win32/agent trojan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:11:43 PM, on 1/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe
C:\Program Files\MorEmoticons\MorEmoticons.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Julija Tanaskovic\Desktop\Skidanje sa RapidShare\CryptLoad 1.0.6\CryptLoad.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\PROGRA~1\Pinnacle\SHARED~1\Filter\server.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Julija Tanaskovic\Desktop\Ambulanta-problemi sa virusima\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {0192A3F4-6461-47C1-A7EC-F4046B0EA99A} - (no file)
O2 - BHO: (no name) - {023EF54A-7EC6-4739-96A1-A314BD456488} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {121635A0-8D8C-4F1F-B2E4-4BFE2D03E87D} - (no file)
O2 - BHO: (no name) - {1E5A4241-37B3-4898-92BE-A9A4008AAB69} - (no file)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {2438B9F4-8BB2-4A39-BEEC-FC0DC189B389} - (no file)
O2 - BHO: (no name) - {27EBA5C9-5B81-45A4-B2BF-48E79313131D} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {36071469-5CC6-4548-9F90-AAE1E6FC2282} - (no file)
O2 - BHO: (no name) - {3E1AEF96-1D81-4556-80C4-71972DFFB649} - (no file)
O2 - BHO: (no name) - {488A6382-46EC-4937-B57F-9F67BEA33462} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53F9310A-A5EF-4C31-81F7-EFEBFEC08FDA} - (no file)
O2 - BHO: (no name) - {5E4C4705-068E-47F8-92E9-E10B859B5603} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
O2 - BHO: (no name) - {7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - C:\WINDOWS\system32\iifcBtUm.dll
O2 - BHO: (no name) - {853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
O2 - BHO: (no name) - {8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
O2 - BHO: (no name) - {9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
O2 - BHO: (no name) - {A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
O2 - BHO: (no name) - {A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
O2 - BHO: (no name) - {A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
O2 - BHO: (no name) - {A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B4FB5462-7263-482D-8694-027F86499A5A} - C:\WINDOWS\system32\urqRKcby.dll
O2 - BHO: (no name) - {C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
O2 - BHO: (no name) - {D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
O2 - BHO: (no name) - {D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
O2 - BHO: (no name) - {F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
O2 - BHO: (no name) - {FDF22357-56C0-47DF-A8F2-DF8533B2B005} - C:\WINDOWS\system32\ddcBSKAq.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [183880e0] rundll32.exe "C:\WINDOWS\system32\pmwnmpwi.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe -A
O4 - HKCU\..\Run: [MorEmoticons] C:\Program Files\MorEmoticons\MorEmoticons.exe /Minimize
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GetChristmas] C:\Documents and Settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adrenaliner.lnk = C:\Program Files\Adrenaliner\adrenaliner.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: iifcBtUm - C:\WINDOWS\SYSTEM32\iifcBtUm.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 12914 bytes
Pomozite da se resim virusa Win32/Trojan downloader,Agent trohan

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...


Privremeno isključi antivirus pre pokretanja programa sa donjih linkova.


Skini ComboFix sa jedne od sledecih adresa na Desktop:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

