iexplorer.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prvo mi se neki virus uvukao u iexplorer.exe proces....ja sam onda izbrisao iexplorer.exe i sad stalno se otvara ntvdm.exe

Evo loga:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:13:50, on 5.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Dule\Desktop\New Folder\TR3.exe.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E54DAF8-75E0-4D83-B2D3-92918186EF7B}: NameServer = 194.106.162.10 194.106.162.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E54DAF8-75E0-4D83-B2D3-92918186EF7B}: NameServer = 194.106.162.10 194.106.162.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 6653 bytes

Dopuna: 05 Apr 2009 23:41

Sad se vratio iexplorer.exe i stalno se pojavljuje u Task Manager-u ne mogu da ga ubijem...koristim AVG Internet Security

Evosvezeg Hijack This log-a:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:40:08, on 5.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG8\avgupd.exe
C:\Documents and Settings\Dule\Desktop\New Folder\TR3.exe.exe
C:\Program Files\AVG\AVG8\fixcfg.exe
C:\Program Files\registery\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - [Link mogu videti samo ulogovani korisnici]\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E54DAF8-75E0-4D83-B2D3-92918186EF7B}: NameServer = 194.106.162.10 194.106.162.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{2E54DAF8-75E0-4D83-B2D3-92918186EF7B}: NameServer = 194.106.162.10 194.106.162.3
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8-) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

--
End of file - 7005 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvori AVG 8 Control Center (desni klik na AVG ikonicu ( ) u donjem, desnom uglu ekrana, stavka Open AVG User Interface).
* Kada se pokrene AVG Control Center, dvoklikni na Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Resident Shield active i klikni Save changes.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.










Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo Combo fix log-a

ComboFix 09-04-04.01 - Dule 2009-04-06 11:16:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2046.1422 [GMT 2:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dule\Application Data\addons.dat
c:\windows\system32\advapi32new.dll
c:\windows\system32\apphelpnew.dll
c:\windows\system32\crypt32new.dll
c:\windows\system32\d3d10core.dll
c:\windows\system32\dwmapi.dll
c:\windows\system32\dxgi.dll
c:\windows\system32\kernel32new.dll
c:\windows\system32\msvcrtnew.dll
c:\windows\system32\ntdsapinew.dll
c:\windows\system32\powrprofnew.dll
c:\windows\system32\secur32new.dll
c:\windows\system32\user32new.dll
c:\windows\system32\winstanew.dll

