Upomoc! Skinuo sam vundo, komp spor, nece na Google

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jun 2009 21:29

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:31, on 28-Jun-09
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Nesa\Desktop\New Folder\TR3.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {910827DC-C480-4E7A-BD31-8D09DC1571AC} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Babylon - {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - C:\Program Files\Babylon\Babylon Toolbar\BabylonIEToolBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [Toshiba Hotkey Utility] "C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe" /lang en
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TDispVol] TDispVol.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe"
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [VisualTaskTips] "C:\Program Files\VisualTaskTips\VisualTaskTips.exe" noTrayIcon
O4 - HKCU\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\system32\WFXSVC.EXE

--
End of file - 10679 bytes


Dobro sam upoznat sa radom na PC-u i koristim ESET i superantispyware. Zena gledala sajtove za more i pokupila brdo virusa. Sad ne mogu na Google, Yahoo i FB.

Ocistio sam sa Superantispywareom 24 Vundo trojanca, ali to ocigledno nije sve, jer komp i dalje nece na Google...

Koristim ADSL na 4 mbps i probao sam 20 programa za skidanje virusa danas, ali nista. Ni Malwarebytes ne otkriva nista a u safe modu mogu na net, dok kada se konp ucita na normalni mod onda je spor i nece na Google i sporo sve radi.

Molim vas za hitnu pomoc jer vise ne znam sta da radim.

Dopuna: 28 Jun 2009 21:39

Jos da kazem da imam instaliran i ComboFix i spreman sam da uraim sve potrebne analize i akcije momentalno

Dopuna: 28 Jun 2009 21:50

Inace HJT je uradjen u safemodu bez aktiviranih antivirusa i bez i jednog podignutog programa. System idle process je bio 99%.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iz loga ja ne vidim nista sporno, osim da Avast nije do kraja nesto deinstaliran.

Skeniraj ComboFixom kad si ga vec skinuo, pa stavi log.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jun 2009 22:05

evo skeniram - a ni jedan antivirus ne javlja vise prisustvo virusa - ali Firefox, IE, Opera i Crhome i dalje ne mogu direktno na google u normalnom modu vec samo u safe modu. Kada je u normalnom modu komp se pali kao puz i sporiji je za 50 posto. Firefix se pali po minut i ne moze na google. Ceo komp je sporiji - a kod ranijih infekcija Vundom ili Virtumondom isto je bilo sa istim znacima. Samo ovaj put je skinuo par zarazenih fajlova sa Superantispywareom ali problem nije resen.

Skoro sam 100% siguran da je infekcija u boot-u, u systemu 32 i u rootu. Uz regedit sam nasao nesto za sta sumnjam da stvara problem ali nisam siguran.

Saljem Combo fajl za minut.