c:\documents and settings\Julija Tanaskovic\Application Data\FunWebProducts
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Shared\000CED92.dat
c:\program files\FunWebProducts\Shared\Cache\CursorManiaBtn.html
c:\program files\FunWebProducts\Shared\Cache\SmileyCentralBtn.html
c:\program files\Internet Explorer\msimg32.dll
c:\program files\MyWebSearch
c:\program files\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3FFXTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.JAR
c:\program files\MyWebSearch\bar\1.bin\M3NTSTBR.MANIFEST
c:\program files\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files\MyWebSearch\bar\Cache\0068EE8C.Zw
c:\program files\MyWebSearch\bar\Cache\00690FC0
c:\program files\MyWebSearch\bar\Cache\00691936.bin
c:\program files\MyWebSearch\bar\Cache\006925F8.bin
c:\program files\MyWebSearch\bar\Cache\00692E25.bin
c:\program files\MyWebSearch\bar\Cache\0069346F.bin
c:\program files\MyWebSearch\bar\Cache\files.ini
c:\program files\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files\MyWebSearch\bar\Game\CHESS.F3S
c:\program files\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files\MyWebSearch\bar\History\search3
c:\program files\MyWebSearch\bar\icons\CM.ICO
c:\program files\MyWebSearch\bar\icons\MFC.ICO
c:\program files\MyWebSearch\bar\icons\PSS.ICO
c:\program files\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files\MyWebSearch\bar\icons\WB.ICO
c:\program files\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files\MyWebSearch\bar\Message\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files\MyWebSearch\bar\Settings\prevcfg2.htm
c:\program files\MyWebSearch\bar\Settings\s_pid.dat
c:\program files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
c:\windows\system32\bkcvbiff.ini
c:\windows\system32\cqmjdmxy.dll
c:\windows\system32\cwiqnfuq.ini
c:\windows\system32\cxokfvmq.ini
c:\windows\system32\f3PSSavr.scr
c:\windows\system32\ffibvckb.dll
c:\windows\system32\fjegdvkr.dll
c:\windows\system32\fnlbtbcg.ini
c:\windows\system32\fxftvcrm.ini
c:\windows\system32\gcbtblnf.dll
c:\windows\system32\iifcBtUm.dll
c:\windows\system32\iqslxxrt.dll
c:\windows\system32\iwpmnwmp.ini
c:\windows\system32\kcqavgmm.ini
c:\windows\system32\kfrjpmcv.ini
c:\windows\system32\LlTAdfhk.ini
c:\windows\system32\lvaxyxfw.dll
c:\windows\system32\mcrh.tmp
c:\windows\system32\mfc45.dll
c:\windows\system32\mmgvaqck.dll
c:\windows\system32\mppnrjcr.ini
c:\windows\system32\mrcvtfxf.dll
c:\windows\system32\murocaex.ini
c:\windows\system32\nciebofo.dll
c:\windows\system32\ofobeicn.ini
c:\windows\system32\oyxptehb.dll
c:\windows\system32\pmwnmpwi.dll
c:\windows\system32\qAKSBcdd.ini
c:\windows\system32\qbrurgfu.dll
c:\windows\system32\rcjrnppm.dll
c:\windows\system32\rkvdgejf.ini
c:\windows\system32\sythwctx.dll
c:\windows\system32\trxxlsqi.ini
c:\windows\system32\ufgrurbq.ini
c:\windows\system32\urqRKcby.dll
c:\windows\system32\wfxyxavl.ini
c:\windows\system32\xeacorum.dll
c:\windows\system32\xtcwhtys.ini
c:\windows\system32\ybcKRqru.ini
c:\windows\system32\ybcKRqru.ini2
c:\windows\system32\yxmdjmqc.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-03 13:20 . 2009-01-03 13:20 <DIR> d-------- c:\program files\LiveUpdate
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-01-03 13:19 . 2003-12-26 04:22 24,192 --a------ c:\windows\system32\drivers\OLD128B.tmp
2009-01-03 13:18 . 2009-01-03 13:19 <DIR> d-------- c:\program files\mobile PhoneTools
2009-01-03 13:18 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-02 16:47 . 2009-01-04 12:50 5 --a------ c:\windows\sbacknt.bin
2009-01-02 16:45 . 2009-01-03 07:32 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\vghd
2009-01-02 16:45 . 2009-01-03 14:38 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\program files\DVD Shrink
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-31 06:20 . 2008-12-31 06:20 8 --a------ c:\windows\system32\nvModes.dat
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\iolo
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-12-30 08:04 . 2008-12-30 08:04 <DIR> d-------- c:\program files\CoffeeCup Software
2008-12-30 08:04 . 2006-01-27 01:56 938,272 --a------ c:\windows\system32\wodFtpDLX.OCX
2008-12-30 08:04 . 2008-12-30 08:04 13 ---h----- c:\documents and settings\All Users\Application Data\1ÌØ13.sys
2008-12-29 17:03 . 2008-12-29 17:04 <DIR> d-------- c:\program files\Adrenaliner
2008-12-28 13:35 . 2008-12-30 13:35 <DIR> d-------- c:\temp\VIDEO_TS
2008-12-28 13:35 . 2008-12-28 13:35 <DIR> d-------- C:\Temp
2008-12-28 13:24 . 2008-12-28 13:24 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\dvdcss
2008-12-28 13:20 . 2008-12-28 13:20 <DIR> d-------- c:\program files\QuickTime
2008-12-28 13:20 . 2005-11-21 06:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-28 13:20 . 2005-11-21 06:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-27 13:11 . 2008-12-27 13:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Kaspersky_Key_Finder_(KKF
2008-12-27 12:35 . 2008-12-27 12:35 <DIR> d---s---- c:\documents and settings\Julija Tanaskovic\UserData
2008-12-26 11:14 . 2008-12-26 11:14 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\NeroDCTemplates
2008-12-26 10:26 . 2008-12-26 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-12-24 11:58 . 2008-12-24 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-24 11:45 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-12-24 11:45 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-12-24 11:45 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-12-24 11:45 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-12-24 11:45 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-12-24 11:45 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-12-24 11:45 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-12-24 11:45 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-12-24 11:45 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-12-24 11:45 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-12-24 11:45 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-12-23 09:49 . 2008-12-24 11:43 32 --a------ c:\windows\0
