Dosada ziva na Desktop-u

Ako mogu samo jos ovo da dodam mozda ce za tebe da ima neko znacenje u smislu
da provalis odmah u cemu je problem kod mene.....

u zadnje vrijeme nije mi se pojavljivala nikako ona ikonica u desnom donjem uglu
od antivire i ako je ona u pozadini bila aktivna (enable)

to me je malo i nerviralo pa sam odlucijo da taj antivir uninstaliram i da ga ponovo
nakon restart racunara instaliram iz pocetka medjutim NEMA SANSE da ga ponovo
instaliram stalno mi pojavljuje gresku:

Run time error

Program:C...

This application has reqested the runtime to terminate it in an unusual way

Sta je razlog pa nemogu da instaliram iz pocetka taj antivir program?

Tako da sam odlucijo da instaliram AVG antivirusni program za pocetak dok
ne pronadjem neko resenje za ponovno instaliranje antivir-a

pa cu u ovoj sledecoj uputi koju si mi objasnijo samo iskljuciti disable avg umesto onog antivir
i onda cu kopirati izvestaj

ComboFix 09-04-04.01 - Privat 2009-04-09 22:11:02.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1108 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\Security-CleanUp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AutoRun.inf
c:\windows\system32\x64

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-09 til 2009-04-09 )))))))))))))))))))))))))))))))))))
.

2009-04-09 22:05 . 2009-04-09 22:05 <DIR> d-------- C:\ComboFix-4
2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-09 21:49 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-30 15:35 . 2000-09-04 14:24 8,055 --a------ c:\windows\Serbian2.gpl
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager
2009-03-11 12:05 . 2008-12-16 05:29 8,147,456 --a------ c:\windows\System32\wmploc.DLL
2009-03-11 12:05 . 2009-02-09 05:10 2,033,152 --a------ c:\windows\System32\win32k.sys
2009-03-11 12:05 . 2008-11-27 06:43 268,288 --a------ c:\windows\System32\schannel.dll
2009-03-11 12:05 . 2008-12-16 07:31 7,680 --a------ c:\windows\System32\spwmp.dll
2009-03-11 12:05 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\msdxm.ocx
2009-03-11 12:05 . 2008-12-16 07:31 4,096 --a------ c:\windows\System32\dxmasf.dll
2009-03-09 10:06 . 2009-03-10 22:55 <DIR> d-------- c:\program files\Paint.NET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-14 22:46 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

--- Andre Services/Drivers i Hukommelsen ---

*NewlyCreated* - AVGLDX86
*NewlyCreated* - AVGMFX86
*NewlyCreated* - AVGTDIX

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-09 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-09 22:13:08
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-09 22:15:13
ComboFix-quarantined-files.txt 2009-04-09 20:15:10

Pre-Kørsel: 138.781.073.408 byte ledig
Post-Kørsel: 138,756,149,248 byte ledig

305 --- E O F --- 2009-03-28 10:30:22

Postoje fajlovi koji mi nisu poznati ili nisam siguran da su regularni, pa bih te zamolio da ispratis ovo upustvo:

• Poseti sajt Virus Total
• Klikni na Browse i nadji sledece fajlove (jedan po jedan obelezavaj):

c:\windows\System32\igfxpers.exe
c:\windows\System32\ieUnatt.exe
c:\windows\System32\wextract.exe

• Pritisni Send.
• Iskopiraj za svaki fajl izvestaj u sledecu poruku.

_{[Ovu poruku je menjao Nemanja Živanović dana 09.04.2009. u 23:13 GMT+1]}

1.Exception
Please report failure as: ErrorTime= "Apr 10 11:48:52"

2.Exception
Please report failure as: ErrorTime= "Apr 10 11:49:54"

3.Exception
Please report failure as: ErrorTime= "Apr 10 11:51:17"


Odradijo sam po dva puta pojedinacno isti odgovor mi se javlja na sva tri fajla

• Poseti sajt Jotti Online Malware Scan
• Klikni na Browse (na vrhu strane) i nadji sledece fajlove na svom racunaru:

c:\windows\System32\igfxpers.exe
c:\windows\System32\ieUnatt.exe
c:\windows\System32\wextract.exe

• Pritisni Submit.
• Iskopiraj za svaki fajl izvestaj u sledecu poruku.