Dopuna: 28 Jun 2009 22:13

ComboFix 09-06-26.02 - Nesa 28-Jun-09 22:10.2 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2616 [GMT 2:00]
Running from: c:\documents and settings\Nesa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 19:14 . 2009-06-28 19:14 -------- d-----w- c:\documents and settings\Nesa\DoctorWeb
2009-06-28 17:15 . 2009-06-28 17:15 -------- d-----w- c:\program files\ESET
2009-06-28 16:55 . 2009-06-28 17:03 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-28 16:30 . 2009-06-28 17:04 -------- d-----w- c:\program files\BitDefender
2009-06-28 16:30 . 2009-06-28 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-28 16:28 . 2009-06-28 17:04 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-28 15:13 . 2009-03-12 08:17 2902048 -c----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-28 15:13 . 2009-06-28 17:01 -------- d-----w- c:\program files\Lavasoft
2009-06-28 15:13 . 2009-06-28 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-28 14:51 . 2009-06-28 14:51 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-06-28 14:50 . 2009-06-28 14:50 -------- d-----w- c:\windows\ERUNT
2009-06-28 14:37 . 2009-06-28 17:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-28 14:24 . 2009-06-28 16:19 -------- d-----w- c:\program files\Panda Security
2009-06-28 14:13 . 2009-06-28 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-28 12:21 . 2009-06-28 12:21 -------- d-----w- c:\windows\Sun
2009-06-28 11:50 . 2009-06-28 11:50 -------- d-----w- c:\program files\Windows Defender
2009-06-27 20:34 . 2009-06-27 21:07 -------- d-----w- c:\program files\Exterminate It!
2009-06-27 19:46 . 2009-06-27 19:46 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 15:14 . 2009-06-27 15:14 -------- d-----w- c:\program files\AVG
2009-06-27 13:40 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-27 13:40 . 2009-06-27 14:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-27 13:40 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-27 13:40 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\documents and settings\Nesa\Application Data\PC Tools
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-27 10:56 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 10:56 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 10:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-27 10:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-27 10:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-27 10:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 10:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 10:55 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\documents and settings\Nesa\Application Data\GetRightToGo
2009-06-27 07:57 . 2009-06-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-26 23:07 . 2009-06-26 23:07 -------- d-----w- c:\documents and settings\Nesa\Application Data\Malwarebytes
2009-06-26 23:07 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 23:07 . 2009-06-26 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-26 23:07 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 23:06 . 2009-06-27 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:14 . 2008-06-18 17:25 -------- d-----w- c:\documents and settings\Nesa\Application Data\DMCache
2009-06-28 19:17 . 2008-06-14 19:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 19:13 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM5.dll
2009-06-28 19:13 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM4.dll
2009-06-28 19:13 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM3.dll
2009-06-28 19:13 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM2.dll
2009-06-28 19:13 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM1.dll
2009-06-28 19:13 . 2008-06-18 17:25 -------- d-----w- c:\documents and settings\Nesa\Application Data\IDM
2009-06-28 19:11 . 2008-06-18 16:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-28 18:28 . 2008-06-18 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-06-28 17:29 . 2009-03-30 17:25 117760 ----a-w- c:\documents and settings\Nesa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 16:21 . 2009-03-30 17:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 01:41 . 2009-05-25 01:41 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\English\setup.exe
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 09:39 . 2009-05-01 09:39 -------- d-----w- c:\documents and settings\Nesa\Application Data\Samsung
2009-05-01 09:37 . 2007-07-25 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 09:36 . 2009-05-01 09:29 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-01 09:29 . 2009-05-01 09:29 -------- d-----w- c:\program files\Samsung
2009-04-30 16:44 . 2009-04-30 16:40 -------- d-----w- c:\program files\The KMPlayer