.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-05 22:49 . 2009-04-05 22:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 22:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 22:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-05 22:24 . 2009-04-05 22:24 <DIR> d-------- c:\documents and settings\Dule\Application Data\Malwarebytes
2009-04-05 22:24 . 2009-04-05 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-05 21:53 . 2009-04-05 21:53 <DIR> d--h----- c:\program files\registery
2009-04-04 01:26 . 2009-04-04 04:47 <DIR> d-------- c:\documents and settings\Dule\Application Data\Grand Ages Rome
2009-04-04 01:21 . 2009-04-04 01:21 <DIR> d-------- c:\program files\Kalypso
2009-04-03 20:39 . 2009-04-03 20:39 <DIR> d-------- c:\program files\Rockstar Games
2009-04-03 20:04 . 2009-04-03 20:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-04-03 20:02 . 2009-04-03 20:02 <DIR> d-------- c:\windows\system32\xlive
2009-04-03 20:02 . 2009-04-04 23:06 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\js
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\images
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\html
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\css
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\program files\Business Objects
2009-04-02 15:05 . 2009-04-02 15:05 172 --a------ c:\windows\ODBC.INI
2009-04-02 15:01 . 2009-04-02 15:01 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-04-02 14:58 . 2009-04-02 14:58 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-04-02 14:53 . 2009-04-02 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-04-02 14:50 . 2009-04-02 14:50 <DIR> d-------- c:\windows\symbols
2009-04-02 14:49 . 2009-04-02 14:51 <DIR> d-------- c:\program files\HTML Help Workshop
2009-04-02 14:49 . 2009-04-02 14:53 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-04-02 14:49 . 2009-04-02 14:49 <DIR> d-------- c:\program files\CE Remote Tools
2009-04-02 14:48 . 2009-04-02 14:48 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-29 01:23 . 2009-03-29 01:24 <DIR> d-------- c:\program files\Counter-Strike 1.6
2009-03-29 00:11 . 2009-03-29 16:52 <DIR> d-------- c:\program files\Bus Simulator
2009-03-29 00:06 . 2009-03-29 00:17 <DIR> d-------- c:\program files\MagicISO
2009-03-27 21:32 . 2009-03-27 21:32 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-03-27 21:32 . 2009-03-27 21:32 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-27 21:32 . 2009-04-05 03:21 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-03-27 21:29 . 2009-04-02 15:05 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-27 21:29 . 2009-03-27 21:29 <DIR> d-------- c:\program files\Microsoft SDKs
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-27 21:28 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-27 21:28 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-27 21:28 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-27 21:27 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-27 21:27 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-27 21:27 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-27 21:27 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-27 19:56 . 2009-03-27 19:56 278,728 --a------ c:\windows\system32\drivers\atksgt.sys
2009-03-27 19:56 . 2009-03-27 19:56 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-03-22 03:45 . 2009-03-22 03:45 4,096 --a------ c:\windows\d3dx.dat
2009-03-21 18:02 . 2009-03-26 12:41 <DIR> d-------- c:\documents and settings\Dule\dwhelper
2009-03-21 16:16 . 2008-11-26 10:01 696 --a------ C:\ma477.bin
2009-03-20 23:49 . 2009-03-20 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\BlackPencil
2009-03-15 06:07 . 2009-03-15 06:07 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 00:52 . 2009-03-15 02:39 <DIR> d-------- c:\documents and settings\Dule\Application Data\Mount&Blade
2009-03-15 00:51 . 2009-03-16 20:01 <DIR> d-------- c:\program files\Mount&Blade
2009-03-14 20:49 . 2009-03-14 20:49 <DIR> d-------- c:\program files\directx
2009-03-14 14:28 . 2009-03-22 12:31 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-14 14:26 . 2009-03-14 14:26 <DIR> d-------- c:\program files\Black Sea Studios
2009-03-14 01:38 . 2009-03-14 01:38 <DIR> d-------- c:\program files\Firaxis Games
2009-03-12 22:17 . 2009-03-27 19:50 <DIR> d-------- c:\program files\Ubisoft
2009-03-11 13:02 . 2009-04-04 12:02 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-11 12:34 . 2008-04-14 01:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-11 12:34 . 2008-04-14 01:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-11 12:33 . 2008-04-14 01:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-11 12:33 . 2008-04-14 01:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\Dule\Application Data\ScanSoft
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-03-11 12:29 . 2009-03-11 12:29 416 --a------ c:\windows\MAXLINK.INI
2009-03-11 12:28 . 2009-03-11 12:28 <DIR> d-------- c:\program files\ScanSoft
2009-03-11 12:27 . 2009-03-11 12:27 <DIR> d-------- c:\program files\ArcSoft
2009-03-11 12:27 . 1995-07-31 14:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-03-11 12:24 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\program files\CanonBJ
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-03-11 12:23 . 2006-07-20 08:51 1,298,432 --a------ c:\windows\system32\CNCC180.DLL
2009-03-11 12:23 . 2006-09-12 22:00 197,632 --a------ c:\windows\system32\CNMLM82.DLL
2009-03-11 12:23 . 2006-05-26 03:54 135,168 --a------ c:\windows\system32\CNCL180.DLL
2009-03-11 12:23 . 2006-06-29 07:29 106,496 --a------ c:\windows\system32\cnco180.dll
2009-03-11 12:23 . 2006-07-20 08:51 57,344 --a------ c:\windows\system32\CNCI180.DLL
2009-03-11 12:22 . 2009-03-11 12:35 <DIR> d-------- c:\program files\Canon
2009-03-10 13:19 . 2009-04-06 11:14 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 13:19 . 2009-03-10 13:19 <DIR> d-------- c:\program files\AVG
