win32/agent trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-09.03 - Julija Tanaskovic 2009-01-10 17:40:01.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1520 [GMT 1:00]
Running from: c:\documents and settings\Julija Tanaskovic\Desktop\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Internet Explorer\msimg32.dll
c:\windows\system32\f3PSSavr.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-12-10 to 2009-01-10 )))))))))))))))))))))))))))))))
.

2009-01-10 12:11 . 2009-01-10 12:11 <DIR> d--h----- c:\windows\PIF
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- C:\DYNAMIX
2009-01-08 08:19 . 2009-01-08 08:19 250 --a------ c:\windows\gmer.ini
2009-01-05 08:48 . 2009-01-05 08:48 <DIR> d-------- c:\windows\Novogodisnja Carolija Uninstaller
2009-01-05 08:48 . 2006-12-08 16:53 888,832 --a------ c:\windows\Novogodisnja Carolija.scr
2009-01-05 08:48 . 2006-12-08 16:53 495,104 --a------ c:\windows\Novogodisnja Carolija FP7.exe
2009-01-05 08:48 . 2006-12-15 15:47 284,231 --a------ c:\windows\Novogodisnja Carolija.swf
2009-01-05 08:48 . 2006-11-04 21:42 161,078 --a------ c:\windows\Novogodisnja Carolija.bmp
2009-01-05 08:48 . 2006-11-12 17:55 23,558 --a------ c:\windows\Novogodisnja Carolija.ico
2009-01-05 08:48 . 2006-10-24 17:06 639 --a------ c:\windows\Novogodisnja Carolija FP7.swf
2009-01-05 08:48 . 2006-12-15 15:48 598 --a------ c:\windows\Novogodisnja Carolija.c1
2009-01-05 08:48 . 2006-12-15 15:48 598 --a------ c:\windows\Novogodisnja Carolija FP7.c1
2009-01-05 08:48 . 2006-10-08 19:33 0 --a------ c:\windows\Novogodisnja Carolija.ini
2009-01-04 15:28 . 2009-01-04 15:28 <DIR> d-------- c:\program files\VisualTaskTips
2009-01-03 13:20 . 2009-01-03 13:20 <DIR> d-------- c:\program files\LiveUpdate
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-01-03 13:19 . 2003-12-26 04:22 24,192 --a------ c:\windows\system32\drivers\OLD128B.tmp
2009-01-03 13:18 . 2009-01-03 13:19 <DIR> d-------- c:\program files\mobile PhoneTools
2009-01-03 13:18 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-02 16:47 . 2009-01-10 17:37 5 --a------ c:\windows\sbacknt.bin
2009-01-02 16:45 . 2009-01-03 07:32 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\vghd
2009-01-02 16:45 . 2009-01-03 14:38 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\program files\DVD Shrink
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-31 06:20 . 2008-12-31 06:20 8 --a------ c:\windows\system32\nvModes.dat
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\iolo
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-12-30 08:04 . 2008-12-30 08:04 <DIR> d-------- c:\program files\CoffeeCup Software
2008-12-30 08:04 . 2006-01-27 01:56 938,272 --a------ c:\windows\system32\wodFtpDLX.OCX
2008-12-30 08:04 . 2008-12-30 08:04 13 ---h----- c:\documents and settings\All Users\Application Data\1ÌØ13.sys
2008-12-29 17:03 . 2008-12-29 17:04 <DIR> d-------- c:\program files\Adrenaliner
2008-12-28 13:35 . 2008-12-30 13:35 <DIR> d-------- c:\temp\VIDEO_TS
2008-12-28 13:35 . 2008-12-28 13:35 <DIR> d-------- C:\Temp
2008-12-28 13:24 . 2008-12-28 13:24 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\dvdcss
2008-12-28 13:20 . 2008-12-28 13:20 <DIR> d-------- c:\program files\QuickTime
2008-12-28 13:20 . 2005-11-21 06:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-28 13:20 . 2005-11-21 06:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-27 13:11 . 2008-12-27 13:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Kaspersky_Key_Finder_(KKF
2008-12-27 12:35 . 2008-12-27 12:35 <DIR> d---s---- c:\documents and settings\Julija Tanaskovic\UserData
2008-12-26 11:14 . 2008-12-26 11:14 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\NeroDCTemplates
2008-12-26 10:26 . 2008-12-26 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-12-24 11:58 . 2008-12-24 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-24 11:45 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-12-24 11:45 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-12-24 11:45 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-12-24 11:45 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-12-24 11:45 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-12-24 11:45 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-12-24 11:45 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-12-24 11:45 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-12-24 11:45 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-12-24 11:45 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-12-24 11:45 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-12-23 09:49 . 2008-12-24 11:43 32 --a------ c:\windows\0
2008-12-23 09:49 . 2008-12-23 09:49 0 --a------ c:\windows\system32\0
2008-12-23 08:30 . 2008-12-23 08:30 <DIR> d-------- c:\program files\IVT Corporation
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Rapid Tools