2008-12-23 09:49 . 2008-12-23 09:49 0 --a------ c:\windows\system32\0
2008-12-23 08:30 . 2008-12-23 08:30 <DIR> d-------- c:\program files\IVT Corporation
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Rapid Tools
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Ashampoo
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Ashampoo
2008-12-22 13:33 . 2008-12-22 13:33 <DIR> d-------- c:\program files\GameTop.com
2008-12-21 17:32 . 2008-12-21 17:32 <DIR> d-------- c:\program files\Formosoft
2008-12-21 17:32 . 2002-11-25 15:57 811,008 --a------ c:\windows\AquaReal.scr
2008-12-21 17:32 . 2002-11-15 17:56 131,072 --a------ c:\windows\SNVerifyDLL.dll
2008-12-21 13:00 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Crime Puzzle
2008-12-21 12:44 . 2008-12-22 16:57 <DIR> d-------- c:\program files\5 Spots II
2008-12-21 10:50 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-20 12:31 . 2008-12-20 12:31 <DIR> d-------- c:\program files\Aimersoft
2008-12-19 09:08 . 2008-12-19 09:08 <DIR> d-------- c:\program files\WinUAE
2008-12-17 07:00 . 2008-12-17 07:00 <DIR> d-------- C:\GoogleDeluxe2.9
2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-16 06:40 . 2008-12-27 15:42 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-15 14:17 . 2008-12-15 14:17 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Sahmon Games
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\FreeGamePick.com
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskSearch
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskBarDis
2008-12-15 08:52 . 2008-12-28 07:45 189 --a------ c:\windows\wininit.ini
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-15 08:27 . 2008-12-29 06:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 08:27 . 2009-01-01 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 10:13 . 2009-01-03 14:38 <DIR> d-------- c:\program files\vghd
2008-12-14 09:58 . 2008-12-14 10:34 <DIR> d-------- c:\program files\MorEmoticons
2008-12-14 09:57 . 2008-12-14 10:01 <DIR> d-------- C:\HiddenEmoticons.exe
2008-12-14 09:51 . 2008-12-27 13:50 <DIR> d-------- c:\program files\PFConfig
2008-12-14 09:41 . 2008-12-14 09:41 <DIR> d-------- c:\program files\GymGoal Lite
2008-12-13 12:40 . 2008-12-30 23:05 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\LimeWire
2008-12-13 09:12 . 2009-01-03 14:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\WeatherWatcher
2008-12-13 09:11 . 2008-12-13 09:12 <DIR> d-------- c:\program files\Weather Watcher
2008-12-13 09:11 . 2004-05-27 01:32 102,400 --a------ c:\windows\system32\unzip32.dll
2008-12-13 09:10 . 2008-12-13 09:10 <DIR> d-------- c:\program files\Secunia
2008-12-13 09:09 . 2008-12-15 08:23 <DIR> d-------- c:\program files\KlipFolio
2008-12-13 09:09 . 2008-12-29 06:06 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\KlipFolio
2008-12-12 15:47 . 2008-12-12 15:47 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Eyeblaster
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\GameHouse
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-12 15:40 . 2008-12-12 15:40 <DIR> d-------- c:\program files\GameHouse
2008-12-12 10:14 . 2008-12-12 10:14 <DIR> d-------- c:\program files\Yahoo!
2008-12-12 10:13 . 2009-01-01 11:12 <DIR> d-------- c:\program files\CCleaner
2008-12-12 10:10 . 2008-12-17 10:51 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar
2008-12-12 09:44 . 2008-12-12 09:44 <DIR> d-------- c:\windows\Sun
2008-12-11 10:12 . 2008-12-11 10:12 <DIR> d-------- c:\program files\ESET
2008-12-11 09:42 . 2008-12-11 09:42 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\DivX
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 09:16 . 2008-12-11 09:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-11 09:13 . 2008-12-19 10:50 <DIR> d-------- c:\program files\DivX
2008-12-11 09:13 . 2008-12-11 09:29 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Dr. DivX 2.0 OSS
2008-12-11 08:38 . 2008-12-11 08:38 <DIR> d-------- c:\program files\Trymedia
2008-12-11 08:38 . 2008-12-11 12:33 10 --a------ c:\windows\popcinfo.dat
2008-12-11 08:35 . 2008-12-11 08:37 <DIR> d-------- c:\program files\Your Uninstaller 2008
2008-12-11 08:35 . 2008-12-11 08:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\URSoft
2008-12-11 08:35 . 2009-01-02 17:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 08:29 . 2008-12-11 08:29 <DIR> d-------- c:\program files\ReflexiveArcade
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\program files\Zylom Games
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Zylom
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\windows\Don't Get Angry 2
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\program files\Don't Get Angry 2
2008-12-11 03:00 . 2008-12-11 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-10 15:37 . 2008-12-10 15:37 7,680 --a------ C:\AssistentGraph.grf
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\windows\Profiles
2008-12-10 15:36 . 2008-12-14 12:59 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\InterTrust
2008-12-10 15:35 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-10 15:32 . 1995-05-05 11:50 14,025 --------- c:\windows\TWAINCAP.INI
2008-12-10 15:32 . 1997-06-11 09:02 5,526 --------- c:\windows\TWAINCAP.SRC
2008-12-10 15:31 . 2008-12-10 15:31 <DIR> d-------- c:\program files\Pinnacle
2008-12-10 10:05 . 2008-12-10 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-09 13:41 . 2003-09-11 09:43 504,832 --a------ c:\windows\system32\drivers\3xHybrid.sys
2008-12-07 11:10 . 2008-12-18 11:08 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Canon
2008-12-07 10:09 . 2008-12-07 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-07 10:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-07 10:07 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-07 10:06 . 2008-12-07 10:06 <DIR> d-------- c:\program files\ScanSoft
2008-12-07 10:06 . 2008-12-07 10:06 <DIR> d-------- c:\program files\Common Files\ScanSoft Shared