2009-03-10 13:19 . 2009-03-10 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-10 13:19 . 2009-03-14 14:33 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 13:19 . 2009-03-26 12:23 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 13:19 . 2009-03-10 13:35 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-10 13:19 . 2009-03-10 13:35 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-03-10 13:19 . 2009-03-10 13:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 13:19 . 2009-03-14 14:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-09 23:22 . 2009-03-09 23:22 4,096 --a------ c:\windows\system32\crash
2009-03-09 23:21 . 2009-03-09 23:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-09 12:41 . 2009-04-06 11:18 <DIR> d-------- c:\program files\PeerGuardian2
2009-03-08 00:40 . 2009-03-08 00:40 <DIR> d-------- c:\program files\Atari
2009-03-07 23:45 . 2009-03-07 23:45 <DIR> d-------- c:\documents and settings\Dule\Application Data\Leadertech
2009-03-07 16:22 . 2008-04-22 23:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll
2009-03-07 16:22 . 2006-11-02 13:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll
2009-03-07 16:22 . 2008-04-12 19:13 1,029,126 --a------ c:\windows\system32\d3d10.dll
2009-03-07 16:22 . 2008-05-04 18:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll
2009-03-07 16:22 . 2006-11-29 15:06 440,080 --a------ c:\windows\system32\d3dx10.dll
2009-03-07 16:22 . 2004-12-08 18:57 376,832 --a------ c:\windows\system32\M2000Twn.dll
2009-03-07 16:22 . 2007-04-18 03:13 25,037 --a------ c:\windows\system32\Nucleus.dll
2009-03-07 16:22 . 2008-03-09 08:25 236 --ah----- c:\program files\Common Files\dx.reg
2009-03-07 16:11 . 2007-05-16 18:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-03-07 15:39 . 2006-09-28 17:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-07 15:39 . 2007-04-04 19:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-03-07 15:38 . 2009-03-07 15:38 <DIR> d-------- c:\windows\Logs
2009-03-07 02:44 . 2009-03-07 02:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Urban FreeStyle Soccer
2009-03-07 02:43 . 2009-03-07 02:43 <DIR> d-------- c:\program files\Acclaim Entertainment
2009-03-07 01:44 . 2009-03-07 01:44 <DIR> d-------- c:\program files\Eidos
2009-03-06 00:23 . 2009-03-06 00:23 <DIR> d-------- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 20:47 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent
2009-04-05 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 18:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 13:03 --------- d-----w c:\program files\Microsoft.NET
2009-04-02 12:50 --------- d-----w c:\program files\MSBuild
2009-03-12 22:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 22:03 --------- d-----w c:\documents and settings\Dule\Application Data\IObit
2009-03-11 10:29 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-08 22:19 --------- d-----w c:\program files\Microsoft Games
2009-03-04 21:43 --------- d-----w c:\program files\Microsoft Works
2009-03-04 21:41 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-04 21:38 --------- d-----w c:\program files\Windows Live
2009-03-04 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools
2009-03-04 21:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-04 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-04 20:38 --------- d-----w c:\program files\ATI
2009-03-04 20:31 --------- d-----w c:\program files\ATI Technologies
2009-03-04 20:28 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-04 18:16 --------- d-----w c:\documents and settings\Dule\Application Data\Datalayer
2009-03-04 18:13 --------- d-----w c:\documents and settings\Dule\Application Data\Nokia
2009-03-04 18:12 --------- d-----w c:\program files\Nokia
2009-03-04 18:11 --------- d-----w c:\program files\DIFX
2009-03-04 18:11 --------- d-----w c:\documents and settings\Dule\Application Data\PC Suite
2009-03-04 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-04 18:10 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-04 18:10 --------- d-----w c:\program files\Common Files\Nokia
2009-03-04 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-04 13:02 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-04 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-04 12:59 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-04 12:57 --------- d-----w c:\documents and settings\Dule\Application Data\Winamp
2009-03-04 12:56 --------- d-----w c:\program files\Winamp
2009-03-04 12:54 843,776 ------w c:\windows\UNNeroBurnRights.exe
2009-03-04 12:54 53,248 ----a-w c:\windows\system32\NeroCo.dll
2009-03-04 12:54 --------- d-----w c:\program files\Common Files\Ahead
2009-03-04 12:54 --------- d-----w c:\program files\ahead
2009-03-04 12:52 --------- d-----w c:\program files\VideoLAN
2009-03-04 12:52 --------- d-----w c:\documents and settings\Dule\Application Data\vlc
2009-03-04 12:45 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 12:36 --------- d-----w c:\program files\IObit
2009-03-03 23:59 --------- d-----w c:\program files\uTorrent
2009-03-03 23:01 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-03 23:00 --------- d-----w c:\program files\SAGEM
2009-03-03 22:55 --------- d-----w c:\program files\Realtek
2009-03-03 22:55 --------- d-----w c:\documents and settings\Dule\Application Data\InstallShield
2009-03-03 22:54 16,512 ----a-w c:\windows\gdrv.sys
2009-03-03 22:52 315,392 ----a-w c:\windows\HideWin.exe
2009-03-03 22:50 --------- d-----w c:\documents and settings\Dule\Application Data\ATI
2009-03-03 22:43 --------- d-----w c:\documents and settings\Dule\Application Data\Chessmaster Challenge
2009-03-03 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-03 22:37 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-04 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-14 1932568]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-04 1205840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-14 14:33 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-10 1356616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-05 170640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-03-04 104344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-05 15504]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-03-04 69656]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18D4A75C-FF42-2E11-BB1E-00840E3BE400}]
c:\program files\registery\svchost.exe s
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-02-24 16:35]