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Ashampoo
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Ashampoo
2008-12-22 13:33 . 2008-12-22 13:33 <DIR> d-------- c:\program files\GameTop.com
2008-12-21 17:32 . 2008-12-21 17:32 <DIR> d-------- c:\program files\Formosoft
2008-12-21 17:32 . 2002-11-25 15:57 811,008 --a------ c:\windows\AquaReal.scr
2008-12-21 17:32 . 2002-11-15 17:56 131,072 --a------ c:\windows\SNVerifyDLL.dll
2008-12-21 13:00 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Crime Puzzle
2008-12-21 12:44 . 2008-12-22 16:57 <DIR> d-------- c:\program files\5 Spots II
2008-12-21 10:50 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-20 12:31 . 2008-12-20 12:31 <DIR> d-------- c:\program files\Aimersoft
2008-12-19 09:08 . 2009-01-05 10:35 <DIR> d-------- c:\program files\WinUAE
2008-12-17 07:00 . 2008-12-17 07:00 <DIR> d-------- C:\GoogleDeluxe2.9
2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-16 06:40 . 2008-12-27 15:42 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-15 14:17 . 2008-12-15 14:17 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Sahmon Games
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\FreeGamePick.com
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskSearch
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskBarDis
2008-12-15 08:52 . 2008-12-28 07:45 189 --a------ c:\windows\wininit.ini
2008-12-15 08:27 . 2009-01-10 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 10:13 . 2009-01-03 14:38 <DIR> d-------- c:\program files\vghd
2008-12-14 09:58 . 2008-12-14 10:34 <DIR> d-------- c:\program files\MorEmoticons
2008-12-14 09:57 . 2008-12-14 10:01 <DIR> d-------- C:\HiddenEmoticons.exe
2008-12-14 09:51 . 2008-12-27 13:50 <DIR> d-------- c:\program files\PFConfig
2008-12-14 09:41 . 2008-12-14 09:41 <DIR> d-------- c:\program files\GymGoal Lite
2008-12-13 12:40 . 2009-01-05 12:09 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\LimeWire
2008-12-13 09:12 . 2009-01-03 14:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\WeatherWatcher
2008-12-13 09:11 . 2009-01-05 10:44 <DIR> d-------- c:\program files\Weather Watcher
2008-12-13 09:11 . 2004-05-27 01:32 102,400 --a------ c:\windows\system32\unzip32.dll
2008-12-13 09:10 . 2008-12-13 09:10 <DIR> d-------- c:\program files\Secunia
2008-12-13 09:09 . 2008-12-15 08:23 <DIR> d-------- c:\program files\KlipFolio
2008-12-13 09:09 . 2008-12-29 06:06 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\KlipFolio
2008-12-12 15:47 . 2008-12-12 15:47 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Eyeblaster
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\GameHouse
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-12 15:40 . 2008-12-12 15:40 <DIR> d-------- c:\program files\GameHouse
2008-12-12 10:14 . 2008-12-12 10:14 <DIR> d-------- c:\program files\Yahoo!
2008-12-12 10:13 . 2009-01-01 11:12 <DIR> d-------- c:\program files\CCleaner
2008-12-12 10:10 . 2008-12-17 10:51 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar
2008-12-12 09:44 . 2008-12-12 09:44 <DIR> d-------- c:\windows\Sun
2008-12-11 10:12 . 2008-12-11 10:12 <DIR> d-------- c:\program files\ESET
2008-12-11 09:42 . 2008-12-11 09:42 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\DivX
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 09:16 . 2008-12-11 09:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-11 09:13 . 2008-12-19 10:50 <DIR> d-------- c:\program files\DivX
2008-12-11 09:13 . 2008-12-11 09:29 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Dr. DivX 2.0 OSS
2008-12-11 08:38 . 2008-12-11 08:38 <DIR> d-------- c:\program files\Trymedia
2008-12-11 08:38 . 2008-12-11 12:33 10 --a------ c:\windows\popcinfo.dat
2008-12-11 08:35 . 2008-12-11 08:37 <DIR> d-------- c:\program files\Your Uninstaller 2008
2008-12-11 08:35 . 2008-12-11 08:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\URSoft
2008-12-11 08:35 . 2009-01-10 17:28 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 08:29 . 2008-12-11 08:29 <DIR> d-------- c:\program files\ReflexiveArcade
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\program files\Zylom Games
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Zylom
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\windows\Don't Get Angry 2
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\program files\Don't Get Angry 2
2008-12-11 03:00 . 2008-12-11 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-10 15:37 . 2008-12-10 15:37 7,680 --a------ C:\AssistentGraph.grf
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\windows\Profiles
2008-12-10 15:36 . 2008-12-14 12:59 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\InterTrust
2008-12-10 15:35 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-10 15:32 . 1995-05-05 11:50 14,025 --------- c:\windows\TWAINCAP.INI
2008-12-10 15:32 . 1997-06-11 09:02 5,526 --------- c:\windows\TWAINCAP.SRC