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 11:53 16,608 ----a-w c:\windows\gdrv.sys
2009-01-04 11:16 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uTorrent
2009-01-03 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\skypePM
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Skype
2008-12-23 12:28 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-10 14:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-03 15:30 --------- d-----w c:\program files\ESTsoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESTSoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft
2008-12-03 11:27 --------- d-----w c:\program files\vanBasco's Karaoke Player
2008-12-02 16:14 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\CoSoSys
2008-12-02 13:28 --------- d-----w c:\program files\FormatFactory
2008-12-02 10:04 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Winamp
2008-12-02 09:44 --------- d-----w c:\program files\Skype
2008-12-02 09:44 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-02 09:13 --------- d-----w c:\program files\Winamp
2008-12-02 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-02 06:45 --------- d-----w c:\program files\Webshots
2008-12-02 06:45 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Webshots
2008-12-02 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\Google
2008-12-02 06:39 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\GRETECH
2008-12-02 05:44 --------- d-----w c:\program files\Uniblue
2008-12-02 05:44 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uniblue
2008-12-02 05:42 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 05:27 --------- d-----w c:\program files\uTorrent
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft.NET
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft Works
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-27 10:19 --------- d-----w c:\program files\Common Files\L&H
2008-11-27 10:11 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESET
2008-11-27 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-27 10:02 --------- d-----w c:\program files\Ahead
2008-11-27 10:01 --------- d-----w c:\program files\Common Files\Nero
2008-11-27 10:00 --------- d-----w c:\program files\Common Files\Ahead
2008-11-27 10:00 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-25 15:16 --------- d-----w c:\program files\Common Files\Logitech
2008-11-25 15:12 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:09 --------- d-----w c:\program files\XpertVision
2008-11-25 15:01 --------- d-----w c:\program files\Realtek
2008-11-25 15:01 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\InstallShield
2008-11-25 15:00 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 14:57 --------- d-----w c:\program files\Intel
2008-11-25 14:57 --------- d-----w c:\program files\GIGABYTE
2008-11-25 14:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 68856]
"UpdateStar"="c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe" [2008-12-16 4362480]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Julija Tanaskovic\Start Menu\Programs\Startup\
Adrenaliner.lnk - c:\program files\Adrenaliner\adrenaliner.exe [2004-04-06 373760]
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-01-02 357712]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-24 1183744]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-12-10 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-09 504832]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-11-25 47624]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-12-10 6400]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2008-12-31 5969]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-448539723-839522115-1003.job
- c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 06:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{0192A3F4-6461-47C1-A7EC-F4046B0EA99A} - (no file)
BHO-{023EF54A-7EC6-4739-96A1-A314BD456488} - (no file)
BHO-{121635A0-8D8C-4F1F-B2E4-4BFE2D03E87D} - (no file)
BHO-{1E5A4241-37B3-4898-92BE-A9A4008AAB69} - (no file)
BHO-{2438B9F4-8BB2-4A39-BEEC-FC0DC189B389} - (no file)
BHO-{27EBA5C9-5B81-45A4-B2BF-48E79313131D} - (no file)
BHO-{36071469-5CC6-4548-9F90-AAE1E6FC2282} - (no file)
BHO-{3E1AEF96-1D81-4556-80C4-71972DFFB649} - (no file)
BHO-{488A6382-46EC-4937-B57F-9F67BEA33462} - (no file)
BHO-{53F9310A-A5EF-4C31-81F7-EFEBFEC08FDA} - (no file)
BHO-{5E4C4705-068E-47F8-92E9-E10B859B5603} - (no file)
BHO-{7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
BHO-{853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
BHO-{8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
BHO-{9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
BHO-{9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
BHO-{A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
BHO-{A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
BHO-{A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
BHO-{A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
BHO-{A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - c:\windows\system32\urqRKcby.dll
BHO-{B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
BHO-{B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
BHO-{C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
BHO-{D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
BHO-{D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
BHO-{EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
BHO-{F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
BHO-{FDF22357-56C0-47DF-A8F2-DF8533B2B005} - c:\windows\system32\ddcBSKAq.dll
HKCU-Run-GetChristmas - c:\documents and settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe
HKLM-Run-MyWebSearch Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL
HKLM-Run-183880e0 - c:\windows\system32\sythwctx.dll
Notify-iifcBtUm - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth
IE: Send via &Message...
FF - ProfilePath - c:\documents and settings\Julija Tanaskovic\Application Data\Mozilla\Firefox\Profiles\44o6kv2o.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - http:/www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 12:53:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 12:53:34
ComboFix-quarantined-files.txt 2009-01-04 11:53:28