2009-04-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-03-21 19:35]

2009-04-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-04-05 22:43]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {2E54DAF8-75E0-4D83-B2D3-92918186EF7B} = 194.106.162.10 194.106.162.3
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\trjktj2x.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-06 11:17:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-06 11:18:58
ComboFix-quarantined-files.txt 2009-04-06 09:18:56

Pre-Run: 54.624.030.720 bytes free
Post-Run: 54,703,337,472 bytes free

316 --- E O F --- 2009-04-05 01:24:43

Dopuna: 06 Apr 2009 11:30

Moja greska u procesima se pojavljuje iexplore.exe a ne iexploreR.exe!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Folder::
c:\program files\registery

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{18D4A75C-FF42-2E11-BB1E-00840E3BE400}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Evo ComboFix log-a...vise se ne pojavljuje iexplore.exe:
Ja mislim da je sve u redu HVALA TI DO NEBA...proveri log pa mi reci jel sve u redu



ComboFix 09-04-04.01 - Dule 2009-04-06 19:51:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.381.1033.18.2046.1381 [GMT 2:00]
Running from: c:\documents and settings\Dule\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Dule\Desktop\CFScript.txt
AV: AVG Internet Security *On-access scanning disabled* (Updated)
FW: AVG Firewall *enabled*
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dule\Application Data\addons.dat
c:\program files\registery
c:\program files\registery\logg.dat
c:\program files\registery\svchost.exe

.
((((((((((((((((((((((((( Files Created from 2009-03-06 to 2009-04-06 )))))))))))))))))))))))))))))))
.