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-10 16:41 16,608 ----a-w c:\windows\gdrv.sys
2009-01-10 16:24 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uTorrent
2009-01-05 11:05 --------- d-----w c:\program files\eMule
2009-01-03 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\skypePM
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Skype
2008-12-23 12:28 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-18 10:08 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Canon
2008-12-10 14:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-07 09:09 --------- d-----w c:\program files\Canon
2008-12-07 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-07 09:06 --------- d-----w c:\program files\ScanSoft
2008-12-07 09:06 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-07 09:06 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ScanSoft
2008-12-07 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-07 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-07 09:03 --------- d--h--w c:\program files\CanonBJ
2008-12-07 09:03 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-04 08:07 --------- d-----w c:\program files\MSBuild
2008-12-04 08:04 --------- d-----w c:\program files\MSXML 6.0
2008-12-04 07:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-04 07:34 --------- d-----w c:\program files\Java
2008-12-04 07:30 --------- d-----w c:\program files\LimeWire
2008-12-04 07:16 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-04 07:16 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-04 07:16 --------- d-----w c:\program files\Real
2008-12-04 07:16 --------- d-----w c:\program files\Common Files\xing shared
2008-12-04 07:16 --------- d-----w c:\program files\Common Files\Real
2008-12-03 15:30 --------- d-----w c:\program files\ESTsoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESTSoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft
2008-12-03 11:27 --------- d-----w c:\program files\vanBasco's Karaoke Player
2008-12-02 16:14 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\CoSoSys
2008-12-02 13:28 --------- d-----w c:\program files\FormatFactory
2008-12-02 10:04 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Winamp
2008-12-02 09:44 --------- d-----w c:\program files\Skype
2008-12-02 09:44 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-02 09:13 --------- d-----w c:\program files\Winamp
2008-12-02 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-02 06:45 --------- d-----w c:\program files\Webshots
2008-12-02 06:45 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Webshots
2008-12-02 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\Google
2008-12-02 06:39 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\GRETECH
2008-12-02 05:44 --------- d-----w c:\program files\Uniblue
2008-12-02 05:44 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uniblue
2008-12-02 05:42 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 05:27 --------- d-----w c:\program files\uTorrent
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft.NET
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft Works
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-27 10:19 --------- d-----w c:\program files\Common Files\L&H
2008-11-27 10:11 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESET
2008-11-27 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-27 10:02 --------- d-----w c:\program files\Ahead
2008-11-27 10:01 --------- d-----w c:\program files\Common Files\Nero
2008-11-27 10:00 --------- d-----w c:\program files\Common Files\Ahead
2008-11-27 10:00 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-25 15:16 --------- d-----w c:\program files\Common Files\Logitech
2008-11-25 15:12 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:09 --------- d-----w c:\program files\XpertVision
2008-11-25 15:01 --------- d-----w c:\program files\Realtek
2008-11-25 15:01 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\InstallShield
2008-11-25 15:00 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 14:57 --------- d-----w c:\program files\Intel
2008-11-25 14:57 --------- d-----w c:\program files\GIGABYTE
2008-11-25 14:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_12.53.11.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-08 07:19:43 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-17 20:13:02 811,008 ----a-w c:\windows\gmer.exe
+ 2009-01-05 07:48:08 697,168 ----a-w c:\windows\Novogodisnja Carolija Uninstaller\unins000.exe
- 2008-10-16 10:37:05 3,059,712 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 -c--a-w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-08 07:19:43 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2008-10-16 10:37:05 3,059,712 ----a-w c:\windows\system32\mshtml.dll
+ 2008-12-12 17:33:23 3,060,224 ----a-w c:\windows\system32\mshtml.dll
