunze, Georgius, goxin, hyla, ILGromovnik, janbo, Joja, JOntra, Još malo pa deda, Karla, Koridor, Krvava Devetka, mercedesamg, mocnijogurt, moldway, mrav pesadinac, nextyamb, NikolaC, ObelixSRB, Oscar, Petarvu, rasok, Romibrat, ruma, Srle993, strela, TheBeastOfMG, TITAN DUDIN JARAN, Trpe Grozni, vathra, Vatreni Zmaj, Zoca, žeks62