MyCity » Ambulanta -> Arhiva Ambulante » problem sa iemultjx.exe (log.txt)

problem sa iemultjx.exe (log.txt)

Napisano na dan: 19.3.2009
1

problem sa iemultjx.exe (log.txt)
Sledeća strana Pagination

Idi na vrh

Poslao: 19 Mar 2009 10:01
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

log.txt


Logfile of random's system information tool 1.05 (written by random/random)
Run by Administrator at 2009-03-19 09:37:45
Microsoft Windows XP Professional Service Pack 3
System drive C: has 34 GB (45%) free of 76 GB
Total RAM: 1014 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:11, on 19.3.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\winsystem.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = login.live.com/login.srf?wa=wsignin1.0&.....;id=251248
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: CashBackAssistant - {00F5B5BA-E3C2-4b70-BF51-42A557914FAD} - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live pomagač za prijavljivanje - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Windows API Control Center] winsystem.exe
O4 - HKLM\..\Run: [iemultjx] C:\WINDOWS\system32\iemultjx.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &NeoTrace It! - C:\PROGRA~1\NeoTracePro\NTXcontext.htm
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Objavi ovo u blogu - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Objavi ovo u blogu u okviru usluge Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - C:\PROGRA~1\NeoTracePro\NTXtoolbar.htm (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - update.microsoft.com/windowsupdate/v6/V.....4237728078
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kap.me
O17 - HKLM\Software\..\Telephony: DomainName = kap.me
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kap.me
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 11499 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\HP WEP.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F5B5BA-E3C2-4b70-BF51-42A557914FAD}]
CashBackAssistant - C:\Program Files\Nice Prosper\CashBackAssistant\CashBackAssistantIE.dll [2008-12-22 835584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-10-20 308832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\2.2.0.2880\NPIEAddOn.dll [2009-02-17 176128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-03-06 1078552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll [2009-01-14 92504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live pomagač za prijavljivanje - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2009-03-06 1968920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-16 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-16 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-02-18 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-02-18 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2C688203-7EB3-4327-9995-1CB417BA23F9} - BS.Player ControlBar - C:\Program Files\BS.Player ControlBar\BSToolbar.dll [2008-10-08 859592]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-16 251504]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\avgtoolbar.dll [2009-03-06 1968920]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2008-09-11 143360]
"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2008-09-11 172032]
"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2008-09-11 143360]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2009-03-06 1932568]
"Windows API Control Center"=C:\WINDOWS\winsystem.exe [2009-03-19 18944]
"iemultjx"=C:\WINDOWS\system32\iemultjx.exe [2009-03-19 37146]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2008-10-14 623992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
C:\Program Files\Adobe\Photoshop Elements 6.0\apdproxy.exe [2007-09-11 67488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2008-11-26 2235920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
C:\Program Files\Di recnik\Di.exe [2007-03-16 518656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-26 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 954368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
C:\Program Files\HP\HP UT\bin\hppusg.exe [2007-05-04 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
C:\WINDOWS\system32\iemultjx.exe [2009-03-19 37146]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe [2008-06-19 570664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe [2008-11-10 1253376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2008-12-03 1205760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files\PowerISO\PWRISOVM.EXE [2007-08-07 200704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2008-09-06 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
C:\WINDOWS\RTHDCPL.EXE [2007-04-12 16132608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-18 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2009-02-17 1830128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-24 68856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-10-20 185872]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
C:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
C:\Program Files\Weather Watcher\ww.exe [2008-11-18 1081344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows API Control Center]
C:\WINDOWS\winsystem.exe [2009-03-19 18944]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
C:\PROGRA~1\Windows Desktop Search\WindowsSearch.exe /startup []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [2008-12-22 356352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-03-06 10520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-09-11 217088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-04-19 52224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-26 2210608]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe"="C:\Program Files\EA GAMES\Medal of Honor Pacific Assault(tm)\mohpa.exe:*:Enabled:Medal of Honor Pacific Assault(tm)"
"G:\SkypePortable\App\Skype\Phone\Skype.exe"="G:\SkypePortable\App\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\CDStart.Exe
shell\Install\command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
shell\AutoRun\command - G:\setup.exe /CD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
shell\AutoRun\command - H:\CDStart.Exe
shell\Install\command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{11bfb72c-9e73-11dd-a626-001e0baac5f9}]
shell\AutoRun\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
shell\open\command - G:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38180398-9c1f-11dd-a61c-ca3a80902254}]
shell\AutoRun\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
shell\open\command - F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe


======File associations======

.scr - open - "C:\WINDOWS\notepad.exe" "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2009-03-19 09:37:45 ----D---- C:\rsit
2009-03-19 09:37:45 ----D---- C:\Program Files\trend micro
2009-03-19 09:29:00 ----RSH---- C:\WINDOWS\winsystem.exe
2009-03-19 09:28:55 ----A---- C:\WINDOWS\system32\iemultjx.exe
2009-03-19 08:26:34 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26:27 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-19 08:26:27 ----D---- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26:10 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2009-03-19 07:51:17 ----A---- C:\WINDOWS\ntbtlog.txt
2009-03-18 12:29:06 ----D---- C:\Documents and Settings\All Users\Application Data\espionServerData
2009-03-18 12:29:06 ----A---- C:\AdobeDebug.txt
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxsfs.dll
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxinsi64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxinsa64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxhpinst.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxcpya64.exe
2009-03-18 12:07:38 ----N---- C:\WINDOWS\system32\pxafs.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\vxblock.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxwave.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxmas.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\pxdrv.dll
2009-03-18 12:07:37 ----N---- C:\WINDOWS\system32\px.dll
2009-03-16 09:23:54 ----D---- C:\ubuntu
2009-03-13 11:36:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Samsung
2009-03-13 11:34:52 ----A---- C:\WINDOWS\system32\framedyn.dll
2009-03-13 11:34:35 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2009-03-13 11:04:20 ----D---- C:\Program Files\Common Files\PCSuite
2009-03-13 11:04:17 ----D---- C:\Program Files\Common Files\Nokia
2009-03-13 11:04:06 ----A---- C:\WINDOWS\system32\wdfcoinstaller01007.dll
2009-03-13 11:04:06 ----A---- C:\WINDOWS\system32\nmwcdcocls.dll
2009-03-13 10:42:42 ----D---- C:\Program Files\Oxygen Software
2009-03-12 03:01:12 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-12 03:01:08 ----HDC---- C:\WINDOWS\$NtUninstallKB938464-v2$
2009-03-12 03:01:02 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 14:31:20 ----D---- C:\Program Files\Chess
2009-03-11 11:12:16 ----D---- C:\Program Files\VS Revo Group
2009-03-11 09:58:31 ----D---- C:\Program Files\directx
2009-03-11 09:57:52 ----D---- C:\Program Files\Rockstar Games
2009-03-09 12:18:37 ----D---- C:\BMW M3 Challenge
2009-03-06 10:32:51 ----HD---- C:\$AVG8.VAULT$
2009-03-06 10:00:06 ----A---- C:\WINDOWS\system32\avgrsstx.dll
2009-03-06 09:59:57 ----D---- C:\Documents and Settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:59:47 ----D---- C:\Program Files\AVG
2009-03-06 09:59:47 ----D---- C:\Documents and Settings\All Users\Application Data\avg8
2009-03-06 09:42:42 ----A---- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
2009-03-06 08:51:18 ----D---- C:\Documents and Settings\Administrator\Application Data\Symantec
2009-03-06 08:40:59 ----D---- C:\Program Files\Common Files\Symantec Shared
2009-03-06 08:31:40 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-03-05 13:19:11 ----A---- C:\WINDOWS\system32\ptpusb.dll
2009-03-05 13:19:10 ----A---- C:\WINDOWS\system32\ptpusd.dll
2009-03-03 07:10:00 ----D---- C:\Documents and Settings\Administrator\Application Data\IObit
2009-02-26 14:22:24 ----D---- C:\Documents and Settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21:43 ----D---- C:\Documents and Settings\All Users\Application Data\ACD Systems
2009-02-26 14:21:39 ----D---- C:\Program Files\ACD Systems
2009-02-24 10:56:54 ----D---- C:\Program Files\EA GAMES
2009-02-24 08:44:09 ----D---- C:\Documents and Settings\All Users\Application Data\Symantec
2009-02-24 08:42:19 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2009-02-24 08:37:36 ----D---- C:\Documents and Settings\All Users\Application Data\NortonInstaller
2009-02-24 07:17:57 ----D---- C:\Program Files\City Interactive
2009-02-23 14:28:50 ----D---- C:\Program Files\NokiaFREE Unlock Codes Calculator
2009-02-20 08:12:51 ----D---- C:\WINDOWS\system32\porttalk22
2009-02-20 07:57:33 ----D---- C:\Program Files\uTorrent
2009-02-20 07:57:25 ----D---- C:\Documents and Settings\Administrator\Application Data\uTorrent
2009-02-20 07:30:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 07:30:10 ----D---- C:\Program Files\Nice Prosper
2009-02-20 07:29:48 ----D---- C:\Program Files\Internet Saving Optimizer
2009-02-20 07:29:39 ----D---- C:\Program Files\System Search Dispatcher
2009-02-20 07:29:33 ----D---- C:\Program Files\DoubleD
2009-02-20 07:20:53 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