- 2007-07-27 08:41:40 16,760 ----a-w c:\windows\system32\spmsg.dll
+ 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2009-01-10 16:36:34 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_578.dat
+ 2006-12-01 20:56:00 96,256 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_cbb27474\ATL80.dll
+ 2006-12-01 20:54:32 479,232 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2006-12-01 20:54:34 548,864 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-01 20:54:32 626,688 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-01 22:25:52 1,101,824 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80.dll
+ 2006-12-01 22:25:56 1,093,120 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfc80u.dll
+ 2006-12-01 22:25:58 69,632 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80.dll
+ 2006-12-01 22:26:00 57,856 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\mfcm80u.dll
+ 2006-12-01 22:08:00 40,960 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHS.dll
+ 2006-12-01 22:08:00 45,056 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80CHT.dll
+ 2006-12-01 22:08:00 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80DEU.dll
+ 2006-12-01 22:08:00 57,344 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ENU.dll
+ 2006-12-01 22:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ESP.dll
+ 2006-12-01 22:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80FRA.dll
+ 2006-12-01 22:08:00 61,440 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80ITA.dll
+ 2006-12-01 22:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80JPN.dll
+ 2006-12-01 22:08:00 49,152 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\mfc80KOR.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 68856]
"UpdateStar"="c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe" [2008-12-16 4362480]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 34816]
"GetChristmas"="c:\documents and settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"MyWebSearch Plugin"="c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Julija Tanaskovic\Start Menu\Programs\Startup\
Adrenaliner.lnk.disabled [2008-12-29 768]
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-01-02 357712]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2008-12-24 1593]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-12-10 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcBtUm]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.PIM1"= PCLEPIM1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-09 504832]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-11-25 47624]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-12-10 6400]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2008-12-31 5969]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-448539723-839522115-1003.job
- c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 06:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
BHO-{853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
BHO-{8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
BHO-{9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
BHO-{9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
BHO-{A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
BHO-{A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
BHO-{A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
BHO-{A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
BHO-{A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - (no file)
BHO-{B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
BHO-{B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
BHO-{C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
BHO-{D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
BHO-{D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
BHO-{EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
BHO-{F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
BHO-{FDF22357-56C0-47DF-A8F2-DF8533B2B005} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
IE: &Webshots Photo Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth
IE: Send via &Message...
FF - ProfilePath - c:\documents and settings\Julija Tanaskovic\Application Data\Mozilla\Firefox\Profiles\44o6kv2o.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - http:/www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-10 17:41:02
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-583907252-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A169A993-044A-D7BB-6FC1-7BBE6BB20249}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhdfbabgjeifgegeimjebgkhhiobpmdkn"=hex:61,61,00,00
"bbhdfbabgjeifgegeihjnefjinfeiocdkgik"=hex:61,61,00,00
.
Completion time: 2009-01-10 17:41:50
ComboFix-quarantined-files.txt 2009-01-10 16:41:48
ComboFix2.txt 2009-01-04 15:22:38
ComboFix3.txt 2009-01-04 11:53:34