Pre-Run: 111,456,448,512 bytes free
Post-Run: 111,442,501,632 bytes free

475 --- E O F --- 2008-12-12 07:48:30

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Zamolio bih te da ponovo iskopiraš kompletan log C:\ComboFix.txt.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-01-02.01 - Julija Tanaskovic 2009-01-04 16:21:00.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1424 [GMT 1:00]
Running from: c:\documents and settings\Julija Tanaskovic\Desktop\Ambulanta-problemi sa virusima\ComboFix.exe
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: ESET Personal firewall *enabled*
.

((((((((((((((((((((((((( Files Created from 2008-12-04 to 2009-01-04 )))))))))))))))))))))))))))))))
.

2009-01-04 15:28 . 2009-01-04 15:28 <DIR> d-------- c:\program files\VisualTaskTips
2009-01-03 13:20 . 2009-01-03 13:20 <DIR> d-------- c:\program files\LiveUpdate
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a------ c:\windows\system32\drivers\usbser.sys
2009-01-03 13:19 . 2004-08-03 23:08 25,600 --a--c--- c:\windows\system32\dllcache\usbser.sys
2009-01-03 13:19 . 2003-12-26 04:22 24,192 --a------ c:\windows\system32\drivers\OLD128B.tmp
2009-01-03 13:18 . 2009-01-03 13:19 <DIR> d-------- c:\program files\mobile PhoneTools
2009-01-03 13:18 . 2009-01-03 13:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\BVRP Software
2009-01-02 16:47 . 2009-01-04 16:06 7 --a------ c:\windows\sbacknt.bin
2009-01-02 16:45 . 2009-01-03 07:32 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\vghd
2009-01-02 16:45 . 2009-01-03 14:38 152,904 --a------ c:\windows\system32\vghd.scr
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\program files\DVD Shrink
2009-01-01 15:24 . 2009-01-01 15:24 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2008-12-31 10:26 . 2008-12-31 10:27 <DIR> d-------- c:\program files\Anti Trojan Elite
2008-12-31 06:20 . 2008-12-31 06:20 8 --a------ c:\windows\system32\nvModes.dat
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\iolo
2008-12-30 09:13 . 2008-12-30 09:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\iolo
2008-12-30 08:04 . 2008-12-30 08:04 <DIR> d-------- c:\program files\CoffeeCup Software
2008-12-30 08:04 . 2006-01-27 01:56 938,272 --a------ c:\windows\system32\wodFtpDLX.OCX
2008-12-30 08:04 . 2008-12-30 08:04 13 ---h----- c:\documents and settings\All Users\Application Data\1ÌØ13.sys
2008-12-29 17:03 . 2008-12-29 17:04 <DIR> d-------- c:\program files\Adrenaliner
2008-12-28 13:35 . 2008-12-30 13:35 <DIR> d-------- c:\temp\VIDEO_TS
2008-12-28 13:35 . 2008-12-28 13:35 <DIR> d-------- C:\Temp
2008-12-28 13:24 . 2008-12-28 13:24 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\dvdcss
2008-12-28 13:20 . 2008-12-28 13:20 <DIR> d-------- c:\program files\QuickTime
2008-12-28 13:20 . 2005-11-21 06:48 45,056 --a------ c:\windows\system32\WNASPI32.DLL
2008-12-28 13:20 . 2005-11-21 06:48 16,512 --a------ c:\windows\system32\drivers\ASPI32.SYS
2008-12-27 13:11 . 2008-12-27 13:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Kaspersky_Key_Finder_(KKF
2008-12-27 12:35 . 2008-12-27 12:35 <DIR> d---s---- c:\documents and settings\Julija Tanaskovic\UserData
2008-12-26 11:14 . 2008-12-26 11:14 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\NeroDCTemplates
2008-12-26 10:26 . 2008-12-26 10:26 <DIR> d-------- c:\documents and settings\All Users\Application Data\LightScribe
2008-12-24 11:58 . 2008-12-24 12:07 <DIR> d-------- c:\documents and settings\All Users\Application Data\Bluetooth
2008-12-24 11:45 . 2004-09-21 18:18 148,830 --a------ c:\windows\system32\drivers\bcbthub.sys
2008-12-24 11:45 . 2004-09-21 18:18 116,021 --a------ c:\windows\system32\drivers\fw203x.sys
2008-12-24 11:45 . 2005-03-25 17:18 82,148 --a------ c:\windows\system32\drivers\VcommMgr.sys
2008-12-24 11:45 . 2004-10-19 13:37 61,312 --a------ c:\windows\system32\drivers\VComm.sys
2008-12-24 11:45 . 2005-04-08 17:19 49,152 --a------ c:\windows\system32\btfunc.dll
2008-12-24 11:45 . 2005-05-31 09:42 23,000 --a------ c:\windows\system32\drivers\btcusb.sys
2008-12-24 11:45 . 2005-05-31 15:40 20,480 --a------ c:\windows\system32\drivers\blueletaudio.sys
2008-12-24 11:45 . 2004-12-16 16:32 13,304 --a------ c:\windows\system32\drivers\BTNetFilter.sys
2008-12-24 11:45 . 2005-04-30 14:50 11,736 --a------ c:\windows\system32\drivers\VHIDMini.sys
2008-12-24 11:45 . 2005-04-30 14:48 10,804 --a------ c:\windows\system32\drivers\BtNetDrv.sys
2008-12-24 11:45 . 2004-09-21 18:18 7,680 --a------ c:\windows\system32\btinstall.dll
2008-12-23 09:49 . 2008-12-24 11:43 32 --a------ c:\windows\0
2008-12-23 09:49 . 2008-12-23 09:49 0 --a------ c:\windows\system32\0
2008-12-23 08:30 . 2008-12-23 08:30 <DIR> d-------- c:\program files\IVT Corporation
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Rapid Tools
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Ashampoo
2008-12-22 16:57 . 2008-12-22 16:57 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Ashampoo
2008-12-22 13:33 . 2008-12-22 13:33 <DIR> d-------- c:\program files\GameTop.com
2008-12-21 17:32 . 2008-12-21 17:32 <DIR> d-------- c:\program files\Formosoft
2008-12-21 17:32 . 2002-11-25 15:57 811,008 --a------ c:\windows\AquaReal.scr
2008-12-21 17:32 . 2002-11-15 17:56 131,072 --a------ c:\windows\SNVerifyDLL.dll
2008-12-21 13:00 . 2008-12-22 16:57 <DIR> d-------- c:\program files\Crime Puzzle
2008-12-21 12:44 . 2008-12-22 16:57 <DIR> d-------- c:\program files\5 Spots II
2008-12-21 10:50 . 2008-12-21 10:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\ashampoo
2008-12-20 12:31 . 2008-12-20 12:31 <DIR> d-------- c:\program files\Aimersoft
2008-12-19 09:08 . 2008-12-19 09:08 <DIR> d-------- c:\program files\WinUAE
2008-12-17 07:00 . 2008-12-17 07:00 <DIR> d-------- C:\GoogleDeluxe2.9
2008-12-16 17:13 . 2008-12-16 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-16 06:40 . 2008-12-27 15:42 <DIR> d-------- c:\program files\SpywareBlaster
2008-12-15 14:17 . 2008-12-15 14:17 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Sahmon Games
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\FreeGamePick.com
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskSearch
2008-12-15 14:14 . 2008-12-15 14:14 <DIR> d-------- c:\program files\AskBarDis
2008-12-15 08:52 . 2008-12-28 07:45 189 --a------ c:\windows\wininit.ini
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-15 08:30 . 2008-12-15 08:30 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-15 08:27 . 2008-12-29 06:26 <DIR> d-------- c:\program files\Spybot - Search & Destroy
2008-12-15 08:27 . 2009-01-01 11:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-14 10:13 . 2009-01-03 14:38 <DIR> d-------- c:\program files\vghd
2008-12-14 09:58 . 2008-12-14 10:34 <DIR> d-------- c:\program files\MorEmoticons
2008-12-14 09:57 . 2008-12-14 10:01 <DIR> d-------- C:\HiddenEmoticons.exe
2008-12-14 09:51 . 2008-12-27 13:50 <DIR> d-------- c:\program files\PFConfig
2008-12-14 09:41 . 2008-12-14 09:41 <DIR> d-------- c:\program files\GymGoal Lite
2008-12-13 12:40 . 2008-12-30 23:05 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\LimeWire
2008-12-13 09:12 . 2009-01-03 14:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\WeatherWatcher
2008-12-13 09:11 . 2008-12-13 09:12 <DIR> d-------- c:\program files\Weather Watcher
2008-12-13 09:11 . 2004-05-27 01:32 102,400 --a------ c:\windows\system32\unzip32.dll
2008-12-13 09:10 . 2008-12-13 09:10 <DIR> d-------- c:\program files\Secunia
2008-12-13 09:09 . 2008-12-15 08:23 <DIR> d-------- c:\program files\KlipFolio
2008-12-13 09:09 . 2008-12-29 06:06 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\KlipFolio