======List of files/folders modified in the last 1 months======

2009-03-19 09:37:48 ----D---- C:\WINDOWS\Prefetch
2009-03-19 09:37:45 ----RD---- C:\Program Files
2009-03-19 09:29:00 ----D---- C:\WINDOWS
2009-03-19 09:28:59 ----D---- C:\WINDOWS\system32
2009-03-19 09:28:40 ----D---- C:\WINDOWS\Temp
2009-03-19 09:26:08 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-19 09:23:37 ----RSH---- C:\boot.ini
2009-03-19 09:23:37 ----A---- C:\WINDOWS\win.ini
2009-03-19 09:23:37 ----A---- C:\WINDOWS\system.ini
2009-03-19 08:29:11 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-19 08:26:30 ----SHD---- C:\WINDOWS\Installer
2009-03-19 08:26:10 ----D---- C:\Program Files\Common Files
2009-03-19 08:15:39 ----D---- C:\Program Files\Windows Desktop Search
2009-03-19 08:12:31 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-03-19 08:12:19 ----HD---- C:\WINDOWS\inf
2009-03-19 08:12:19 ----D---- C:\WINDOWS\system32\wbem
2009-03-19 07:49:08 ----D---- C:\Temp
2009-03-19 07:42:19 ----D---- C:\WINDOWS\security
2009-03-18 12:24:45 ----D---- C:\Documents and Settings\Administrator\Application Data\Adobe
2009-03-18 12:11:13 ----D---- C:\Program Files\Common Files\Adobe
2009-03-18 12:08:42 ----RD---- C:\WINDOWS\Fonts
2009-03-18 12:07:43 ----D---- C:\Program Files\Adobe
2009-03-18 12:07:43 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-18 12:07:38 ----D---- C:\WINDOWS\system32\drivers
2009-03-18 12:07:06 ----A---- C:\WINDOWS\ODBCINST.INI
2009-03-18 09:38:00 ----SD---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2009-03-18 06:58:15 ----A---- C:\WINDOWS\NeroDigital.ini
2009-03-13 11:36:36 ----D---- C:\WINDOWS\system32\CatRoot
2009-03-13 11:34:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-03-13 11:17:30 ----D---- C:\Documents and Settings\Administrator\Application Data\Nokia
2009-03-13 11:04:41 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-13 11:04:18 ----D---- C:\Program Files\Nokia
2009-03-13 10:57:20 ----D---- C:\Documents and Settings\All Users\Application Data\Installations
2009-03-13 10:45:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-12 03:01:15 ----A---- C:\WINDOWS\imsins.BAK
2009-03-12 03:01:14 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-12 03:01:09 ----D---- C:\WINDOWS\WinSxS
2009-03-12 03:00:38 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2009-03-11 11:22:22 ----D---- C:\WINDOWS\system32\config
2009-03-11 11:09:05 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-11 11:07:58 ----D---- C:\Program Files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 11:07:50 ----RSD---- C:\WINDOWS\assembly
2009-03-11 11:07:14 ----D---- C:\WINDOWS\Lhsp
2009-03-11 11:06:51 ----D---- C:\Program Files\Hair Pro 2008 Light
2009-03-11 11:05:57 ----D---- C:\Program Files\3D Home Architect
2009-03-06 11:15:41 ----A---- C:\WINDOWS\matlab.ini
2009-03-06 09:48:56 ----D---- C:\Program Files\Di recnik
2009-03-03 07:10:00 ----D---- C:\Program Files\IObit
2009-02-27 10:28:39 ----D---- C:\Program Files\Pawn 2
2009-02-26 14:21:50 ----D---- C:\Program Files\Common Files\ACD Systems
2009-02-24 10:57:16 ----D---- C:\WINDOWS\Registration
2009-02-24 10:56:50 ----D---- C:\WINDOWS\system32\DirectX
2009-02-24 10:55:53 ----D---- C:\WINDOWS\system32\Restore
2009-02-24 10:53:30 ----SHD---- C:\System Volume Information
2009-02-24 10:08:55 ----SHD---- C:\WINDOWS\CSC
2009-02-24 08:09:00 ----SD---- C:\WINDOWS\Tasks
2009-02-20 07:21:02 ----D---- C:\Documents and Settings\Administrator\Application Data\funkitron

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-03-06 27656]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-03-06 107912]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS []
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys []
R1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2007-08-07 33052]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 CdaC15BA;CdaC15BA; \??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R2 NwlnkIpx;NWLink IPX/SPX/NetBIOS Compatible Transport Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2008-04-13 88320]
R2 NwlnkNb;NWLink NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-08-23 63232]
R2 NwlnkSpx;NWLink SPX/SPXII Protocol; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-08-23 55936]
R3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-09-11 6047904]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2007-04-23 4402176]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-23 12160]
R3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2008-04-13 163584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-05-07 106368]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 bdfdll;bdfdll; \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys []
S3 BDFsDrv;BDFsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys []
S3 BDRsDrv;BDRsDrv; \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys []
S3 FreshIO;FreshIO; \??\C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-09-15 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-09-15 22016]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 PortTalk;PortTalk; C:\WINDOWS\System32\Drivers\PortTalk.sys [2002-01-12 3567]
S3 SASENUM;SASENUM; \??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2008-04-13 12288]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-09-15 8064]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-09-15 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-04-19 40704]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-15 82688]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6; C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 Autodata Limited License Service;Autodata Limited License Service; C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe [2006-05-12 72704]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 C-DillaCdaC11BA;C-DillaCdaC11BA; C:\WINDOWS\system32\drivers\CDAC11BA.EXE [2008-10-22 54784]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-18 152984]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 NWCWorkstation;Client Service for NetWare; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 NwSapAgent;SAP Agent; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\WINDOWS\system32\IoctlSvc.exe [2006-12-19 81920]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
R2 UleadBurningHelper;Ulead Burning Helper; C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2007-03-03 67056]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-12-01 654848]
S3 fsssvc;Windows Live Porodična bezbednost; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-16 137200]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-26 65824]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-04-19 823808]

-----------------EOF-----------------

Poslao: 19 Mar 2009 11:37
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Pozdrav...




Arrow Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.




Arrow Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

Poslao: 23 Mar 2009 09:50
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

log koji je napravio combofix

ComboFix 09-03-22.01 - Administrator 2009-03-23 9:37:12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.518 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\cfxer.exe
c:\recycler\S-1-5-21-1482476501-1644491937-682003330-1013\Desktop.ini
c:\windows\IE4 Error Log.txt
c:\windows\n.tmp
c:\windows\winsystem.exe