_{[Ovu poruku je menjao Nemanja Živanović dana 10.04.2009. u 17:31 GMT+1]}

Sada me zabrinulo i to zasto nemogu NIKAKO da instaliram ponovo Antivir program
takodje sam zapazijo prilikom otvaranja internet stranica da mi je malo sporiji kompjuter.

Odgovor je na sva tri fajla ovakav:

Scanner results
Scan taken on 11 Apr 2009 17:27:30 (GMT)

A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Quick Heal Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing
------------------------------------------------

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 12:36:26.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1156 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Privat\Desktop\CFScript.txt.txt


(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 12:38:42
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 12:40:35
ComboFix-quarantined-files.txt 2009-04-12 10:40:32

Pre-Kørsel: 138,766,331,904 byte ledig
Post-Kørsel: 138,734,845,952 byte ledig

290 --- E O F --- 2009-03-28 10:30:22

Ako si stavljao neki USB flash, on je zarazen i preporucujem ti da ga formatiras. Drzi SHIFT i ubaci taj(te) USB i formatiraga iz My Computer-a.

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 13:25:35.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1103 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((( Filer skabt fra 2009-03-12 til 2009-04-12 )))))))))))))))))))))))))))))))))))
.

2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-11 21:59 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:43 174 --sha-w c:\program files\desktop.ini
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2e222b03-e326-11dd-945d-0016d386ad45}]
\shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6a3f39d5-f09b-11dd-b6d1-0016d386ad45}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8713ccbd-157a-11de-a3e0-0016d386ad45}]
\shell\AutoRun\command - F:\DPFMate.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8eba549e-e29f-11dd-9c6b-0016d386ad45}]
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL f:\resycled\boot.com f:
\shell\Open\command - "resycled\boot.co

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 13:27:44
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 13:29:41
ComboFix-quarantined-files.txt 2009-04-12 11:29:38

Pre-Kørsel: 138,770,886,656 byte ledig
Post-Kørsel: 138,737,979,392 byte ledig

288 --- E O F --- 2009-03-28 10:30:22

Nisi nesto dobro uradio. Ajde probaj ponovo:

Iskljuci svu zastitu opet. Ako imas AVG prati sledece upustvo:

Otvori AVG 8 Control Center, desnim klikom na AVG 8 ikonicu na taskbar-a.

• Klikni na Tools.
• Odaberi Advanced.
• U levom delu prozora otvori "Resident Shield".
• U otvorenom prozoru deselektuj "Enable Resident Shield."

******************************

Otvori Notepad i iskopiraj sledeci tekst:



Snimiti taj fajl na Desktop pod imenom CFScript



Prevuci snimljeni tekst na ComboFix ikonicu kao na slici. Postavi u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

ComboFix 09-04-04.01 - Privat 2009-04-12 13:57:28.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1030.18.2038.1031 [GMT 2:00]
Kører fra: c:\users\Privat\Desktop\ComboFix.exe
Kommandoer benyttet :: c:\users\Privat\Desktop\CFScript.txt

FILE ::
c:\program files\desktop.ini
.

((((((((((((((((((((((((((((((((((((((( Andet, der er slettet )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\desktop.ini

.
((((((((((((((((((((((((((((( Filer skabt fra 2009-03-12 til 2009-04-12 )))))))))))))))))))))))))))))))))))
.