2009-04-05 22:49 . 2009-04-05 22:49 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-05 22:49 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-05 22:49 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-04-05 22:24 . 2009-04-05 22:24 <DIR> d-------- c:\documents and settings\Dule\Application Data\Malwarebytes
2009-04-05 22:24 . 2009-04-05 22:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-04 01:26 . 2009-04-04 04:47 <DIR> d-------- c:\documents and settings\Dule\Application Data\Grand Ages Rome
2009-04-04 01:21 . 2009-04-04 01:21 <DIR> d-------- c:\program files\Kalypso
2009-04-03 20:39 . 2009-04-03 20:39 <DIR> d-------- c:\program files\Rockstar Games
2009-04-03 20:04 . 2009-04-03 20:04 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2009-04-03 20:02 . 2009-04-03 20:02 <DIR> d-------- c:\windows\system32\xlive
2009-04-03 20:02 . 2009-04-04 23:06 <DIR> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\js
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\images
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\html
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\windows\system32\css
2009-04-02 15:05 . 2009-04-02 15:05 <DIR> d-------- c:\program files\Business Objects
2009-04-02 15:05 . 2009-04-02 15:05 172 --a------ c:\windows\ODBC.INI
2009-04-02 15:01 . 2009-04-02 15:01 <DIR> d-------- c:\program files\MSXML 6.0
2009-04-02 14:59 . 2009-04-02 14:59 <DIR> d-------- c:\program files\Microsoft Device Emulator
2009-04-02 14:58 . 2009-04-02 14:58 <DIR> d-------- c:\program files\Windows Mobile 5.0 SDK R2
2009-04-02 14:53 . 2009-04-02 14:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\PreEmptive Solutions
2009-04-02 14:50 . 2009-04-02 14:50 <DIR> d-------- c:\windows\symbols
2009-04-02 14:49 . 2009-04-02 14:51 <DIR> d-------- c:\program files\HTML Help Workshop
2009-04-02 14:49 . 2009-04-02 14:53 <DIR> d-------- c:\program files\Common Files\Merge Modules
2009-04-02 14:49 . 2009-04-02 14:49 <DIR> d-------- c:\program files\CE Remote Tools
2009-04-02 14:48 . 2009-04-02 14:48 <DIR> d-------- c:\program files\Microsoft Web Designer Tools
2009-03-29 01:23 . 2009-03-29 01:24 <DIR> d-------- c:\program files\Counter-Strike 1.6
2009-03-29 00:11 . 2009-03-29 16:52 <DIR> d-------- c:\program files\Bus Simulator
2009-03-29 00:06 . 2009-03-29 00:17 <DIR> d-------- c:\program files\MagicISO
2009-03-27 21:32 . 2009-03-27 21:32 <DIR> d-------- c:\program files\Microsoft Synchronization Services
2009-03-27 21:32 . 2009-03-27 21:32 <DIR> d-------- c:\program files\Microsoft SQL Server Compact Edition
2009-03-27 21:32 . 2009-04-05 03:21 <DIR> d-------- c:\program files\Microsoft SQL Server
2009-03-27 21:29 . 2009-04-02 15:05 <DIR> d-------- c:\program files\Microsoft Visual Studio 9.0
2009-03-27 21:29 . 2009-03-27 21:29 <DIR> d-------- c:\program files\Microsoft SDKs
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d-------- c:\windows\system32\XPSViewer
2009-03-27 21:28 . 2009-03-27 21:28 <DIR> d-------- c:\program files\Reference Assemblies
2009-03-27 21:28 . 2008-07-06 12:50 597,504 -----c--- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-03-27 21:28 . 2008-07-06 14:06 117,760 --------- c:\windows\system32\prntvpt.dll
2009-03-27 21:28 . 2008-07-06 14:06 89,088 -----c--- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-03-27 21:27 . 2008-07-06 14:06 1,676,288 --------- c:\windows\system32\xpssvcs.dll
2009-03-27 21:27 . 2008-07-06 14:06 1,676,288 -----c--- c:\windows\system32\dllcache\xpssvcs.dll
2009-03-27 21:27 . 2008-07-06 14:06 575,488 --------- c:\windows\system32\xpsshhdr.dll
2009-03-27 21:27 . 2008-07-06 14:06 575,488 -----c--- c:\windows\system32\dllcache\xpsshhdr.dll
2009-03-27 19:56 . 2009-03-27 19:56 278,728 --a------ c:\windows\system32\drivers\atksgt.sys
2009-03-27 19:56 . 2009-03-27 19:56 25,416 --a------ c:\windows\system32\drivers\lirsgt.sys
2009-03-22 03:45 . 2009-03-22 03:45 4,096 --a------ c:\windows\d3dx.dat
2009-03-21 18:02 . 2009-03-26 12:41 <DIR> d-------- c:\documents and settings\Dule\dwhelper
2009-03-21 16:16 . 2008-11-26 10:01 696 --a------ C:\ma477.bin
2009-03-20 23:49 . 2009-03-20 23:49 <DIR> d-------- c:\documents and settings\All Users\Application Data\BlackPencil
2009-03-15 06:07 . 2009-03-15 06:07 <DIR> d-------- c:\program files\Microsoft CAPICOM 2.1.0.2
2009-03-15 00:52 . 2009-03-15 02:39 <DIR> d-------- c:\documents and settings\Dule\Application Data\Mount&Blade
2009-03-15 00:51 . 2009-03-16 20:01 <DIR> d-------- c:\program files\Mount&Blade
2009-03-14 20:49 . 2009-03-14 20:49 <DIR> d-------- c:\program files\directx
2009-03-14 14:28 . 2009-03-22 12:31 43,520 --a------ c:\windows\system32\CmdLineExt03.dll
2009-03-14 14:26 . 2009-03-14 14:26 <DIR> d-------- c:\program files\Black Sea Studios
2009-03-14 01:38 . 2009-03-14 01:38 <DIR> d-------- c:\program files\Firaxis Games
2009-03-12 22:17 . 2009-03-27 19:50 <DIR> d-------- c:\program files\Ubisoft