Pre-Run: 110,711,832,576 bytes free
Post-Run: 110,699,601,920 bytes free

408 --- E O F --- 2009-01-05 02:00:30

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GetChristmas"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MyWebSearch Plugin"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcBtUm]

DDS::
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-10.02 - Julija Tanaskovic 2009-01-11 9:26:19.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1585 [GMT 1:00]
Running from: c:\documents and settings\Julija Tanaskovic\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Julija Tanaskovic\Desktop\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
* Created a new restore point

FILE ::
c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
.

((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-10 12:11 . 2009-01-10 12:11 <DIR> d--h----- c:\windows\PIF
2009-01-09 14:49 . 2009-01-09 14:49 <DIR> d-------- C:\DYNAMIX
2009-01-08 08:19 . 2009-01-08 08:19 250 --a------ c:\windows\gmer.ini
2009-01-05 08:48 . 2009-01-05 08:48 <DIR> d-------- c:\windows\Novogodisnja Carolija Uninstaller
2009-01-05 08:48 . 2006-12-08 16:53 888,832 --a------ c:\windows\Novogodisnja Carolija.scr
2009-01-05 08:48 . 2006-12-08 16:53 495,104 --a------ c:\windows\Novogodisnja Carolija FP7.exe
2009-01-05 08:48 . 2006-12-15 15:47 284,231 --a------ c:\windows\Novogodisnja Carolija.swf
2009-01-05 08:48 . 2006-11-04 21:42 161,078 --a------ c:\windows\Novogodisnja Carolija.bmp
2009-01-05 08:48 . 2006-11-12 17:55 23,558 --a------ c:\windows\Novogodisnja Carolija.ico
2009-01-05 08:48 . 2006-10-24 17:06 639 --a------ c:\windows\Novogodisnja Carolija FP7.swf
2009-01-05 08:48 . 2006-12-15 15:48 598 --a------ c:\windows\Novogodisnja Carolija.c1
2009-01-05 08:48 . 2006-12-15 15:48 598 --a------ c:\windows\Novogodisnja Carolija FP7.c1
2009-01-05 08:48 . 2006-10-08 19:33 0 --a------ c:\windows\Novogodisnja Carolija.ini
2009-01-04 15:28 . 2009-01-04 15:28 <DIR> d-------- c:\program files\VisualTaskTips
2009-01-03 13:20 . 2009-01-03 13:20 <DIR> d-------- c:\program files\LiveUpdate
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-01-03 13:19 . 2003-12-26 04:22 24,192 --a------ c:\windows\system32\drivers\OLD128B.tmp
2009-01-03 13:18 . 2009-01-03 13:19 <DIR> d-------- c:\program files\mobile PhoneTools
2009-01-03 13:18 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-02 16:47 . 2009-01-11 09:19 5 --a------ c:\windows\sbacknt.bin
2009-01-02 16:45 . 2009-01-03 07:32 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\vghd
2009-01-02 16:45 . 2009-01-03 14:38 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\program files\DVD Shrink
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-31 06:20 . 2008-12-31 06:20 8 --a------ c:\windows\system32\nvModes.dat
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\iolo
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-12-30 08:04 . 2008-12-30 08:04 <DIR> d-------- c:\program files\CoffeeCup Software
2008-12-30 08:04 . 2006-01-27 01:56 938,272 --a------ c:\windows\system32\wodFtpDLX.OCX
2008-12-30 08:04 . 2008-12-30 08:04 13 ---h----- c:\documents and settings\All Users\Application Data\1ÌØ13.sys
2008-12-29 17:03 . 2009-01-11 09:04 <DIR> d-------- c:\program files\Adrenaliner
2008-12-28 13:35 . 2008-12-30 13:35 <DIR> d-------- c:\temp\VIDEO_TS
2008-12-28 13:35 . 2008-12-28 13:35 <DIR> d-------- C:\Temp
2008-12-28 13:24 . 2008-12-28 13:24 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\dvdcss
2008-12-28 13:20 . 2008-12-28 13:20 <DIR> d-------- c:\program files\QuickTime
2008-12-28 13:20 . 2005-11-21 06:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-28 13:20 . 2005-11-21 06:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-27 13:11 . 2008-12-27 13:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Kaspersky_Key_Finder_(KKF
2008-12-27 12:35 . 2008-12-27 12:35 <DIR> d---s---- c:\documents and settings\Julija Tanaskovic\UserData
2008-12-26 11:14 . 2008-12-26 11:14 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\NeroDCTemplates
2008-12-26 10:26 . 2008-12-26 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-12-24 11:58 . 2008-12-24 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-24 11:45 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-12-24 11:45 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-12-24 11:45 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-12-24 11:45 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-12-24 11:45 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-12-24 11:45 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-12-24 11:45 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-12-24 11:45 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-12-24 11:45 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-12-24 11:45 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-12-24 11:45 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-12-23 09:49 . 2008-12-24 11:43 32 --a------ c:\windows\0
2008-12-23 09:49 . 2008-12-23 09:49 0 --a------ c:\windows\system32\0
2008-12-23 08:30 . 2008-12-23 08:30 <DIR> d-------- c:\program files\IVT Corporation
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Rapid Tools
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Ashampoo
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Ashampoo
2008-12-22 13:33 . 2008-12-22 13:33 <DIR> d-------- c:\program files\GameTop.com