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\documents and settings\Nesa\Application Data\pcouffin.sys
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\documents and settings\Nesa\Application Data\pcouffin.sys
2008-06-14 04:31 . 2008-06-14 04:31 8988 ----a-w- c:\program files\matroxl.log
2008-06-14 04:19 . 2008-06-14 04:19 1351 ----a-w- c:\program files\Cult3D Acrobat Plug-in.log
2009-03-05 16:08 . 2009-06-28 16:38 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-06-18 17:33 . 2008-06-18 17:30 24 --sh--w- c:\windows\S0EA6D367.tmp
2004-10-13 16:24 . 2008-06-14 04:39 1694208 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-06-27_19.43.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-29 06:05 . 2008-07-29 06:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90ud.dll
+ 2008-07-29 04:07 . 2008-07-29 04:07 80896 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfcm90d.dll
+ 2003-04-18 14:29 . 2003-04-18 14:29 82432 c:\windows\system32\msxml4r.dll
- 2002-02-04 00:43 . 2002-02-04 00:43 82432 c:\windows\system32\msxml4r.dll
+ 2002-01-05 01:38 . 2002-01-05 01:38 54784 c:\windows\system32\msvci70.dll
+ 2009-06-27 19:46 . 2008-10-16 13:09 51224 c:\windows\system32\dllcache\cache\wuauclt.exe
+ 2009-06-27 19:46 . 2008-04-14 00:12 82432 c:\windows\system32\dllcache\cache\ws2_32.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 26112 c:\windows\system32\dllcache\cache\userinit.exe
+ 2009-06-27 19:46 . 2008-04-14 00:12 14336 c:\windows\system32\dllcache\cache\svchost.exe
+ 2009-06-27 19:46 . 2008-04-14 00:12 57856 c:\windows\system32\dllcache\cache\spoolsv.exe
+ 2009-06-27 19:46 . 2008-04-14 00:12 17408 c:\windows\system32\dllcache\cache\powrprof.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 13312 c:\windows\system32\dllcache\cache\lsass.exe
+ 2009-06-27 19:46 . 2008-04-13 18:39 24576 c:\windows\system32\dllcache\cache\kbdclass.sys
+ 2009-06-27 19:46 . 2008-04-13 18:53 36608 c:\windows\system32\dllcache\cache\ip6fw.sys
+ 2009-06-27 19:46 . 2008-04-14 00:12 15360 c:\windows\system32\dllcache\cache\ctfmon.exe
+ 2009-06-28 17:16 . 2009-06-28 17:16 97360 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\egui.exe
+ 2009-06-28 17:16 . 2009-06-28 17:16 10134 c:\windows\Installer\{71CBF9BB-7E07-4A9D-BF30-84C11810B242}\callmsi.exe
+ 2008-07-29 06:05 . 2008-07-29 06:05 875520 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcp90d.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 312832 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcm90d.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 01:54 . 2008-07-29 01:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2003-02-21 02:42 . 2003-02-21 02:42 348160 c:\windows\system32\msvcr71.dll
- 2003-02-21 19:42 . 2003-02-21 19:42 348160 c:\windows\system32\msvcr71.dll
+ 2002-01-05 00:37 . 2002-01-05 00:37 344064 c:\windows\system32\msvcr70.dll
+ 2003-03-18 18:14 . 2003-03-18 18:14 499712 c:\windows\system32\msvcp71.dll
- 2003-03-19 11:14 . 2003-03-19 11:14 499712 c:\windows\system32\msvcp71.dll
+ 2002-01-05 01:40 . 2002-01-05 01:40 487424 c:\windows\system32\msvcp70.dll
+ 2002-01-05 01:36 . 2002-01-05 01:36 964608 c:\windows\system32\mfc70u.dll
+ 2002-01-05 01:48 . 2002-01-05 01:48 974848 c:\windows\system32\mfc70.dll
+ 2004-03-31 11:28 . 2004-03-31 11:28 131072 c:\windows\system32\mapi32.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 507904 c:\windows\system32\dllcache\cache\winlogon.exe
+ 2009-06-27 19:46 . 2008-10-16 01:00 666112 c:\windows\system32\dllcache\cache\wininet.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 578560 c:\windows\system32\dllcache\cache\user32.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 295424 c:\windows\system32\dllcache\cache\termsrv.dll
+ 2009-06-27 19:46 . 2008-06-20 11:51 361600 c:\windows\system32\dllcache\cache\tcpip.sys
+ 2009-06-27 19:46 . 2008-04-14 00:12 108544 c:\windows\system32\dllcache\cache\services.exe
+ 2009-06-27 19:46 . 2008-04-13 19:20 182656 c:\windows\system32\dllcache\cache\ndis.sys
+ 2009-06-27 19:46 . 2008-04-14 00:11 989696 c:\windows\system32\dllcache\cache\kernel32.dll
+ 2009-06-27 19:46 . 2008-04-14 00:11 110080 c:\windows\system32\dllcache\cache\imm32.dll
+ 2009-06-27 19:46 . 2008-04-14 00:11 167936 c:\windows\system32\dllcache\cache\appmgmts.dll
+ 2007-04-11 09:11 . 2007-04-11 09:11 511328 c:\windows\system32\capicom.dll
+ 2009-06-28 14:50 . 2009-06-28 14:50 217088 c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
+ 2009-06-28 14:50 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2009-06-28 14:50 . 2009-06-28 14:50 217088 c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2009-06-28 14:50 . 2008-08-07 13:27 163328 c:\windows\ERUNT\SDFIX\ERDNT.EXE