2009-04-12 13:49 . 2009-04-12 13:49 <DIR> d-------- c:\program files\Panda Security
2009-04-12 13:49 . 2008-06-19 16:24 28,544 --a------ c:\windows\System32\drivers\pavboot.sys
2009-04-12 13:44 . 2009-04-12 13:44 <DIR> d--h----- C:\$AVG8.VAULT$
2009-04-09 21:48 . 2009-04-09 21:48 108,552 --a------ c:\windows\System32\drivers\avgtdix.sys
2009-04-09 21:48 . 2009-04-09 21:48 10,520 --a------ c:\windows\System32\avgrsstx.dll
2009-04-09 21:47 . 2009-04-11 21:59 <DIR> d-------- c:\windows\System32\drivers\Avg
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\users\All Users\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\programdata\avg8
2009-04-09 21:47 . 2009-04-09 21:47 <DIR> d-------- c:\program files\AVG
2009-04-09 21:47 . 2009-04-09 21:47 325,640 --a------ c:\windows\System32\drivers\avgldx86.sys
2009-04-08 18:56 . 2009-04-08 18:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-04-08 18:56 . 2009-04-06 15:32 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2009-04-08 18:56 . 2009-04-06 15:32 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2009-04-03 20:06 . 2009-04-03 20:06 <DIR> d-------- c:\users\Privat\AppData\Roaming\HP
2009-04-03 20:01 . 2009-04-03 22:42 140,920 --------- c:\windows\hpoins14.dat.temp
2009-04-03 20:01 . 2007-09-20 17:56 2,000 --------- c:\windows\hpomdl14.dat.temp
2009-03-30 18:15 . 2009-03-30 18:15 <DIR> d-------- c:\windows\MaxSecureBackup
2009-03-30 17:53 . 2007-05-24 16:57 143,360 --a------ c:\windows\System32\GetHardDiskNo.dll
2009-03-30 17:53 . 2009-03-30 18:14 63 --a------ c:\windows\system\SYSRegC.dll
2009-03-30 17:23 . 2009-03-30 17:23 <DIR> d-------- c:\users\Privat\AppData\Roaming\SmartPCTools
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\users\All Users\TEMP
2009-03-30 17:23 . 2009-03-30 17:47 <DIR> d-a------ c:\programdata\TEMP
2009-03-30 17:19 . 2009-03-30 17:19 <DIR> d-------- c:\program files\CCleaner
2009-03-30 15:35 . 2009-03-30 15:35 738,304 --a------ c:\windows\GPInstall.exe
2009-03-21 19:20 . 2009-03-21 19:20 <DIR> d-------- c:\program files\MSXML 4.0
2009-03-21 11:00 . 2009-03-30 00:05 <DIR> d-------- c:\program files\Google
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\HP
2009-03-20 22:45 . 2009-03-20 22:45 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\users\All Users\Hewlett-Packard
2009-03-20 22:44 . 2009-03-20 22:44 <DIR> d-------- c:\programdata\Hewlett-Packard
2009-03-20 22:43 . 2007-03-17 18:11 675,840 --a------ c:\windows\System32\hpowiax3.dll
2009-03-20 22:43 . 2007-03-17 18:11 569,344 --a------ c:\windows\System32\hpotscl3.dll
2009-03-20 22:43 . 2007-03-08 06:20 364,544 --a------ c:\windows\System32\hppldcoi.dll
2009-03-20 22:43 . 2007-03-17 18:11 303,104 --a------ c:\windows\System32\hpovst10.dll
2009-03-20 22:43 . 2007-03-30 17:07 267,864 --a------ c:\windows\System32\hpzids01.dll
2009-03-20 22:43 . 2007-03-28 15:01 117,760 --a------ c:\windows\System32\hpzll5ha.dll
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\users\All Users\HP
2009-03-20 22:40 . 2009-04-04 21:44 <DIR> d-------- c:\programdata\HP
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\users\All Users\NOS
2009-03-16 15:45 . 2009-03-16 15:58 <DIR> d-------- c:\programdata\NOS
2009-03-15 15:44 . 2009-03-15 15:44 410,984 --a------ c:\windows\System32\deploytk.dll
2009-03-14 19:54 . 2009-03-14 19:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-13 19:09 . 2009-03-30 19:16 <DIR> d-------- C:\Downloads
2009-03-13 19:07 . 2009-04-09 08:43 <DIR> d-------- c:\users\Privat\AppData\Roaming\Free Download Manager
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\users\All Users\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\programdata\FreeDownloadManager.ORG
2009-03-13 19:07 . 2009-03-13 19:07 <DIR> d-------- c:\program files\Free Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 18:00 --------- d--h--w c:\program files\InstallShield Installation Information
2009-04-09 18:00 --------- d-----w c:\programdata\Ulead Systems
2009-04-09 06:57 --------- d-----w c:\program files\Trend Micro
2009-04-09 00:32 --------- d-----w c:\users\Privat\AppData\Roaming\Skype
2009-04-09 00:17 --------- d-----w c:\users\Privat\AppData\Roaming\skypePM
2009-03-15 13:44 --------- d-----w c:\program files\Java
2009-03-11 10:49 --------- d-----w c:\program files\Windows Mail
2009-03-11 10:05 --------- d-----w c:\programdata\Microsoft Help
2009-03-10 20:55 --------- d-----w c:\program files\Paint.NET
2009-03-08 11:34 914,944 ----a-w c:\windows\System32\wininet.dll
2009-03-08 11:34 43,008 ----a-w c:\windows\System32\licmgr10.dll
2009-03-08 11:33 420,352 ----a-w c:\windows\System32\vbscript.dll
2009-03-08 11:33 18,944 ----a-w c:\windows\System32\corpol.dll
2009-03-08 11:33 132,608 ----a-w c:\windows\System32\ieUnatt.exe
2009-03-08 11:33 109,568 ----a-w c:\windows\System32\PDMSetup.exe
2009-03-08 11:33 109,056 ----a-w c:\windows\System32\iesysprep.dll
2009-03-08 11:33 107,520 ----a-w c:\windows\System32\RegisterIEPKEYs.exe
2009-03-08 11:33 107,008 ----a-w c:\windows\System32\SetIEInstalledDate.exe
2009-03-08 11:33 103,936 ----a-w c:\windows\System32\SetDepNx.exe
2009-03-08 11:32 72,704 ----a-w c:\windows\System32\admparse.dll
2009-03-08 11:32 71,680 ----a-w c:\windows\System32\iesetup.dll