2009-03-11 13:02 . 2009-04-04 12:02 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-11 12:34 . 2008-04-14 01:17 25,856 --a------ c:\windows\system32\drivers\usbprint.sys
2009-03-11 12:34 . 2008-04-14 01:17 25,856 --a--c--- c:\windows\system32\dllcache\usbprint.sys
2009-03-11 12:33 . 2008-04-14 01:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-11 12:33 . 2008-04-14 01:15 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\Dule\Application Data\ScanSoft
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\ScanSoft
2009-03-11 12:29 . 2009-03-11 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-03-11 12:29 . 2009-03-11 12:29 416 --a------ c:\windows\MAXLINK.INI
2009-03-11 12:28 . 2009-03-11 12:28 <DIR> d-------- c:\program files\ScanSoft
2009-03-11 12:27 . 2009-03-11 12:27 <DIR> d-------- c:\program files\ArcSoft
2009-03-11 12:27 . 1995-07-31 14:44 212,480 --a------ c:\windows\PCDLIB32.DLL
2009-03-11 12:24 . 1998-10-29 17:45 306,688 --a------ c:\windows\IsUninst.exe
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\windows\system32\CanonIJ Uninstaller Information
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\program files\CanonBJ
2009-03-11 12:23 . 2009-03-11 12:23 <DIR> d--h----- c:\documents and settings\All Users\Application Data\CanonBJ
2009-03-11 12:23 . 2006-07-20 08:51 1,298,432 --a------ c:\windows\system32\CNCC180.DLL
2009-03-11 12:23 . 2006-09-12 22:00 197,632 --a------ c:\windows\system32\CNMLM82.DLL
2009-03-11 12:23 . 2006-05-26 03:54 135,168 --a------ c:\windows\system32\CNCL180.DLL
2009-03-11 12:23 . 2006-06-29 07:29 106,496 --a------ c:\windows\system32\cnco180.dll
2009-03-11 12:23 . 2006-07-20 08:51 57,344 --a------ c:\windows\system32\CNCI180.DLL
2009-03-11 12:22 . 2009-03-11 12:35 <DIR> d-------- c:\program files\Canon
2009-03-10 13:19 . 2009-04-06 11:14 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-10 13:19 . 2009-03-10 13:19 <DIR> d-------- c:\program files\AVG
2009-03-10 13:19 . 2009-03-10 13:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-10 13:19 . 2009-03-14 14:33 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-10 13:19 . 2009-03-26 12:23 108,552 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-10 13:19 . 2009-03-10 13:35 50,968 --a------ c:\windows\system32\avgfwdx.dll
2009-03-10 13:19 . 2009-03-10 13:35 29,208 --a------ c:\windows\system32\drivers\avgfwdx.sys
2009-03-10 13:19 . 2009-03-10 13:35 12,552 --a------ c:\windows\system32\drivers\avgrkx86.sys
2009-03-10 13:19 . 2009-03-14 14:33 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-09 23:22 . 2009-03-09 23:22 4,096 --a------ c:\windows\system32\crash
2009-03-09 23:21 . 2009-03-09 23:21 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\ATI
2009-03-09 12:41 . 2009-04-06 19:53 <DIR> d-------- c:\program files\PeerGuardian2
2009-03-08 00:40 . 2009-03-08 00:40 <DIR> d-------- c:\program files\Atari
2009-03-07 23:45 . 2009-03-07 23:45 <DIR> d-------- c:\documents and settings\Dule\Application Data\Leadertech
2009-03-07 16:22 . 2008-04-22 23:20 1,584,149 --a------ c:\windows\system32\setupapinew.dll
2009-03-07 16:22 . 2006-11-02 13:47 1,162,656 --a------ c:\windows\system32\ntdllnew.dll
2009-03-07 16:22 . 2008-04-12 19:13 1,029,126 --a------ c:\windows\system32\d3d10.dll
2009-03-07 16:22 . 2008-05-04 18:42 789,525 --a------ c:\windows\system32\rpcrt4new.dll
2009-03-07 16:22 . 2006-11-29 15:06 440,080 --a------ c:\windows\system32\d3dx10.dll
2009-03-07 16:22 . 2004-12-08 18:57 376,832 --a------ c:\windows\system32\M2000Twn.dll
2009-03-07 16:22 . 2007-04-18 03:13 25,037 --a------ c:\windows\system32\Nucleus.dll
2009-03-07 16:22 . 2008-03-09 08:25 236 --ah----- c:\program files\Common Files\dx.reg
2009-03-07 16:11 . 2007-05-16 18:45 3,497,832 --a------ c:\windows\system32\d3dx9_34.dll
2009-03-07 15:39 . 2006-09-28 17:05 2,414,360 --a------ c:\windows\system32\d3dx9_31.dll
2009-03-07 15:39 . 2007-04-04 19:53 81,768 --a------ c:\windows\system32\xinput1_3.dll
2009-03-07 15:38 . 2009-03-07 15:38 <DIR> d-------- c:\windows\Logs
2009-03-07 02:44 . 2009-03-07 02:44 <DIR> d-------- c:\documents and settings\All Users\Application Data\Urban FreeStyle Soccer
2009-03-07 02:43 . 2009-03-07 02:43 <DIR> d-------- c:\program files\Acclaim Entertainment
2009-03-07 01:44 . 2009-03-07 01:44 <DIR> d-------- c:\program files\Eidos
2009-03-06 00:23 . 2009-03-06 00:23 <DIR> d-------- c:\program files\MSXML 4.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-05 20:47 --------- d-----w c:\documents and settings\Dule\Application Data\uTorrent
2009-04-05 01:22 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-03 18:39 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-02 13:03 --------- d-----w c:\program files\Microsoft.NET
2009-04-02 12:50 --------- d-----w c:\program files\MSBuild
2009-03-12 22:32 --------- d-----w c:\program files\Common Files\Adobe
2009-03-12 22:03 --------- d-----w c:\documents and settings\Dule\Application Data\IObit
2009-03-11 10:29 --------- d-----w c:\program files\Common Files\InstallShield