+ 2008-07-29 06:05 . 2008-07-29 06:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 5982720 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90ud.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 5937144 c:\windows\WinSxS\x86_Microsoft.VC90.DebugMFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_c94a3a24\mfc90d.dll
+ 2008-07-29 06:05 . 2008-07-29 06:05 1180672 c:\windows\WinSxS\x86_Microsoft.VC90.DebugCRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_f863c71f\msvcr90d.dll
+ 2003-04-18 14:46 . 2003-04-18 14:46 1233920 c:\windows\system32\msxml4.dll
+ 2003-03-18 19:12 . 2003-03-18 19:12 1047552 c:\windows\system32\mfc71u.dll
- 2003-03-18 21:12 . 2003-03-18 21:12 1047552 c:\windows\system32\mfc71u.dll
- 2003-03-19 12:20 . 2003-03-19 12:20 1060864 c:\windows\system32\MFC71.dll
+ 2003-03-18 19:20 . 2003-03-18 19:20 1060864 c:\windows\system32\mfc71.dll
+ 2008-03-20 16:06 . 2008-03-20 16:06 1480232 c:\windows\system32\LegitCheckControl.dll
+ 2009-06-27 19:46 . 2008-04-14 00:12 1614848 c:\windows\system32\dllcache\cache\sfcfiles.dll
+ 2009-06-27 19:46 . 2008-08-14 10:09 2145280 c:\windows\system32\dllcache\cache\ntoskrnl.exe
+ 2009-06-27 19:46 . 2008-08-14 09:33 2023936 c:\windows\system32\dllcache\cache\ntkrnlpa.exe
+ 2009-06-27 19:46 . 2008-04-14 00:12 1033728 c:\windows\system32\dllcache\cache\explorer.exe
+ 2009-06-28 14:50 . 2009-06-28 14:50 6434816 c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2009-06-28 14:50 . 2009-06-28 14:50 6434816 c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-06-20 14:29 . 2009-06-01 07:51 23635392 c:\windows\system32\MRT.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-07-26 191552]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-06-18 2594224]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2007-10-24 2447360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2007-06-21 1773568]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-26 888832]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-26 16377344]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-27 73728]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"WinFaxAppPortStarter"="wfxsnt40.exe" - c:\windows\system32\WFXSNT40.EXE [2000-02-14 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2008-6-22 929889]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-20 809488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"nwiz"=nwiz.exe /install
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27-Jun-09 15:40 130936]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09-Mar-07 16:23 6528]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03-Nov-06 19:19 13592]
S0 wlkhu;wlkhu;c:\windows\system32\drivers\xehmwxfc.sys --> c:\windows\system32\drivers\xehmwxfc.sys [?]
S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27-Jun-09 12:56 114768]
S1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-May-09 15:47 107256]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-Mar-09 14:07 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-Mar-09 14:07 72944]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27-Jun-09 12:56 20560]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14-May-09 15:47 731840]
S3 MVBU;MVBU;c:\docume~1\Nesa\LOCALS~1\Temp\MVBU.exe --> c:\docume~1\Nesa\LOCALS~1\Temp\MVBU.exe [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [25-Jul-07 16:39 217600]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-Mar-09 14:07 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MVBU
*Deregistered* - DwShield00001B22
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-06-14 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-25 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{910827DC-C480-4E7A-BD31-8D09DC1571AC} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nesa\Application Data\Mozilla\Firefox\Profiles\h6yrnimy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - component: c:\documents and settings\Nesa\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\np32asw.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-28 22:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46af4018-8f67-4a50-93eb-dbf2b95ae8c9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000130
"Therad"=dword:0000001a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,75,e4,fe,a7,59,a2,a0,27,42,22,19,b0,b7,40,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):89,1e,c6,d5,f7,5d,41,a7,99,0f,06,30,17,59,6a,ec,5d,a6,b2,a1,c2,
34,a7,3e,83,85,94,2b,c3,41,0f,76,a1,0d,dc,b7,8d,b9,0c,0a,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(752)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(1176)
c:\docume~1\Nesa\LOCALS~1\Temp\catchme.dll
.
Completion time: 2009-06-28 22:15
ComboFix-quarantined-files.txt 2009-06-28 20:15
ComboFix2.txt 2009-06-27 19:47