2008-12-21 17:32 . 2008-12-21 17:32 <DIR> d-------- c:\program files\Formosoft
2008-12-21 17:32 . 2002-11-25 15:57 811,008 --a------ c:\windows\AquaReal.scr
2008-12-21 17:32 . 2002-11-15 17:56 131,072 --a------ c:\windows\SNVerifyDLL.dll
2008-12-21 13:00 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Crime Puzzle
2008-12-21 12:44 . 2008-12-22 16:57 <DIR> d-------- c:\program files\5 Spots II
2008-12-21 10:50 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-20 12:31 . 2008-12-20 12:31 <DIR> d-------- c:\program files\Aimersoft
2008-12-19 09:08 . 2009-01-05 10:35 <DIR> d-------- c:\program files\WinUAE
2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-16 06:40 . 2008-12-27 15:42 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-15 14:17 . 2008-12-15 14:17 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Sahmon Games
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\FreeGamePick.com
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskSearch
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskBarDis
2008-12-15 08:52 . 2008-12-28 07:45 189 --a------ c:\windows\wininit.ini
2008-12-15 08:27 . 2009-01-10 17:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 10:13 . 2009-01-03 14:38 <DIR> d-------- c:\program files\vghd
2008-12-14 09:58 . 2008-12-14 10:34 <DIR> d-------- c:\program files\MorEmoticons
2008-12-14 09:57 . 2008-12-14 10:01 <DIR> d-------- C:\HiddenEmoticons.exe
2008-12-14 09:51 . 2008-12-27 13:50 <DIR> d-------- c:\program files\PFConfig
2008-12-14 09:41 . 2008-12-14 09:41 <DIR> d-------- c:\program files\GymGoal Lite
2008-12-13 12:40 . 2009-01-05 12:09 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\LimeWire
2008-12-13 09:12 . 2009-01-03 14:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\WeatherWatcher
2008-12-13 09:11 . 2009-01-05 10:44 <DIR> d-------- c:\program files\Weather Watcher
2008-12-13 09:11 . 2004-05-27 01:32 102,400 --a------ c:\windows\system32\unzip32.dll
2008-12-13 09:10 . 2008-12-13 09:10 <DIR> d-------- c:\program files\Secunia
2008-12-13 09:09 . 2008-12-15 08:23 <DIR> d-------- c:\program files\KlipFolio
2008-12-13 09:09 . 2008-12-29 06:06 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\KlipFolio
2008-12-12 15:47 . 2008-12-12 15:47 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Eyeblaster
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\GameHouse
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-12 15:40 . 2008-12-12 15:40 <DIR> d-------- c:\program files\GameHouse
2008-12-12 10:14 . 2008-12-12 10:14 <DIR> d-------- c:\program files\Yahoo!
2008-12-12 10:13 . 2009-01-01 11:12 <DIR> d-------- c:\program files\CCleaner
2008-12-12 10:10 . 2008-12-17 10:51 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar
2008-12-12 09:44 . 2008-12-12 09:44 <DIR> d-------- c:\windows\Sun
2008-12-11 10:12 . 2008-12-11 10:12 <DIR> d-------- c:\program files\ESET
2008-12-11 09:42 . 2008-12-11 09:42 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\DivX
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 09:16 . 2008-12-11 09:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-11 09:13 . 2008-12-19 10:50 <DIR> d-------- c:\program files\DivX
2008-12-11 09:13 . 2008-12-11 09:29 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Dr. DivX 2.0 OSS
2008-12-11 08:38 . 2008-12-11 08:38 <DIR> d-------- c:\program files\Trymedia
2008-12-11 08:38 . 2008-12-11 12:33 10 --a------ c:\windows\popcinfo.dat
2008-12-11 08:35 . 2008-12-11 08:37 <DIR> d-------- c:\program files\Your Uninstaller 2008
2008-12-11 08:35 . 2008-12-11 08:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\URSoft
2008-12-11 08:35 . 2009-01-10 17:48 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 08:29 . 2008-12-11 08:29 <DIR> d-------- c:\program files\ReflexiveArcade
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\program files\Zylom Games
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Zylom
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\windows\Don't Get Angry 2
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\program files\Don't Get Angry 2
2008-12-11 03:00 . 2008-12-11 03:00 <DIR> d-------- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-11 08:27 16,608 ----a-w c:\windows\gdrv.sys
2009-01-10 20:45 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uTorrent
2009-01-05 11:05 --------- d-----w c:\program files\eMule
2009-01-03 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\skypePM
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Skype
2008-12-23 12:28 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-18 10:08 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Canon
2008-12-14 11:59 --------- d-----w c:\program files\Common Files\Adobe
2008-12-10 14:36 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\InterTrust
2008-12-10 14:31 --------- d-----w c:\program files\Pinnacle
2008-12-10 14:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-10 09:05 --------- d-----w c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-07 09:09 --------- d-----w c:\program files\Canon
2008-12-07 09:09 --------- d-----w c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-07 09:06 --------- d-----w c:\program files\ScanSoft
2008-12-07 09:06 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-07 09:06 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ScanSoft
2008-12-07 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\ScanSoft