----- BITS: Possible infected sites -----

hxxp://kap-srv-ex1.kap.me
.
((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-23 09:02 . 2009-03-23 09:02 37,662 --a------ c:\documents and settings\radomir.dasic\iemultjx.exe
2009-03-23 09:02 . 2009-03-23 09:02 33,634 --a------ c:\documents and settings\radomir.dasic\cmgrs.exe
2009-03-23 09:02 . 2009-03-23 09:02 8,552 --a------ c:\documents and settings\radomir.dasic\bv2.exe
2009-03-23 09:01 . 2009-03-23 09:01 30,782 --a------ c:\documents and settings\radomir.dasic\mscupdate.exe
2009-03-23 09:01 . 2009-03-23 09:01 18,944 --a------ c:\documents and settings\radomir.dasic\tvs2.exe
2009-03-23 06:44 . 2009-03-23 09:19 37,662 --a------ c:\windows\system32\iemultjx.exe
2009-03-20 14:44 . 2009-03-23 09:18 33,634 --a------ c:\documents and settings\Administrator\cmgrs.exe
2009-03-20 14:44 . 2009-03-23 06:43 8,552 --a------ c:\documents and settings\Administrator\bv2.exe
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 13:19 . 2009-03-23 09:18 18,944 --a------ c:\documents and settings\Administrator\tvs2.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-23 09:18 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-23 06:44 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems
2009-02-24 10:56 . 2009-03-11 11:14 <DIR> d-------- c:\program files\EA GAMES
2009-02-24 10:08 . 2009-02-24 10:08 0 --a------ C:\-1464429064
2009-02-24 08:44 . 2009-03-06 09:48 <DIR> d-------- c:\documents and settings\All Users\Application Data\Symantec
2009-02-24 08:42 . 2009-02-24 08:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\Norton
2009-02-24 08:37 . 2009-02-24 08:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-24 07:17 . 2009-02-24 10:56 <DIR> d-------- c:\program files\City Interactive
2009-02-23 14:28 . 2009-02-24 10:56 <DIR> d-------- c:\program files\NokiaFREE Unlock Codes Calculator

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"iemultjx"="c:\windows\system32\iemultjx.exe" [2009-03-23 37662]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
--a------ 2009-03-23 09:19 37662 c:\windows\system32\iemultjx.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\CDStart.Exe
\Shell\Install\Command - F:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G]
\Shell\AutoRun\command - G:\setup.exe /CD

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-20 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Windows API Control Center - winsystem.exe
Notify-WgaLogon - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Windows API Control Center - winsystem.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-23 09:41:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,92,f9,b5,0e,e2,50,41,bf,be,0c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,df,92,f9,b5,0e,e2,50,41,bf,be,0c,\

[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}*]
"habfaoeilfhpoicb"=hex:6a,61,6f,6f,6e,6b,6b,6a,66,6c,6d,69,66,63,64,6f,69,70,
62,62,00,00
"iadfokhghkpdifikmh"=hex:6a,61,6f,6f,6e,6b,6b,6a,66,6c,6d,69,66,63,64,6f,69,70,
62,62,00,00

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}\InProcServer32*]
"fanfnfeinpll"=hex:70,61,69,6f,69,6e,67,70,6a,64,69,6b,6b,6e,66,68,61,68,6e,68,
67,6c,66,6f,67,6a,6a,70,69,6b,62,6e,00,09
"nanfhdkckieeodggojgboinejpff"=hex:70,61,69,65,6d,6c,6a,6a,6f,66,64,63,64,6a,
6f,66,62,6d,68,66,67,6e,6d,62,6b,6e,64,61,67,65,64,62,00,09

[HKEY_LOCAL_MACHINE\software\MyWebSearch\SearchAssistant]
@DACL=(02 0000)
"pid"="ZRman000"
"fwp"="0"
"Dir"="c:\\Program Files\\MyWebSearch\\SrchAstt\\"
"sr"="11"
"pl"="26"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-03-23 9:44:07 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 08:44:04

Pre-Run: 35.217.403.904 bytes free
Post-Run: 35,277,467,648 bytes free

349 --- E O F --- 2009-03-12 02:01:15

Poslao: 23 Mar 2009 17:19
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\tvs2.exe

REGLOCK::
[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\software\MyWebSearch\SearchAssistant]

REGNULL::
[HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}\InProcServer32*]

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iemultjx"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iemultjx]
[-HKEY_LOCAL_MACHINE\software\MyWebSearch]
[-HKEY_USERS\S-1-5-21-606747145-1482476501-839522115-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{918FA53A-2301-115E-ACBC-7C90ED481B25}]
[-HKEY_LOCAL_MACHINE\software\Classes\CLSID\{918FA53A-2301-115E-ACBC-7C90ED481B25}]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Poslao: 24 Mar 2009 12:42
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

U ovim fajlovima je AVG pronašao trojance. Zbog toga sam vas i kontaktirao.
Da li da ih vratim jer posle skeniranja sa COMBOFIX-om AVG ništa ne javlja?



c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\tvs2.exe

Poslao: 24 Mar 2009 16:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ne razumem šta me pitaš.

Da li si ispratio gornje uputstvo?

Ako jesi, log je C:\ComboFix.txt - postavi ga ovde.

Ako nisi, isprati ga.

Poslao: 25 Mar 2009 08:03
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

ComboFix 09-03-22.01 - Administrator 2009-03-25 7:50:20.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.543 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\n.tmp

.
((((((((((((((((((((((((( Files Created from 2009-02-25 to 2009-03-25 )))))))))))))))))))))))))))))))
.