Pre-Run: 100,766,994,432 bytes free
Post-Run: 100,747,431,936 bytes free

365 --- E O F --- 2009-02-19 14:35

Dopuna: 28 Jun 2009 22:16

Combo report je odradjen iz Safe moda posto ne mogu na net u normal modu.

A Avast je skinut, cak sam ga skinuo i iz registra a opet se javlja. Cudo.

Dakle - upomooooooc - predstavu nemam zasto komp i dalje sporo radi i zasto nece na google, yahoo i FB. Opasno smrdi na Vundo...

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ja mislim da je ovo ovde najveci problem:

AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

Jedan antivirus po jednom racunaru!

Sredi to prvo.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jun 2009 22:22

to vise nije u kompjuteru !!! Sve sam skinuo jos jutros jer sam probao jedan po jedan program da skinem po mom misljenju vundo ili nesto slicno.

Dakle ovi programi nisu vise u kompu - ne znam zasto ih javlja !!!

Dopuna: 28 Jun 2009 22:24

evo sta je aktivno od procesa

Dopuna: 28 Jun 2009 22:26

Ne znam gde sam okazio jpeg sa slikom procesa - u svakom slucaju aktivan je samo eset - a in je sada neaktivan jer sam u safe modu


Dopuna: 28 Jun 2009 22:33

Posto sam iskljucio restore point pre skidanja ovih antivirusa - moguce je da ih je komp nekako upamtio kao prisutne - jer oni vise nisu u kompu.

Imam samo eset ali sam u jedmo trenutku bio i bez antivirusa i spywareova da probam komp - i nista i dalje je sve isto - nema pristupa netu preko googla i ostalih. Samo u safe modu - sto znaci da se neki trojanac-virus dize zajedno sa bootom i siri na pretrazivace. Sigurno je u bootu (MBR) ili nesto slicno jer kako bi radio net i google u safe modu???

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

A, jel mozes da skeniras sa Combo Fixom u Normal Modu?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jun 2009 22:40

sad cu da skeniram u normal modu

Hvala na strpljenju

Dopuna: 28 Jun 2009 22:56

ComboFix 09-06-26.02 - Nesa 28-Jun-09 22:54.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2296 [GMT 2:00]
Running from: c:\documents and settings\Nesa\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090607-0] *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: BitDefender Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
AV: ESET Smart Security 4.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: BitDefender Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
FW: ESET Personal firewall *enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.

((((((((((((((((((((((((( Files Created from 2009-05-28 to 2009-06-28 )))))))))))))))))))))))))))))))
.