2009-03-08 22:19 --------- d-----w c:\program files\Microsoft Games
2009-03-04 21:43 --------- d-----w c:\program files\Microsoft Works
2009-03-04 21:41 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-03-04 21:38 --------- d-----w c:\program files\Windows Live
2009-03-04 21:37 --------- d-----w c:\program files\Windows Live SkyDrive
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Pro
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools Lite
2009-03-04 21:37 --------- d-----w c:\documents and settings\Dule\Application Data\DAEMON Tools
2009-03-04 21:29 --------- d-----w c:\program files\Common Files\Windows Live
2009-03-04 20:40 --------- d-----w c:\documents and settings\All Users\Application Data\ATI
2009-03-04 20:38 --------- d-----w c:\program files\ATI
2009-03-04 20:31 --------- d-----w c:\program files\ATI Technologies
2009-03-04 20:28 --------- d-----w c:\program files\Common Files\Adobe AIR
2009-03-04 18:16 --------- d-----w c:\documents and settings\Dule\Application Data\Datalayer
2009-03-04 18:13 --------- d-----w c:\documents and settings\Dule\Application Data\Nokia
2009-03-04 18:12 --------- d-----w c:\program files\Nokia
2009-03-04 18:11 --------- d-----w c:\program files\DIFX
2009-03-04 18:11 --------- d-----w c:\documents and settings\Dule\Application Data\PC Suite
2009-03-04 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-03-04 18:10 --------- d-----w c:\program files\Common Files\PCSuite
2009-03-04 18:10 --------- d-----w c:\program files\Common Files\Nokia
2009-03-04 18:10 --------- d-----w c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-03-04 13:02 --------- d-----w c:\program files\DAEMON Tools Lite
2009-03-04 13:02 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-03-04 12:59 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-03-04 12:57 --------- d-----w c:\documents and settings\Dule\Application Data\Winamp
2009-03-04 12:56 --------- d-----w c:\program files\Winamp
2009-03-04 12:54 843,776 ------w c:\windows\UNNeroBurnRights.exe
2009-03-04 12:54 53,248 ----a-w c:\windows\system32\NeroCo.dll
2009-03-04 12:54 --------- d-----w c:\program files\Common Files\Ahead
2009-03-04 12:54 --------- d-----w c:\program files\ahead
2009-03-04 12:52 --------- d-----w c:\program files\VideoLAN
2009-03-04 12:52 --------- d-----w c:\documents and settings\Dule\Application Data\vlc
2009-03-04 12:45 --------- d-----w c:\program files\Windows Media Connect 2
2009-03-04 12:36 --------- d-----w c:\program files\IObit
2009-03-03 23:59 --------- d-----w c:\program files\uTorrent
2009-03-03 23:01 32 ----a-w c:\windows\system32\drivers\adidsl.cfg
2009-03-03 23:00 --------- d-----w c:\program files\SAGEM
2009-03-03 22:55 --------- d-----w c:\program files\Realtek
2009-03-03 22:55 --------- d-----w c:\documents and settings\Dule\Application Data\InstallShield
2009-03-03 22:54 16,512 ----a-w c:\windows\gdrv.sys
2009-03-03 22:52 315,392 ----a-w c:\windows\HideWin.exe
2009-03-03 22:50 --------- d-----w c:\documents and settings\Dule\Application Data\ATI
2009-03-03 22:43 --------- d-----w c:\documents and settings\Dule\Application Data\Chessmaster Challenge
2009-03-03 22:43 --------- d-----w c:\documents and settings\All Users\Application Data\Trymedia
2009-03-03 22:37 --------- d-----w c:\program files\microsoft frontpage
2009-02-09 11:13 1,846,784 ----a-w c:\windows\system32\win32k.sys
2009-02-06 17:52 49,504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-04 05:57 11,702,272 ----a-w c:\windows\system32\atioglxx.dll
2009-02-04 05:03 290,816 ----a-w c:\windows\system32\atiok3x2.dll
2009-02-04 04:56 442,368 ----a-w c:\windows\system32\ATIDEMGX.dll
2009-02-04 04:55 324,096 ----a-w c:\windows\system32\ati2dvag.dll
2009-02-04 04:44 196,608 ----a-w c:\windows\system32\atipdlxx.dll
2009-02-04 04:44 155,648 ----a-w c:\windows\system32\Oemdspif.dll
2009-02-04 04:43 43,520 ----a-w c:\windows\system32\ati2edxx.dll
2009-02-04 04:43 26,112 ----a-w c:\windows\system32\Ati2mdxx.exe
2009-02-04 04:43 155,648 ----a-w c:\windows\system32\ati2evxx.dll
2009-02-04 04:41 602,112 ----a-w c:\windows\system32\ati2evxx.exe
2009-02-04 04:40 53,248 ----a-w c:\windows\system32\ATIDDC.DLL
2009-02-04 04:30 3,884,768 ----a-w c:\windows\system32\ati3duag.dll
2009-02-04 04:14 2,645,504 ----a-w c:\windows\system32\ativvaxx.dll
2009-02-04 03:58 49,664 ----a-w c:\windows\system32\amdpcom32.dll
2009-02-04 03:54 471,040 ----a-w c:\windows\system32\atikvmag.dll
2009-02-04 03:53 122,880 ----a-w c:\windows\system32\atiadlxx.dll
2009-02-04 03:52 17,408 ----a-w c:\windows\system32\atitvo32.dll
2009-02-04 03:46 626,688 ----a-w c:\windows\system32\ati2cqag.dll
2009-02-04 03:44 307,200 ----a-w c:\windows\system32\atiiiexx.dll
2009-02-04 02:43 45,056 ----a-w c:\windows\system32\aticalrt.dll
2009-02-04 02:42 45,056 ----a-w c:\windows\system32\aticalcl.dll
2009-02-04 02:40 3,244,032 ----a-w c:\windows\system32\aticaldd.dll
2009-02-03 20:05 593,920 ------w c:\windows\system32\ati2sgag.exe
.