2008-12-07 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield
2008-12-07 09:03 --------- d--h--w c:\program files\CanonBJ
2008-12-07 09:03 --------- d--h--w c:\documents and settings\All Users\Application Data\CanonBJ
2008-12-04 08:07 --------- d-----w c:\program files\MSBuild
2008-12-04 08:04 --------- d-----w c:\program files\MSXML 6.0
2008-12-04 07:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-12-04 07:34 --------- d-----w c:\program files\Java
2008-12-04 07:30 --------- d-----w c:\program files\LimeWire
2008-12-04 07:16 499,712 ----a-w c:\windows\system32\msvcp71.dll
2008-12-04 07:16 348,160 ----a-w c:\windows\system32\msvcr71.dll
2008-12-04 07:16 --------- d-----w c:\program files\Real
2008-12-04 07:16 --------- d-----w c:\program files\Common Files\xing shared
2008-12-04 07:16 --------- d-----w c:\program files\Common Files\Real
2008-12-03 15:30 --------- d-----w c:\program files\ESTsoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESTSoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft
2008-12-03 11:27 --------- d-----w c:\program files\vanBasco's Karaoke Player
2008-12-02 16:14 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\CoSoSys
2008-12-02 13:28 --------- d-----w c:\program files\FormatFactory
2008-12-02 10:04 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Winamp
2008-12-02 09:44 --------- d-----w c:\program files\Skype
2008-12-02 09:44 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-02 09:13 --------- d-----w c:\program files\Winamp
2008-12-02 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-02 06:45 --------- d-----w c:\program files\Webshots
2008-12-02 06:45 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Webshots
2008-12-02 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\Google
2008-12-02 06:39 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\GRETECH
2008-12-02 05:44 --------- d-----w c:\program files\Uniblue
2008-12-02 05:44 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uniblue
2008-12-02 05:42 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 05:27 --------- d-----w c:\program files\uTorrent
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft.NET
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft Works
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-27 10:19 --------- d-----w c:\program files\Common Files\L&H
2008-11-27 10:11 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESET
2008-11-27 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-27 10:02 --------- d-----w c:\program files\Ahead
2008-11-27 10:01 --------- d-----w c:\program files\Common Files\Nero
2008-11-27 10:00 --------- d-----w c:\program files\Common Files\Ahead
2008-11-27 10:00 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-25 15:16 --------- d-----w c:\program files\Common Files\Logitech
2008-11-25 15:12 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:09 --------- d-----w c:\program files\XpertVision
2008-11-25 15:01 --------- d-----w c:\program files\Realtek
2008-11-25 15:01 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\InstallShield
2008-11-25 15:00 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 14:57 --------- d-----w c:\program files\Intel
2008-11-25 14:57 --------- d-----w c:\program files\GIGABYTE
2008-11-25 14:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot_2009-01-10_17.41.15.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-11 08:18:36 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_594.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 68856]
"UpdateStar"="c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe" [2008-12-16 4362480]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Julija Tanaskovic\Start Menu\Programs\Startup\
Adrenaliner.lnk.disabled [2008-12-29 768]
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-01-02 357712]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2008-12-24 1593]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-12-10 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.PIM1"= PCLEPIM1.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-09 504832]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-11-25 47624]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-12-10 6400]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2008-12-31 5969]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-448539723-839522115-1003.job
- c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 06:48]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Webshots Photo Search
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth
IE: Send via &Message...
FF - ProfilePath - c:\documents and settings\Julija Tanaskovic\Application Data\Mozilla\Firefox\Profiles\44o6kv2o.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - http:/www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 09:27:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-583907252-448539723-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-583907252-448539723-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A169A993-044A-D7BB-6FC1-7BBE6BB20249}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abhdfbabgjeifgegeimjebgkhhiobpmdkn"=hex:61,61,00,00
"bbhdfbabgjeifgegeihjnefjinfeiocdkgik"=hex:61,61,00,00
.
Completion time: 2009-01-11 9:28:02
ComboFix-quarantined-files.txt 2009-01-11 08:28:00
ComboFix2.txt 2009-01-11 08:11:28
ComboFix3.txt 2009-01-11 08:06:08
ComboFix4.txt 2009-01-10 16:41:51
ComboFix5.txt 2009-01-11 08:25:59