2009-06-28 19:14 . 2009-06-28 19:14 -------- d-----w- c:\documents and settings\Nesa\DoctorWeb
2009-06-28 17:15 . 2009-06-28 17:15 -------- d-----w- c:\program files\ESET
2009-06-28 16:55 . 2009-06-28 17:03 81984 ----a-w- c:\windows\system32\bdod.bin
2009-06-28 16:30 . 2009-06-28 16:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender
2009-06-28 16:28 . 2009-06-28 17:04 -------- d-----w- c:\program files\Common Files\BitDefender
2009-06-28 15:13 . 2009-03-12 08:17 2902048 -c----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-28 15:13 . 2009-06-28 17:01 -------- d-----w- c:\program files\Lavasoft
2009-06-28 15:13 . 2009-06-28 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-06-28 14:51 . 2009-06-28 14:51 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-06-28 14:50 . 2009-06-28 14:50 -------- d-----w- c:\windows\ERUNT
2009-06-28 14:37 . 2009-06-28 17:01 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-28 14:13 . 2009-06-28 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-28 12:21 . 2009-06-28 12:21 -------- d-----w- c:\windows\Sun
2009-06-28 11:50 . 2009-06-28 11:50 -------- d-----w- c:\program files\Windows Defender
2009-06-27 19:46 . 2009-06-27 19:46 -------- dc----w- c:\windows\system32\dllcache\cache
2009-06-27 15:14 . 2009-06-27 15:14 -------- d-----w- c:\program files\AVG
2009-06-27 13:40 . 2008-12-11 06:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-06-27 13:40 . 2009-06-27 14:06 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-06-27 13:40 . 2008-12-18 10:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\program files\Common Files\PC Tools
2009-06-27 13:40 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\documents and settings\Nesa\Application Data\PC Tools
2009-06-27 13:40 . 2009-06-27 13:40 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-06-27 10:56 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-27 10:56 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-27 10:56 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-27 10:56 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-27 10:56 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-27 10:56 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-27 10:56 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-27 10:55 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2009-06-27 10:35 . 2009-06-27 10:35 -------- d-----w- c:\documents and settings\Nesa\Application Data\GetRightToGo
2009-06-27 07:57 . 2009-06-27 13:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-26 23:07 . 2009-06-26 23:07 -------- d-----w- c:\documents and settings\Nesa\Application Data\Malwarebytes
2009-06-26 23:07 . 2009-06-17 09:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-26 23:07 . 2009-06-26 23:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-26 23:07 . 2009-06-17 09:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-26 23:06 . 2009-06-27 10:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-28 20:56 . 2008-06-18 17:25 -------- d-----w- c:\documents and settings\Nesa\Application Data\DMCache
2009-06-28 20:52 . 2008-06-14 04:10 -------- d-----w- c:\program files\Windows Media Connect 2
2009-06-28 20:46 . 2009-03-30 17:25 117760 ----a-w- c:\documents and settings\Nesa\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-28 20:46 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM5.dll
2009-06-28 20:46 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM4.dll
2009-06-28 20:46 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM3.dll
2009-06-28 20:46 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM2.dll
2009-06-28 20:46 . 2008-06-18 17:25 28672 ----a-w- c:\documents and settings\Nesa\Application Data\IDM\NP_IDM1.dll
2009-06-28 20:46 . 2008-06-18 17:25 -------- d-----w- c:\documents and settings\Nesa\Application Data\IDM
2009-06-28 20:45 . 2008-06-18 17:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2009-06-28 20:25 . 2008-06-14 19:11 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 19:11 . 2008-06-18 16:29 12 ----a-w- c:\windows\bthservsdp.dat
2009-06-28 16:21 . 2009-03-30 17:23 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-25 01:41 . 2009-05-25 01:41 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.459\English\setup.exe
2009-05-14 13:49 . 2009-05-14 13:49 55768 ----a-w- c:\windows\system32\drivers\epfwtdi.sys
2009-05-14 13:49 . 2009-05-14 13:49 33096 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-05-14 13:49 . 2009-05-14 13:49 133000 ----a-w- c:\windows\system32\drivers\epfw.sys
2009-05-14 13:47 . 2009-05-14 13:47 107256 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2009-05-14 13:41 . 2009-05-14 13:41 114472 ----a-w- c:\windows\system32\drivers\eamon.sys
2009-05-01 09:39 . 2009-05-01 09:39 -------- d-----w- c:\documents and settings\Nesa\Application Data\Samsung
2009-05-01 09:37 . 2007-07-25 14:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-05-01 09:36 . 2009-05-01 09:29 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2009-05-01 09:29 . 2009-05-01 09:29 -------- d-----w- c:\program files\Samsung
2009-04-30 16:44 . 2009-04-30 16:40 -------- d-----w- c:\program files\The KMPlayer
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\documents and settings\Nesa\Application Data\pcouffin.sys
2009-04-28 18:12 . 2009-04-28 18:12 47360 ----a-w- c:\documents and settings\Nesa\Application Data\pcouffin.sys
2008-06-14 04:31 . 2008-06-14 04:31 8988 ----a-w- c:\program files\matroxl.log
2008-06-14 04:19 . 2008-06-14 04:19 1351 ----a-w- c:\program files\Cult3D Acrobat Plug-in.log
2009-03-05 16:08 . 2009-06-28 16:38 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-06-18 17:33 . 2008-06-18 17:30 24 --sh--w- c:\windows\S0EA6D367.tmp
2004-10-13 16:24 . 2008-06-14 04:39 1694208 --sha-w- c:\windows\VistaMizer\old\msmsgs.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2008-05-31 65536]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-07-26 191552]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2005-04-11 65536]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2008-06-18 2594224]
"USB Safely Remove"="c:\program files\USB Safely Remove\USBSafelyRemove.exe" [2007-10-24 2447360]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2007-06-21 1773568]
"HWSetup"="c:\program files\TOSHIBA\TOSHIBA Applet\HWSetup.exe" [2004-05-01 28672]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-07-26 888832]
"CeEKEY"="c:\program files\TOSHIBA\E-KEY\CeEKey.exe" [2007-07-06 651264]
"topi"="c:\program files\TOSHIBA\Toshiba Online Product Information\topi.exe" [2007-07-10 581632]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-05-11 143360]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2007-05-22 413696]
"Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2007-12-20 3116768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-05 8523776]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-12-05 1626112]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-10-10 69632]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-07-26 16377344]
"TFncKy"="TFncKy.exe" [BU]
"TDispVol"="TDispVol.exe" - c:\windows\system32\TDispVol.exe [2005-12-27 73728]
"Zooming"="ZoomingHook.exe" - c:\windows\system32\ZoomingHook.exe [2005-06-06 24576]
"WinFaxAppPortStarter"="wfxsnt40.exe" - c:\windows\system32\WFXSNT40.EXE [2000-02-14 43008]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\Eagle USB ADSL Modem\Eagle Family USB ADSL\dslmon.exe [2008-6-22 929889]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-2-20 809488]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\Symantec\WinFax\WfxSeh32.Dll" [1998-07-27 38400]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-11-07 15:41 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"NDSTray.exe"=NDSTray.exe
"nwiz"=nwiz.exe /install
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS3\\Server\\bin\\VersionCueCS3.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"3703:TCP"= 3703:TCP:Adobe Version Cue CS3 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS3 Server
"50900:TCP"= 50900:TCP:Adobe Version Cue CS3 Server
"50901:TCP"= 50901:TCP:Adobe Version Cue CS3 Server