2009-03-24 13:13 . 2009-03-24 13:13 415 --a------ C:\AutoData2005XP.lnk
2009-03-24 09:55 . 2009-03-24 09:55 450 --a------ C:\Autodata CDA-3.lnk
2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-24 09:35 . 2009-03-24 09:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2009-03-24 08:23 . 2009-03-24 08:23 <DIR> d-------- c:\program files\MagicDisc
2009-03-24 08:23 . 2009-02-24 18:42 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-24 08:13 . 2009-03-24 08:13 2,581 -r-hs---- c:\windows\PCGWIN32.LI5
2009-03-24 08:10 . 2009-03-24 08:10 528 -r-hs---- c:\windows\PCGWIN32.LI4
2009-03-24 08:07 . 2009-03-24 08:07 <DIR> d-------- C:\ADCDTEMP
2009-03-24 07:46 . 2009-03-24 07:46 <DIR> d-------- c:\windows\Sun
2009-03-24 07:42 . 2009-03-24 07:43 <DIR> d-------- c:\program files\MagicISO
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-23 09:02 . 2009-03-23 09:02 37,662 --a------ c:\documents and settings\radomir.dasic\iemultjx.exe
2009-03-23 09:02 . 2009-03-23 09:02 33,634 --a------ c:\documents and settings\radomir.dasic\cmgrs.exe
2009-03-23 09:02 . 2009-03-23 09:02 8,552 --a------ c:\documents and settings\radomir.dasic\bv2.exe
2009-03-23 09:01 . 2009-03-23 09:01 30,782 --a------ c:\documents and settings\radomir.dasic\mscupdate.exe
2009-03-23 09:01 . 2009-03-23 09:01 18,944 --a------ c:\documents and settings\radomir.dasic\tvs2.exe
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-25 07:45 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-24 08:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 12:17 566,784 ----a-w c:\windows\~de74bc.tmp
2009-03-24 07:17 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:14 --------- d-----w c:\program files\EA GAMES
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-06 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\program files\NokiaFREE Unlock Codes Calculator
2009-02-24 09:56 --------- d-----w c:\program files\City Interactive
2009-02-24 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 9.43.06.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-03-25 06:54:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_4c8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2009-03-24 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6f658-183e-11de-a72a-001e0baac5f9}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-24 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-25 07:54:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2009-03-25 7:56:16 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-25 06:56:13
ComboFix2.txt 2009-03-23 08:44:08

Pre-Run: 35.110.871.040 bytes free
Post-Run: 35,103,084,544 bytes free

318 --- E O F --- 2009-03-12 02:01:15

Poslao: 25 Mar 2009 16:32
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Zamolio bih te da ponoviš postupak (potrebno je da iskopiraš sve što se nalazi unutar Kod polja).

Poslao: 26 Mar 2009 08:42
Idi na vrh
offline
  • zoox 
  • Novi MyCity građanin
  • Pridružio: 19 Mar 2009
  • Poruke: 7

ComboFix 09-03-22.01 - Administrator 2009-03-26 8:27:08.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1250.1.1033.18.1014.520 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\documents and settings\Administrator\bv2.exe
c:\documents and settings\Administrator\cmgrs.exe
c:\documents and settings\Administrator\tvs2.exe
c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe
c:\windows\system32\iemultjx.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\radomir.dasic\bv2.exe
c:\documents and settings\radomir.dasic\cmgrs.exe
c:\documents and settings\radomir.dasic\iemultjx.exe
c:\documents and settings\radomir.dasic\mscupdate.exe
c:\documents and settings\radomir.dasic\tvs2.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-26 to 2009-03-26 )))))))))))))))))))))))))))))))
.