2009-03-08 11:32 66,560 ----a-w c:\windows\System32\wextract.exe
2009-03-08 11:32 169,472 ----a-w c:\windows\System32\iexpress.exe
2009-03-08 11:31 48,128 ----a-w c:\windows\System32\mshtmler.dll
2009-03-08 11:31 45,568 ----a-w c:\windows\System32\mshta.exe
2009-03-08 11:31 34,816 ----a-w c:\windows\System32\imgutil.dll
2009-03-08 11:22 156,160 ----a-w c:\windows\System32\msls31.dll
2009-03-06 21:17 --------- d-----w c:\users\Privat\AppData\Roaming\TeamViewer
2009-02-26 13:07 --------- d-----w c:\program files\Microsoft Silverlight
2009-02-12 08:31 --------- d-----w c:\users\Privat\AppData\Roaming\FreeCall
2009-02-09 03:10 2,033,152 ----a-w c:\windows\System32\win32k.sys
2009-01-17 01:22 82,432 ----a-w c:\windows\System32\axaltocm.dll
2009-01-17 01:22 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2009-01-16 01:15 269,312 ----a-w c:\windows\System32\es.dll
2009-01-15 16:30 56 ---ha-w c:\users\All Users\ezsidmv.dat
2009-01-15 16:30 56 ---ha-w c:\programdata\ezsidmv.dat
2009-01-15 00:47 61,440 ----a-w c:\windows\System32\winipsec.dll
2009-01-15 00:47 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2009-01-15 00:47 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2009-01-15 00:47 272,896 ----a-w c:\windows\System32\polstore.dll
2009-01-15 00:45 94,720 ----a-w c:\windows\System32\PortableDeviceClassExtension.dll
2009-01-15 00:45 241,152 ----a-w c:\windows\System32\PortableDeviceApi.dll
2009-01-15 00:45 160,768 ----a-w c:\windows\System32\PortableDeviceTypes.dll
2009-01-15 00:37 296,960 ----a-w c:\windows\System32\gdi32.dll
2009-01-15 00:34 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2009-01-15 00:33 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2009-01-15 00:33 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2009-01-15 00:33 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2009-01-15 00:33 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2009-01-15 00:33 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2009-01-15 00:33 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2009-01-15 00:33 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2009-01-15 00:33 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2009-01-15 00:33 1,695,744 ----a-w c:\windows\System32\gameux.dll
2009-01-15 00:31 2,048 ----a-w c:\windows\System32\msxml3r.dll
2009-01-15 00:31 1,191,936 ----a-w c:\windows\System32\msxml3.dll
2009-01-15 00:28 2,048 ----a-w c:\windows\System32\tzres.dll
2009-01-15 00:24 2,927,104 ----a-w c:\windows\explorer.exe
2009-01-15 00:17 988,216 ----a-w c:\windows\System32\winload.exe
2009-01-15 00:17 927,288 ----a-w c:\windows\System32\winresume.exe
2009-01-15 00:17 615,992 ----a-w c:\windows\System32\ci.dll
2009-01-15 00:17 6,656 ----a-w c:\windows\System32\kbd106n.dll
2009-01-15 00:17 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2009-01-15 00:17 40,960 ----a-w c:\windows\System32\srclient.dll
2009-01-15 00:17 378,368 ----a-w c:\windows\System32\srcore.dll
2009-01-15 00:17 318,464 ----a-w c:\windows\System32\rstrui.exe
2009-01-15 00:17 19,000 ----a-w c:\windows\System32\kd1394.dll
2009-01-15 00:17 14,848 ----a-w c:\windows\System32\srdelayed.exe
2009-01-15 00:15 712,704 ----a-w c:\windows\System32\WindowsCodecs.dll
2009-01-15 00:15 425,472 ----a-w c:\windows\System32\PhotoMetadataHandler.dll
2009-01-15 00:15 347,136 ----a-w c:\windows\System32\WindowsCodecsExt.dll
2009-01-15 00:14 443,392 ----a-w c:\windows\System32\win32spl.dll
2009-01-15 00:14 37,888 ----a-w c:\windows\System32\printcom.dll
2009-01-15 00:13 996,352 ----a-w c:\windows\System32\WMNetMgr.dll
2009-01-15 00:13 98,816 ----a-w c:\windows\System32\mfps.dll
2009-01-15 00:13 94,720 ----a-w c:\windows\System32\logagent.exe
2009-01-15 00:13 53,248 ----a-w c:\windows\System32\rrinstaller.exe
2009-01-15 00:13 24,576 ----a-w c:\windows\System32\mfpmp.exe
2009-01-15 00:13 2,868,736 ----a-w c:\windows\System32\mf.dll
2009-01-15 00:13 2,048 ----a-w c:\windows\System32\mferror.dll
2009-01-15 00:13 14,848 ----a-w c:\windows\System32\wshrm.dll
2009-01-15 00:12 84,480 ----a-w c:\windows\System32\INETRES.dll
2009-01-15 00:12 738,304 ----a-w c:\windows\System32\inetcomm.dll
2009-01-15 00:12 3,601,464 ----a-w c:\windows\System32\ntkrnlpa.exe
2009-01-15 00:12 3,549,240 ----a-w c:\windows\System32\ntoskrnl.exe
2009-01-15 00:12 1,645,568 ----a-w c:\windows\System32\connect.dll
2009-01-15 00:12 1,314,816 ----a-w c:\windows\System32\quartz.dll
2009-01-15 00:11 2,048 ----a-w c:\windows\System32\msxml6r.dll
2009-01-15 00:11 1,334,272 ----a-w c:\windows\System32\msxml6.dll
2009-01-14 23:52 83,456 ----a-w c:\windows\System32\wudriver.dll
2009-01-14 23:52 561,688 ----a-w c:\windows\System32\wuapi.dll
2009-01-14 23:52 51,224 ----a-w c:\windows\System32\wuauclt.exe
2009-01-14 23:52 43,544 ----a-w c:\windows\System32\wups2.dll
2009-01-14 23:52 34,328 ----a-w c:\windows\System32\wups.dll
2009-01-14 23:52 1,809,944 ----a-w c:\windows\System32\wuaueng.dll
2009-01-14 23:52 1,524,736 ----a-w c:\windows\System32\wucltux.dll
2009-01-14 23:51 31,232 ----a-w c:\windows\System32\wuapp.exe
2009-01-14 23:51 162,064 ----a-w c:\windows\System32\wuwebv.dll
2009-01-14 22:47 319,456 ----a-w c:\windows\DIFxAPI.dll
2009-01-14 22:46 315,392 ----a-w c:\windows\HideWin.exe
.