2008-12-12 15:47 . 2008-12-12 15:47 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Eyeblaster
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\GameHouse
2008-12-12 15:41 . 2008-12-12 15:41 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-12 15:40 . 2008-12-12 15:40 <DIR> d-------- c:\program files\GameHouse
2008-12-12 10:14 . 2008-12-12 10:14 <DIR> d-------- c:\program files\Yahoo!
2008-12-12 10:13 . 2009-01-01 11:12 <DIR> d-------- c:\program files\CCleaner
2008-12-12 10:10 . 2008-12-17 10:51 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar
2008-12-12 09:44 . 2008-12-12 09:44 <DIR> d-------- c:\windows\Sun
2008-12-11 10:12 . 2008-12-11 10:12 <DIR> d-------- c:\program files\ESET
2008-12-11 09:42 . 2008-12-11 09:42 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\DivX
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\program files\Lavasoft
2008-12-11 09:17 . 2008-12-11 09:17 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2008-12-11 09:16 . 2008-12-11 09:16 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-11 09:13 . 2008-12-19 10:50 <DIR> d-------- c:\program files\DivX
2008-12-11 09:13 . 2008-12-11 09:29 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Dr. DivX 2.0 OSS
2008-12-11 08:38 . 2008-12-11 08:38 <DIR> d-------- c:\program files\Trymedia
2008-12-11 08:38 . 2008-12-11 12:33 10 --a------ c:\windows\popcinfo.dat
2008-12-11 08:35 . 2008-12-11 08:37 <DIR> d-------- c:\program files\Your Uninstaller 2008
2008-12-11 08:35 . 2008-12-11 08:35 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\URSoft
2008-12-11 08:35 . 2009-01-02 17:10 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-12-11 08:29 . 2008-12-11 08:29 <DIR> d-------- c:\program files\ReflexiveArcade
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\program files\Zylom Games
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Zylom
2008-12-11 08:11 . 2008-12-11 08:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\windows\Don't Get Angry 2
2008-12-11 08:09 . 2008-12-11 08:09 <DIR> d-------- c:\program files\Don't Get Angry 2
2008-12-11 03:00 . 2008-12-11 03:00 <DIR> d-------- c:\program files\MSXML 4.0
2008-12-10 15:37 . 2008-12-10 15:37 7,680 --a------ C:\AssistentGraph.grf
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\windows\Profiles
2008-12-10 15:36 . 2008-12-14 12:59 <DIR> d-------- c:\program files\Common Files\Adobe
2008-12-10 15:36 . 2008-12-10 15:36 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\InterTrust
2008-12-10 15:35 . 1998-10-29 15:45 306,688 --a------ c:\windows\IsUninst.exe
2008-12-10 15:32 . 1995-05-05 11:50 14,025 --------- c:\windows\TWAINCAP.INI
2008-12-10 15:32 . 1997-06-11 09:02 5,526 --------- c:\windows\TWAINCAP.SRC
2008-12-10 15:31 . 2008-12-10 15:31 <DIR> d-------- c:\program files\Pinnacle
2008-12-10 10:05 . 2008-12-10 10:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Pinnacle
2008-12-09 13:41 . 2003-09-11 09:43 504,832 --a------ c:\windows\system32\drivers\3xHybrid.sys
2008-12-07 11:10 . 2008-12-18 11:08 <DIR> d-------- c:\documents and settings\Julija Tanaskovic\Application Data\Canon
2008-12-07 10:09 . 2008-12-07 10:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\CanonIJPLM
2008-12-07 10:07 . 2004-08-03 22:58 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2008-12-07 10:07 . 2004-08-03 22:58 15,104 --a--c--- c:\windows\system32\dllcache\usbscan.sys
2008-12-07 10:06 . 2008-12-07 10:06 <DIR> d-------- c:\program files\ScanSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-04 15:22 16,608 ----a-w c:\windows\gdrv.sys
2009-01-04 15:04 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uTorrent
2009-01-03 12:20 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\skypePM
2009-01-01 18:25 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Skype
2008-12-23 12:28 --------- d-----w c:\program files\Common Files\LightScribe
2008-12-10 14:31 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-03 15:30 --------- d-----w c:\program files\ESTsoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESTSoft
2008-12-03 15:30 --------- d-----w c:\documents and settings\All Users\Application Data\ESTsoft
2008-12-03 11:27 --------- d-----w c:\program files\vanBasco's Karaoke Player
2008-12-02 16:14 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\CoSoSys
2008-12-02 13:28 --------- d-----w c:\program files\FormatFactory
2008-12-02 10:04 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Winamp
2008-12-02 09:44 --------- d-----w c:\program files\Skype
2008-12-02 09:44 --------- d-----w c:\program files\Common Files\Skype
2008-12-02 09:44 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2008-12-02 09:13 --------- d-----w c:\program files\Winamp
2008-12-02 07:11 --------- d-----w c:\documents and settings\All Users\Application Data\nView_Profiles
2008-12-02 06:45 --------- d-----w c:\program files\Webshots
2008-12-02 06:45 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\Webshots
2008-12-02 06:40 --------- d-----w c:\documents and settings\All Users\Application Data\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\GRETECH
2008-12-02 06:39 --------- d-----w c:\program files\Google
2008-12-02 06:39 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\GRETECH
2008-12-02 05:44 --------- d-----w c:\program files\Uniblue
2008-12-02 05:44 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\uniblue
2008-12-02 05:42 --------- d-----w c:\program files\Reference Assemblies
2008-12-02 05:27 --------- d-----w c:\program files\uTorrent
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft.NET
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft Works
2008-11-27 10:19 --------- d-----w c:\program files\Microsoft ActiveSync
2008-11-27 10:19 --------- d-----w c:\program files\Common Files\L&H
2008-11-27 10:11 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\ESET
2008-11-27 10:09 --------- d-----w c:\documents and settings\All Users\Application Data\ESET
2008-11-27 10:02 --------- d-----w c:\program files\Ahead
2008-11-27 10:01 --------- d-----w c:\program files\Common Files\Nero
2008-11-27 10:00 --------- d-----w c:\program files\Common Files\Ahead
2008-11-27 10:00 --------- d-----w c:\documents and settings\All Users\Application Data\Ahead
2008-11-25 15:16 --------- d-----w c:\program files\Common Files\Logitech
2008-11-25 15:12 --------- d-----w c:\program files\CONEXANT
2008-11-25 15:09 --------- d-----w c:\program files\XpertVision
2008-11-25 15:01 --------- d-----w c:\program files\Realtek
2008-11-25 15:01 --------- d-----w c:\documents and settings\Julija Tanaskovic\Application Data\InstallShield
2008-11-25 15:00 315,392 ----a-w c:\windows\HideWin.exe
2008-11-25 14:57 --------- d-----w c:\program files\Intel
2008-11-25 14:57 --------- d-----w c:\program files\GIGABYTE
2008-11-25 14:48 --------- d-----w c:\program files\microsoft frontpage
2008-11-21 21:47 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-11-21 21:47 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-11-21 21:46 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-11-21 21:46 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-11-21 21:44 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-16 13:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 13:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 13:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 13:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 13:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 13:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 13:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 13:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 10:37 659,456 ----a-w c:\windows\system32\wininet.dll
.