2009-03-26 06:42 . 2009-03-26 06:42 <DIR> d-------- c:\windows\system32\?z
2009-03-25 09:02 . 2009-03-25 09:38 2,240 --a------ c:\windows\system32\esnecil.nlp
2009-03-25 09:02 . 2009-03-26 06:42 2,240 --a------ c:\windows\system32\esnecil.ind
2009-03-25 09:02 . 2009-03-25 09:38 4 --a------ c:\windows\vx86036.dat
2009-03-25 08:58 . 2009-03-25 08:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\WorkshopData
2009-03-25 08:58 . 1999-06-18 22:49 165,888 --a------ c:\windows\Ckconfig.exe
2009-03-25 08:58 . 2006-09-22 00:33 69,632 --a------ c:\windows\system32\Crypserv.exe
2009-03-25 08:58 . 2006-01-10 03:47 31,846 --a------ c:\windows\system32\Ckldrv.sys
2009-03-25 08:58 . 1996-05-03 18:21 27,648 -ra------ c:\windows\Setup_ck.exe
2009-03-25 08:58 . 1996-05-03 16:36 18,432 --a------ c:\windows\Setup_ck.dll
2009-03-25 08:58 . 1995-07-04 19:33 11,776 --a------ c:\windows\Ckrfresh.exe
2009-03-25 08:58 . 2009-03-25 08:58 84 --a------ c:\windows\Crypkey.ini
2009-03-25 08:45 . 2009-03-25 08:49 <DIR> d--h----- c:\program files\Zero G Registry
2009-03-25 08:45 . 2009-03-25 09:13 <DIR> d-------- c:\program files\Vivid WorkshopData ATI
2009-03-25 08:44 . 2009-03-25 08:44 <DIR> d--h----- c:\documents and settings\Administrator\InstallAnywhere
2009-03-24 09:36 . 2009-03-24 09:36 <DIR> d-------- c:\program files\Common Files\Autodata Limited Shared
2009-03-24 09:35 . 2009-03-24 09:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Autodata Limited
2009-03-24 08:23 . 2009-03-24 08:23 <DIR> d-------- c:\program files\MagicDisc
2009-03-24 08:23 . 2009-02-24 18:42 116,736 --a------ c:\windows\system32\drivers\mcdbus.sys
2009-03-24 08:13 . 2009-03-24 08:13 2,581 -r-hs---- c:\windows\PCGWIN32.LI5
2009-03-24 08:10 . 2009-03-24 08:10 528 -r-hs---- c:\windows\PCGWIN32.LI4
2009-03-24 07:46 . 2009-03-24 07:46 <DIR> d-------- c:\windows\Sun
2009-03-24 07:42 . 2009-03-24 07:43 <DIR> d-------- c:\program files\MagicISO
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Tracing
2009-03-23 09:02 . 2009-03-23 09:02 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\Internet Saving Optimizer
2009-03-23 09:02 . 2009-03-23 09:05 <DIR> d-------- c:\documents and settings\radomir.dasic\Application Data\AVGTOOLBAR
2009-03-20 08:45 . 2009-03-20 11:14 <DIR> d-------- c:\program files\UseNeXT
2009-03-20 08:45 . 2009-03-20 14:18 <DIR> d-------- c:\documents and settings\Administrator\Application Data\UseNeXT
2009-03-20 08:33 . 2009-03-20 08:38 26,624 --a------ c:\temp\Project1.exe
2009-03-19 09:37 . 2009-03-19 09:38 <DIR> d-------- C:\rsit
2009-03-19 08:26 . 2009-03-19 08:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-19 08:26 . 2009-03-20 14:35 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-03-18 12:29 . 2009-03-18 12:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\espionServerData
2009-03-16 09:28 . 2008-10-27 18:37 192,307 --a------ C:\wubildr
2009-03-16 09:28 . 2008-10-27 18:37 8,192 --a------ C:\wubildr.mbr
2009-03-16 09:23 . 2009-03-16 09:23 <DIR> d-------- C:\ubuntu
2009-03-13 11:36 . 2009-03-13 11:41 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Samsung
2009-03-13 11:34 . 2009-03-16 06:43 <DIR> d-------- c:\windows\system32\Samsung_USB_Drivers
2009-03-13 11:34 . 2006-05-03 22:53 174,592 --a------ c:\windows\system32\framedyn.dll
2009-03-13 11:34 . 2006-07-24 16:05 5,632 --a------ c:\windows\system32\drivers\StarOpen.sys
2009-03-13 11:34 . 2005-08-28 20:51 766 --a------ c:\windows\system32\Uninstall.ico
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\PCSuite
2009-03-13 11:04 . 2009-03-13 11:04 <DIR> d-------- c:\program files\Common Files\Nokia
2009-03-13 11:04 . 2008-09-15 07:29 1,112,288 --a------ c:\windows\system32\wdfcoinstaller01007.dll
2009-03-13 11:04 . 2008-09-15 07:56 659,968 --a------ c:\windows\system32\nmwcdcocls.dll
2009-03-13 11:04 . 2008-09-15 07:56 22,016 --a------ c:\windows\system32\drivers\ccdcmbo.sys
2009-03-13 11:04 . 2008-09-15 07:56 17,664 --a------ c:\windows\system32\drivers\ccdcmb.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerfltj.sys
2009-03-13 11:04 . 2008-09-15 07:56 8,064 --a------ c:\windows\system32\drivers\usbser_lowerflt.sys
2009-03-13 10:42 . 2009-03-13 10:42 <DIR> d-------- c:\program files\Oxygen Software
2009-03-11 14:31 . 2009-03-13 06:42 <DIR> d-------- c:\program files\Chess
2009-03-11 11:12 . 2009-03-11 11:12 <DIR> d-------- c:\program files\VS Revo Group
2009-03-11 09:58 . 2009-03-11 09:58 <DIR> d-------- c:\program files\directx
2009-03-11 09:57 . 2009-03-11 09:57 <DIR> d-------- c:\program files\Rockstar Games
2009-03-09 12:18 . 2009-03-09 12:20 <DIR> d-------- C:\BMW M3 Challenge
2009-03-06 10:32 . 2009-03-25 10:32 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-06 10:00 . 2009-03-06 10:00 325,640 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-06 10:00 . 2009-03-06 10:00 107,912 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-06 10:00 . 2009-03-06 10:00 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-06 09:59 . 2009-03-24 08:37 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\program files\AVG
2009-03-06 09:59 . 2009-03-06 09:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-06 09:59 . 2009-03-06 10:04 <DIR> d-------- c:\documents and settings\Administrator\Application Data\AVGTOOLBAR
2009-03-06 09:09 . 2008-09-25 14:27 905,216 --a------ c:\windows\system32\GearDrvs.msi
2009-03-06 08:51 . 2009-03-06 08:51 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Symantec
2009-03-06 08:40 . 2009-03-06 09:48 <DIR> d-------- c:\program files\Common Files\Symantec Shared
2009-03-05 13:19 . 2008-04-14 01:12 159,232 --a------ c:\windows\system32\ptpusd.dll
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-03-05 13:19 . 2008-04-13 19:45 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2009-03-05 13:19 . 2001-08-17 22:36 5,632 --a------ c:\windows\system32\ptpusb.dll
2009-03-03 07:10 . 2009-03-03 07:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\IObit
2009-02-26 14:22 . 2009-02-26 14:22 <DIR> d-------- c:\documents and settings\Administrator\Application Data\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\program files\ACD Systems
2009-02-26 14:21 . 2009-02-26 14:21 <DIR> d-------- c:\documents and settings\All Users\Application Data\ACD Systems