Pre-Run: 110,622,470,144 bytes free
Post-Run: 110,610,358,272 bytes free

344 --- E O F --- 2009-01-05 02:00:30

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok.

Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Neizvrsava deinstalaciju vec mi daje poruku da sam dobro napisao ime fajla ali da windows nemoze da ga pronadje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Između combofix i /u treba da postoji razmak - probaj opet.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

probao sam i sa razmakom,ibez razmaka,isa dva razmaka i sa velikim C iF i uvek daje istu poruku "Windowscannot find combofix. Make sure you typed the name correctly, and then try again. to search for a file,clisk the start button and then click Search"

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok.

Obriši folder C:\qoobox

Zatim isključi a onda opet uključi System Restore:

http://www.mycity.rs/Uputstva/Kako-iskljuciti-uklj.....Vista.html


To je sve.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradio sam kako je receno,posle toga sam preskenirao sa "norton security scan-om i nod-om " i sa oba rezultati su negativni. Medjutim RegistryBoster mi je nasao 321 problem u registrima a samo je 15 popravio. Treba li sta dalje raditi. Problem sa nod-om je i dalje isti?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Na tvom kompjuteru više nema malware-a.

Što se tiče RegistryBooster-a... Program ni nije poznat i to je pitanje za forum Aplikacije (ili prosto ignoriši, pošto je totalno nebitno).


Što se tiče NOD-a... Problem je verovatno u samom programu.

Mada, sama ta priča da se ugasi nakon minut - dva a da je inače sasvim funkcionalan (može da skenira), mi nema mnogo smisla.

Uopšte, kako znaš da se ugasi? Nestane mu ikonica iz system tray-a (tamo kod sata)?