((((((((((((((((((((((((((((( snapshot@2009-01-04_12.53.11.98 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-04 15:06:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_67c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 20:25 333192 --a------ c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2008-07-03 2161160]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-18 68856]
"UpdateStar"="c:\documents and settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe" [2008-12-16 4362480]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2007-11-12 64000]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-04 1667584]
"GetChristmas"="c:\documents and settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe" [BU]
"VisualTaskTips"="c:\program files\VisualTaskTips\VisualTaskTips.exe" [2006-03-14 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.exe" [2007-12-14 236040]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-12-09 225280]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-12-04 185872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-01 1443072]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"MyWebSearch Plugin"="c:\progra~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL" [BU]
"183880e0"="c:\windows\system32\sythwctx.dll" [BU]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 c:\windows\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 c:\windows\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

c:\documents and settings\Julija Tanaskovic\Start Menu\Programs\Startup\
Adrenaliner.lnk - c:\program files\Adrenaliner\adrenaliner.exe [2004-04-06 373760]
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-01-02 357712]
Webshots.lnk - c:\program files\Webshots\Launcher.exe [2008-12-02 45056]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2008-12-24 1183744]
Pinnacle Scheduler.lnk - c:\program files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe [2008-12-10 241664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcBtUm]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.divxa32"= msaud32_divx.acm
"VIDC.PIM1"= PCLEPIM1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0lsdelete

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2008-07-31 20616]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xHybrid.sys [2008-12-09 504832]
R3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\GSvr.exe [2008-11-25 47624]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2008-12-10 6400]
R4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [2008-12-15 464264]
R4 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2007-12-21 468224]
S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMON.sys [2008-12-31 5969]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2008-07-02 26248]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-10-27 7808]
S4 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2008-12-15 234888]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-01-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-583907252-448539723-839522115-1003.job
- c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 06:48]
.
- - - - ORPHANS REMOVED - - - -

BHO-{7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
BHO-{853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
BHO-{8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
BHO-{9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
BHO-{9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
BHO-{A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
BHO-{A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
BHO-{A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
BHO-{A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
BHO-{A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - (no file)
BHO-{B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
BHO-{B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
BHO-{C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
BHO-{D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
BHO-{D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
BHO-{EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
BHO-{F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
BHO-{FDF22357-56C0-47DF-A8F2-DF8533B2B005} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send by Bluetooth
IE: Send via &Message...
FF - ProfilePath - c:\documents and settings\Julija Tanaskovic\Application Data\Mozilla\Firefox\Profiles\44o6kv2o.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - http:/www.google.com
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\documents and settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\documents and settings\Julija Tanaskovic\Local Settings\Application Data\Google\Update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-04 16:22:06
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-01-04 16:22:37
ComboFix-quarantined-files.txt 2009-01-04 15:22:33
ComboFix2.txt 2009-01-04 11:53:34

Pre-Run: 111,156,207,616 bytes free
Post-Run: 111,501,070,336 bytes free

342 --- E O F --- 2008-12-12 07:48:30

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Idemo ispočetka, samo ovaj put tačno onako kako piše, ok?


Potrebno je deaktivirati TeaTimer kako ne bi ometao proces čišćenja (kao što je uradio):


Pokrenite Spybot S&D
Kliknite Mode stavku u meniju
Odaberite Advance Mode
Na traci levo kliknite na Tools
Kliknite na Resident
Destiklirajte Resident Tea-Timer
Zatvorite Spybot S&D
Restartujte kompjuter.
- Zatim skinuti program sa ovog linka na Desktop.
- Pokrenuti ga dvoklikom i ispratiti uputstva.

Nemojte zaboraviti da ponovo ukljucite ove opcije kada zavrsimo ciscenje.


Svaki deo ovog gore uputstva mora biti ispraćen.

Na kraju svega, kada ponovo budeš aktivirao/la TeaTimer, ukoliko ti prijavi bilo kakve promene u registru, potrebno ih je dozvoliti.


Treba mi i svež HijackThis logfile.


Pitanje: znaš li šta ti je u ovom folderu: C:\GoogleDeluxe2.9



Upload-uj file: c:\program files\Adrenaliner\adrenaliner.exe

Upload link: http://www.mycity.rs/ambulanta-upload.php

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

To je instalacija "google deluxe2.9" neznam otkud ga je tamo smestio ane u C:\Program FilesLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:19:24 AM, on 1/5/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe
C:\Program Files\MorEmoticons\MorEmoticons.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Julija Tanaskovic\Desktop\Ambulanta-problemi sa virusima\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
O2 - BHO: (no name) - {7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - (no file)
O2 - BHO: (no name) - {853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
O2 - BHO: (no name) - {8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
O2 - BHO: (no name) - {9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
O2 - BHO: (no name) - {9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
O2 - BHO: (no name) - {A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
O2 - BHO: (no name) - {A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
O2 - BHO: (no name) - {A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
O2 - BHO: (no name) - {A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
O2 - BHO: (no name) - {A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
O2 - BHO: (no name) - {B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
O2 - BHO: (no name) - {C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
O2 - BHO: (no name) - {D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
O2 - BHO: (no name) - {D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
O2 - BHO: (no name) - {F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
O2 - BHO: (no name) - {FDF22357-56C0-47DF-A8F2-DF8533B2B005} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [183880e0] rundll32.exe "C:\WINDOWS\system32\sythwctx.dll",b
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe -A
O4 - HKCU\..\Run: [MorEmoticons] C:\Program Files\MorEmoticons\MorEmoticons.exe /Minimize
O4 - HKCU\..\Run: [GetChristmas] C:\Documents and Settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adrenaliner.lnk = C:\Program Files\Adrenaliner\adrenaliner.exe
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: iifcBtUm - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 11470 bytes
Uploadovan je fajl adrenaliner.exe