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-24 12:17 566,784 ------w c:\windows\~de74bc.tmp
2009-03-24 07:17 --------- d-----w c:\documents and settings\Administrator\Application Data\uTorrent
2009-03-19 07:15 --------- d-----w c:\program files\Windows Desktop Search
2009-03-18 11:11 --------- d-----w c:\program files\Common Files\Adobe
2009-03-18 11:07 9,464 ------w c:\windows\system32\drivers\cdralw2k.sys
2009-03-18 11:07 9,336 ------w c:\windows\system32\drivers\cdr4_xp.sys
2009-03-18 11:07 43,528 ------w c:\windows\system32\drivers\PxHelp20.sys
2009-03-13 10:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-03-13 10:17 --------- d-----w c:\documents and settings\Administrator\Application Data\Nokia
2009-03-13 10:04 --------- d-----w c:\program files\Nokia
2009-03-13 09:57 --------- d-----w c:\documents and settings\All Users\Application Data\Installations
2009-03-12 02:00 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-03-11 10:14 --------- d-----w c:\program files\EA GAMES
2009-03-11 10:07 --------- d-----w c:\program files\Mobiola Web Camera 2 for S60 2nd Edition
2009-03-11 10:06 --------- d-----w c:\program files\Hair Pro 2008 Light
2009-03-11 10:05 --------- d-----w c:\program files\3D Home Architect
2009-03-06 08:48 --------- d-----w c:\program files\Di recnik
2009-03-06 08:48 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-03-03 06:10 --------- d-----w c:\program files\IObit
2009-02-27 09:28 --------- d-----w c:\program files\Pawn 2
2009-02-26 13:21 --------- d-----w c:\program files\Common Files\ACD Systems
2009-02-24 09:56 --------- d-----w c:\program files\NokiaFREE Unlock Codes Calculator
2009-02-24 09:56 --------- d-----w c:\program files\City Interactive
2009-02-24 07:43 --------- d-----w c:\documents and settings\All Users\Application Data\Norton
2009-02-24 07:37 --------- d-----w c:\documents and settings\All Users\Application Data\NortonInstaller
2009-02-20 06:57 --------- d-----w c:\program files\uTorrent
2009-02-20 06:30 --------- d-----w c:\program files\Nice Prosper
2009-02-20 06:30 --------- d-----w c:\documents and settings\Administrator\Application Data\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\System Search Dispatcher
2009-02-20 06:29 --------- d-----w c:\program files\Internet Saving Optimizer
2009-02-20 06:29 --------- d-----w c:\program files\DoubleD
2009-02-20 06:26 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-02-20 06:21 --------- d-----w c:\documents and settings\Administrator\Application Data\funkitron
2009-02-18 12:12 --------- d-----w c:\program files\Java
2009-02-18 08:44 --------- d-----w c:\program files\NeoTracePro
2009-02-16 12:20 --------- d-----w c:\program files\Windows Live
2009-02-16 12:19 --------- d-----w c:\program files\Microsoft Sync Framework
2009-02-16 12:17 --------- d-----w c:\program files\Windows Live SkyDrive
2009-02-16 12:17 --------- d-----w c:\program files\Microsoft
2009-02-16 11:55 --------- d-----w c:\program files\Common Files\Windows Live
2009-02-16 10:42 --------- d-----w c:\program files\FastStone Capture
2009-02-16 10:42 --------- d-----w c:\documents and settings\Administrator\Application Data\FastStone
2009-02-16 06:24 --------- d-----w c:\documents and settings\radomir.dasic\Application Data\Nokia
2009-02-12 13:09 --------- d-----w c:\documents and settings\All Users\Application Data\Nokia
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-02-12 12:58 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2009-02-12 12:50 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-12 12:44 --------- d-----w c:\documents and settings\Administrator\Application Data\PC Suite
2009-02-12 12:33 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2009-02-12 12:29 --------- d-----w c:\documents and settings\All Users\Application Data\PC Suite
2009-02-12 12:24 --------- d-----w c:\program files\Foxit Software
2009-02-11 07:24 --------- d-----w c:\program files\Common Files\Borland Shared
2009-02-11 07:22 --------- d-----w c:\program files\Borland
2009-02-10 07:09 --------- d-----w c:\program files\Jetpak
2009-02-10 07:07 --------- d-----w c:\program files\OpenOffice.org 3
2009-02-10 07:05 --------- d-----w c:\program files\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\All Users\Application Data\Ulead Systems
2009-02-10 07:05 --------- d-----w c:\documents and settings\Administrator\Application Data\Ulead Systems
2009-02-10 06:56 --------- d-----w c:\program files\Microsoft Visual Studio 8
2009-02-10 06:56 --------- d-----w c:\program files\ImgBurn
2009-02-10 06:55 --------- d-----w c:\program files\Google
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\Softwin
2009-02-10 06:55 --------- d-----w c:\program files\Common Files\BitDefender
2009-02-06 18:20 308,088 ----a-w c:\windows\WLXPGSS.SCR
2009-02-06 17:08 55,152 ----a-w c:\windows\system32\drivers\fssfltr_tdi.sys
2009-01-30 08:47 --------- d-----w c:\program files\Simbin
.