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [27-Jun-09 15:40 130936]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [09-Mar-07 16:23 6528]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [27-Jun-09 12:56 114768]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [14-May-09 15:47 107256]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23-Mar-09 14:07 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23-Mar-09 14:07 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [27-Jun-09 12:56 20560]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [14-May-09 15:47 731840]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03-Nov-06 19:19 13592]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23-Mar-09 14:07 7408]
S0 wlkhu;wlkhu;c:\windows\system32\drivers\xehmwxfc.sys --> c:\windows\system32\drivers\xehmwxfc.sys [?]
S3 MVBU;MVBU;c:\docume~1\Nesa\LOCALS~1\Temp\MVBU.exe --> c:\docume~1\Nesa\LOCALS~1\Temp\MVBU.exe [?]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [25-Jul-07 16:39 217600]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe --> c:\program files\Spyware Doctor\pctsAuxs.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2009-06-28 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]

2008-06-14 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2007-07-25 00:12]
.
- - - - ORPHANS REMOVED - - - -

BHO-{910827DC-C480-4E7A-BD31-8D09DC1571AC} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
LSP: c:\windows\system32\imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Nesa\Application Data\Mozilla\Firefox\Profiles\h6yrnimy.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-amo&p=
FF - component: c:\documents and settings\Nesa\Application Data\IDM\idmmzcc2\components\idmmzcc.dll
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np32asw.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMCult3DP.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM1.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM2.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM3.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM4.dll
FF - plugin: c:\program files\Opera\program\plugins\NP_IDM5.dll
FF - plugin: c:\program files\Opera\program\plugins\np32asw.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\windows\system32\Cult3D\NPMCult3DP.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-06-28 22:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{46af4018-8f67-4a50-93eb-dbf2b95ae8c9}]
@Denied: (Full) (Everyone)
"Model"=dword:00000130
"Therad"=dword:0000001a
"MData"=hex(0):cb,9b,ad,ef,27,7d,29,69,f5,02,f0,76,aa,4a,f1,7c,d3,d9,67,7f,6a,
4b,7b,ad,04,7a,b1,b5,76,9b,27,47,75,e4,fe,a7,59,a2,a0,27,42,22,19,b0,b7,40,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):89,1e,c6,d5,f7,5d,41,a7,99,0f,06,30,17,59,6a,ec,5d,a6,b2,a1,c2,
34,a7,3e,83,85,94,2b,c3,41,0f,76,a1,0d,dc,b7,8d,b9,0c,0a,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(972)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(1028-)
c:\windows\system32\imon.dll