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni HijackThis, skeniraj i čekiraj sledeće linije:

O2 - BHO: (no name) - {7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
O2 - BHO: (no name) - {7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - (no file)
O2 - BHO: (no name) - {853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
O2 - BHO: (no name) - {8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
O2 - BHO: (no name) - {9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
O2 - BHO: (no name) - {9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
O2 - BHO: (no name) - {A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
O2 - BHO: (no name) - {A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
O2 - BHO: (no name) - {A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
O2 - BHO: (no name) - {A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
O2 - BHO: (no name) - {A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - (no file)
O2 - BHO: (no name) - {B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
O2 - BHO: (no name) - {B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
O2 - BHO: (no name) - {C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
O2 - BHO: (no name) - {D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
O2 - BHO: (no name) - {D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
O2 - BHO: (no name) - {EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
O2 - BHO: (no name) - {F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
O2 - BHO: (no name) - {FDF22357-56C0-47DF-A8F2-DF8533B2B005} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [183880e0] rundll32.exe "C:\WINDOWS\system32\sythwctx.dll",b
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCfox000
O20 - Winlogon Notify: iifcBtUm - C:\WINDOWS\


a zatim klikni Fix checked.


Restartuj kompjuter i postavi svež HijackThis logfile.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:59 AM, on 1/6/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\GIGABYTE\GEST\gest.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe
C:\Program Files\MorEmoticons\MorEmoticons.exe
C:\Program Files\VisualTaskTips\VisualTaskTips.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Scheduler\PCLEScheduler.exe
C:\Program Files\vghd\vghd.exe
C:\PROGRA~1\Webshots\Webshots.scr
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\GIGABYTE\GEST\GSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Julija Tanaskovic\Desktop\Ambulanta-problemi sa virusima\TR3.exe..exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.gametop.com/?utm_source=SharkAttack&utm_medium=start
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7684000B-4A9D-44E6-BE33-43E1F0C3EC5F} - (no file)
O2 - BHO: (no name) - {7DB094B1-C3AA-487C-B75E-CB9654E1A6B4} - (no file)
O2 - BHO: (no name) - {853502CA-462E-4AC2-8CCB-4584B03A27A8} - (no file)
O2 - BHO: (no name) - {8DE9C022-1D38-47A2-8F15-546537950773} - (no file)
O2 - BHO: (no name) - {9AE7E61F-C6BE-4ABC-8D20-958E6454659E} - (no file)
O2 - BHO: (no name) - {9EB4DA67-A9BA-499F-89CC-4C85627AB9A4} - (no file)
O2 - BHO: (no name) - {A4749812-63A2-40A1-807A-0C7BE334FA1E} - (no file)
O2 - BHO: (no name) - {A589B2F2-32EE-4A58-9EBB-290EDD384E34} - (no file)
O2 - BHO: (no name) - {A80C42BF-0344-4D88-AFD3-28D5B2DC0EE4} - (no file)
O2 - BHO: (no name) - {A89810FE-D170-4F34-BAF9-CF5257C84C33} - (no file)
O2 - BHO: (no name) - {A8F68CF0-43FA-4240-BB1B-603CFD8F2DB6} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {B4FB5462-7263-482D-8694-027F86499A5A} - (no file)
O2 - BHO: (no name) - {B5488A49-F9A0-4304-B520-CEE1E152A39E} - (no file)
O2 - BHO: (no name) - {C7BA4D2B-2FE0-4BF2-A399-2925A1C9221F} - (no file)
O2 - BHO: (no name) - {D0616516-3887-4760-A04E-4F8734B90D76} - (no file)
O2 - BHO: (no name) - {D506D92B-3DFE-4BC3-BFB8-287F89C65F00} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {EE44A9AC-2AA7-443C-9870-936E47C854BA} - (no file)
O2 - BHO: (no name) - {F690E5F2-F5D8-48A1-AE4F-3523537BCD0E} - (no file)
O2 - BHO: (no name) - {FDF22357-56C0-47DF-A8F2-DF8533B2B005} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {C17590D2-ECB4-4b15-8820-F58798DCC118} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [GEST] C:\Program Files\GIGABYTE\GEST\RUN.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe"
O4 - HKLM\..\Run: [PCTVRemote] C:\Program Files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [183880e0] rundll32.exe "C:\WINDOWS\system32\sythwctx.dll",b
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TBPanel] C:\Program Files\XpertVision\TBPanel.exe /A
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [UpdateStar] C:\Documents and Settings\Julija Tanaskovic\Application Data\UpdateStar\UpdateStar.exe -A
O4 - HKCU\..\Run: [MorEmoticons] C:\Program Files\MorEmoticons\MorEmoticons.exe /Minimize
O4 - HKCU\..\Run: [GetChristmas] C:\Documents and Settings\Julija Tanaskovic\Desktop\New Folder\GetChristmas.exe
O4 - HKCU\..\Run: [VisualTaskTips] C:\Program Files\VisualTaskTips\VisualTaskTips.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adrenaliner.lnk.disabled
O4 - Startup: DesktopVideoPlayer.LNK = C:\Program Files\vghd\vghd.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: BlueSoleil.lnk.disabled
O4 - Global Startup: Pinnacle Scheduler.lnk = ?
O8 - Extra context menu item: &Webshots Photo Search - res://C:\Program Files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O20 - Winlogon Notify: iifcBtUm - C:\WINDOWS\
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\GEST\GSvr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 11251 bytes

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Sve linije su i dalje tu.

Hajde još jednom da probaš. Znači, čekiraj kućice ispred linija koje sam izdvojio u prethodnoj poruci i zatim klikni Fix checked (nakon toga zatvori program, opet ga pokreni i napravi svež log).