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici],00 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-04-06 09:16:44 85,798 ----a-w c:\windows\system32\perfc009.dat
+ 2009-04-06 17:51:37 85,798 ----a-w c:\windows\system32\perfc009.dat
- 2009-04-06 09:16:44 481,968 ----a-w c:\windows\system32\perfh009.dat
+ 2009-04-06 17:51:38 481,968 ----a-w c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2007-01-30 1432064]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-04-04 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-14 1932568]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-01-04 399504]
"RTHDCPL"="RTHDCPL.EXE" [2007-08-20 c:\windows\RTHDCPL.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2009-03-04 1205840]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-14 14:33 10520 c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Ubisoft\\THE SETTLERS - Rise of an Empire\\base\\bin\\Settlers6.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-03-10 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-10 325640]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-10 108552]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-10 298264]
R2 avgfws8;AVG8 Firewall;c:\progra~1\AVG\AVG8\avgfws8.exe [2009-03-10 1356616]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2009-04-05 170640]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
R3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [2009-03-04 104344]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-04-05 15504]
S2 E4LOADER;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [2009-03-04 69656]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2009-03-10 29208]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PGFILTER
.
Contents of the 'Scheduled Tasks' folder

2009-04-06 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-02-24 16:35]

2009-04-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-03-21 19:35]

2009-04-04 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\ [2009-04-05 22:43]
.
.
------- Supplementary Scan -------
.
uStart Page = [Link mogu videti samo ulogovani korisnici]
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
TCP: {2E54DAF8-75E0-4D83-B2D3-92918186EF7B} = 194.106.162.10 194.106.162.3
FF - ProfilePath - c:\documents and settings\Dule\Application Data\Mozilla\Firefox\Profiles\trjktj2x.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-04-06 19:53:12
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-06 19:54:05
ComboFix-quarantined-files.txt 2009-04-06 17:54:03
ComboFix2.txt 2009-04-06 09:18:59

Pre-Run: 54.648.414.208 bytes free
Post-Run: 54,633,242,624 bytes free

314 --- E O F --- 2009-04-05 01:24:43