((((((((((((((((((((((((((((( SnapShot@2009-03-23_ 9.43.06.92 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-02-20 13:00:41 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
+ 2009-03-25 07:10:34 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
- 2009-02-20 13:00:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
+ 2009-03-25 07:10:35 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_3D.exe
- 2009-02-20 13:00:42 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
+ 2009-03-25 07:10:35 295,606 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat_Standard.exe
- 2009-02-20 13:00:42 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
+ 2009-03-25 07:10:35 25,214 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Distiller.exe
- 2009-02-20 13:00:42 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
+ 2009-03-25 07:10:35 7,278 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_ELEMENTS_DT.exe
- 2009-02-20 13:00:41 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-25 07:10:34 23,558 ----a-r c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\SC_Designer_PFM.70DBED24_B579_40CB_AB0B_F1221A3E9EC5.exe
+ 2009-03-26 07:31:58 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_53c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-11 143360]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-11 172032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-11 143360]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-06 1932568]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-06 10:00 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.dvacm"= c:\progra~1\COMMON~1\Ulead Systems\Vio\Dvacm.acm
"msacm.MPEGacm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\MPEGacm.acm
"msacm.ulmp3acm"= c:\progra~1\COMMON~1\Ulead Systems\MPEG\ulmp3acm.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2008-10-14 21:38 623992 c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-09-11 00:43 67488 c:\program files\Adobe\Photoshop Elements 6.0\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 3]
--a------ 2008-11-26 16:11 2235920 c:\program files\IObit\Advanced SystemCare 3\AWC.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Di dictionary]
--a------ 2007-03-16 20:45 518656 c:\program files\Di recnik\Di.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-26 23:47 31016 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpbdfawep]
--a------ 2007-04-25 14:28 954368 c:\program files\HP\Dfawep\bin\hpbdfawep.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPUsageTracking]
--a------ 2007-05-04 13:14 36864 c:\program files\HP\HP UT\bin\hppusg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2008-06-24 15:06 1840424 c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 01:12 1695232 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a------ 2009-02-06 18:50 3885408 c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2008-06-08 08:31 2221352 c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2008-06-19 08:53 570664 c:\program files\Common Files\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync]
--a------ 2008-11-10 15:07 1253376 c:\program files\Nokia\Nokia PC Suite 7\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-07 01:05 200704 c:\program files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-02-18 13:12 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-10-24 05:56 68856 c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-10-20 08:16 185872 c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UVS11 Preload]
--a------ 2007-03-03 13:12 341488 c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WeatherWatcher]
--a------ 2008-11-18 20:19 1081344 c:\program files\Weather Watcher\ww.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 17:43 69632 c:\windows\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
--a------ 2007-04-12 16:33 16132608 c:\windows\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-03-06 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-03-06 107912]
R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;c:\program files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe [2007-09-11 124832]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-03-06 298264]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-02-16 55152]
R2 NwSapAgent;SAP Agent;c:\windows\system32\svchost.exe -k netsvcs [2004-08-03 14336]
R2 SeaPort;SeaPort;c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-01-14 226656]
S3 fsssvc;Windows Live Porodična bezbednost;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S3 PortTalk;PortTalk;c:\windows\system32\drivers\PortTalk.sys [2009-02-16 3567]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\H]
\Shell\AutoRun\command - H:\CDStart.Exe
\Shell\Install\Command - H:\Stub.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d1c6f658-183e-11de-a72a-001e0baac5f9}]
\Shell\AutoRun\command - F:\autorun.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-03-25 c:\windows\Tasks\HP WEP.job
- c:\program files\HP\Dfawep\bin\hpbdfawep.exe [2007-04-25 14:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://login.live.com/login.srf?wa=wsignin1.0&rpsnv=10&ct=1234853227&rver=5.5.4177.0&wp=MBI&wreply=http:%2F%2Fhome.live.com%2Fdefault.aspx&lc=2074&id=251248
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &NeoTrace It! - c:\progra~1\NeoTracePro\NTXcontext.htm
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2009-03-26 08:32:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
c:\windows\system32\drivers\CDAC11BA.EXE
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\Crypserv.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\windows\system32\IoctlSvc.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\igfxsrvc.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
.
**************************************************************************
.
Completion time: 2009-03-26 8:34:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-26 07:34:44
ComboFix2.txt 2009-03-25 06:56:17
ComboFix3.txt 2009-03-23 08:44:08

Pre-Run: 32.648.110.080 bytes free
Post-Run: 33,218,895,872 bytes free

354 --- E O F --- 2009-03-12 02:01:15

Poslao: 26 Mar 2009 17:17
Idi na vrh
offline
  • dr_Bora  Male
  • Anti Malware Fighter
    Rank 2
  • Pridružio: 24 Jul 2007
  • Poruke: 12280
  • Gde živiš: Höganäs, SE

Ovo sada izgleda ok. Ukoliko ne postoji neki konkretan problem,
Klikni START a zatim RUN
U liniju za unos teksta ukucaj Combofix /u i klikni OK





Sačekaj da se proces deinstalacije završi
Gornja procedura će:
Obrisati sledeće:
ComboFix i njegove file-ove i foldere
VundoFix Backups folder, ako postoji
C:\Deckard folder, ako postoji
C:\OtMoveIt folder, ako postoji
Resetovati podešavanja sata na kompjuteru
Sakriti ekstenzije file-ova, ako je potrebno
Sakriti sistemske/skrivene file-ove/foldere, ako je potrebno
Resetovati System Restore


To bi bilo sve...

MyCity » Ambulanta -> Arhiva Ambulante » problem sa iemultjx.exe (log.txt)

Ko je trenutno na forumu
 

Ukupno su 815 korisnika na forumu :: 11 registrovanih, 3 sakrivenih i 801 gosta   ::   [ Administrator ] [ Supermoderator ] [ Moderator ] :: Detaljnije

Najviše korisnika na forumu ikad bilo je 3466 - dana 01 Jun 2021 17:07

Korisnici koji su trenutno na forumu:
Korisnici trenutno na forumu: A.R.Chafee.Jr., Belisarius, comi_pfc, darkojbn, esx66, kalens021, marsovac 2, panzerwaffe, Parker, SlaKoj, uruk