- - - - - - - > 'explorer.exe'(4016)
c:\windows\system32\nview.dll
c:\program files\VisualTaskTips\VttHooks.dll
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\nvwddi.dll
c:\program files\Babylon\Babylon-Pro\Captlib.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-06-28 22:57
ComboFix-quarantined-files.txt 2009-06-28 20:57
ComboFix2.txt 2009-06-27 19:47

Pre-Run: 100,767,932,416 bytes free
Post-Run: 100,747,485,184 bytes free

287 --- E O F --- 2009-02-19 14:35

Dopuna: 28 Jun 2009 23:01

E, sad moze da se poredi izmedju safe i normal moda.

Meni je mozak blokiran - i dalje se FF pali po 30 sekundi (pre toga se palio za 10 jer imam dosta brzu Toshiba masinu sa duo procesorom i duplom grafickom na 512 - ukupno 1024).

Memorija je 4 GB, itd. Dakle siguran sam da je od jutros sporiji za 60%-70%.

I pre mesec dana mi je zena skinula vundo sa neta, a evo i juce. Uz pomoc antispywarea sam skinuo 24 komada ali mi se cini da nesto nije odradjeno do kraja jer se bootuje duze i sve radi sporije, te mislim da ima problem sa bootom gde se nalazi neki exe, ini ili slican fajl koji se posle siri na sve strane.

Dopuna: 28 Jun 2009 23:02

Moza je najbolji antivirus zabaniti zeni pristup netu hahahahahaha

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo jedan link koji ce ti reci odakle da skines programe koji ce deinstalirati te silne zatitne programe, i pomoci da ti se Toshiba (Tobisha, To Siba Ko Ludo ) rastereti.

http://www.mycity.rs/Antivirus-programi/Deinstalacija-antivirus-programa.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 28 Jun 2009 23:14

Ja koristim Your Uninstaller Pro - koji skida i iz registra i sve tragove (navodno) ali cu probati i ovaj tvoj.

Upravo dok pricamo komp mi divlja - sad je odjednom poceo da radi bez ikakve moje intervencije. Ne znam da nije Combofix nesto odradio bez mog znanja? Iako mu ja nisam rekao da radi bilo sta. Nisam ni HJ this koristio za bilo kakve intervnecije.

Ubio me bog ako znam sta se desava. Da li ti vidis nesto sto ne bi trebalo da bude u rootu ili negde drugde?

Sad cu da restartujem pa sta bog da. Javljam da cim restartujem da li je bolje.

Dopuna: 28 Jun 2009 23:31

E sad sam video sta je - ne znam kako i ne znam zasto - ali sad komp radi kao munja. Pristup googlu je zabranio Eset - a kako to tek treba da vidim. KAd sam ga iskljucio zbog combofixa google proradio. Boze.

Sad cu da vidim kako da skinem tu blokadu.

Dopuna: 28 Jun 2009 23:46

kako da obrisem avast iz celog kompa kada nema njegove fascikle u program filesu jer sam ga obrisao uz pomoc Your Uninstaller Pro-a ali mi ga ipak projavljuje negde

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne znam kako ces to ukloniti, ja za to nisam ovde zaduzen i ne znam kako si dospe do toga.

Uradi sledece:

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\drivers\xehmwxfc.sys
c:\docume~1\Nesa\LOCALS~1\Temp\MVBU.exe

Driver::
wlkhu
MVBU


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.