((((((((((((((((((((((((((((((((((( Start steder i reg.basen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Bemærk* tomme linier & lovlige standard linier vises ikke
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-04-09 1932568]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-10-15 02:04 39792 c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeCall]
--a------ 2008-09-01 12:09 9109296 c:\program files\FreeCall.com\FreeCall\FreeCall.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2007-08-24 08:00 33648 c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyApp]
--a------ 2007-09-01 13:21 188416 c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
--a------ 2008-02-11 21:13 166424 c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
--a------ 2007-07-12 17:36 178712 c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2008-02-11 21:13 141848 c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
--a------ 2007-09-01 15:03 32768 c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
--a------ 2006-12-26 12:23 180224 c:\program files\Launch Manager\OSD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
--a------ 2008-02-11 21:13 133656 c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PLFSetL]
--a------ 2007-07-05 13:35 94208 c:\windows\PLFSetL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
--a------ 2008-01-19 09:33 1233920 c:\program files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2008-11-07 15:31 21633320 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2009-03-15 15:44 148888 c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
--a------ 2007-09-01 16:24 86016 c:\program files\Launch Manager\WButton.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
--a------ 2008-01-19 09:38 1008184 c:\program files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
--a------ 2007-08-27 13:10 4702208 c:\windows\RtHDVCpl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-08-03 13:22 1826816 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2264076326-2987277559-2428823024-1000]
"EnableNotificationsRef"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{015FA8E5-8006-47C8-BB47-1BDC2B98C54B}"= c:\program files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)
"{2BEBEAED-A262-4533-98B9-46975E16DE78}"= UDP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"{29482797-898B-402F-9806-FD2396ACDCF3}"= TCP:c:\program files\FreeCall.com\FreeCall\FreeCall.exe:FreeCall
"TCP Query User{A36A60B3-824E-47F6-8235-0E7CBE3AB541}c:\\program files\\skype\\phone\\skype.exe"= UDP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"UDP Query User{2357B81A-D4AD-4141-9595-A1706291D1A6}c:\\program files\\skype\\phone\\skype.exe"= TCP:c:\program files\skype\phone\skype.exe:ebay.de - Skype
"{38D0F450-0EC7-4F44-88DF-4000B6DB9E87}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{B733E65D-B2C5-4017-920E-4F5253642E22}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{C055301D-4C8F-4385-93B0-3A45A6DB5CEA}"= UDP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{3CD11814-9C27-4A7C-85C8-21C156FA1367}"= TCP:c:\program files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
"{69D350A7-CE51-48D5-A657-008A7439F2E1}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E2C9C6CD-FBB9-4FF0-ADB1-A72605852970}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"TCP Query User{EB65B0B3-80D0-4604-9647-95E49EAF8297}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= UDP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"UDP Query User{04DA651F-B88B-4737-8420-C5BC78177D06}c:\\users\\privat\\temp\\teamviewer\\version4\\teamviewer.exe"= TCP:c:\users\privat\temp\teamviewer\version4\teamviewer.exe:teamviewer.exe
"TCP Query User{7CF58961-3A7B-43EB-8129-7B399C44DCA5}c:\\program files\\free download manager\\fdm.exe"= UDP:c:\program files\free download manager\fdm.exe:Free Download Manager
"UDP Query User{DA7ECC5B-2E0D-4162-86B0-8C61A6D28AEE}c:\\program files\\free download manager\\fdm.exe"= TCP:c:\program files\free download manager\fdm.exe:Free Download Manager
"{47EF6ABF-098A-42CA-B2E7-0E74BEE7BBDD}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{B3F7B7E0-2C16-41AB-BA18-92555627AE90}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe

R0 Si3531;SiI-3531 SATA Controller;c:\windows\System32\drivers\Si3531.sys [2008-07-25 212008]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2009-04-09 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-04-09 108552]
R1 Hotkey;Hotkey;c:\windows\System32\drivers\HOTKEY.sys [2009-01-15 9867]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-04-09 298264]
R3 X10Hid;X10 Hid Device;c:\windows\System32\drivers\x10hid.sys [2009-01-15 13976]
S4 gupdate1c9aa03b6a7bb79;Tjenesten Google Update (gupdate1c9aa03b6a7bb79);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 133104]
S4 IAANTMON;Intel(R) Matrix Storage Event Monitor;c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe [2009-01-15 354840]
S4 WisLMSvc;WisLMSvc;c:\program files\Launch Manager\WisLMSvc.exe [2009-01-15 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Indhold af mappen 'Planlagte Opgaver'

2009-04-12 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-21 11:01]

2009-03-30 c:\windows\Tasks\Schedule Task Weekly.job
- c:\program files\Registry Easy\RE.exe []
.
- - - - TOMME GENVEJE FJERNET - - - -

MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
MSConfigStartUp-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
MSConfigStartUp-NeroFilterCheck - c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
MSConfigStartUp-OmniPass - c:\program files\Softex\OmniPass\scureapp.exe
MSConfigStartUp-RCAutoLiveUpdate - c:\program files\Max Registry Cleaner\MaxLiveUpdateRC.exe
MSConfigStartUp-RCSystemTray - c:\program files\Max Registry Cleaner\MaxRCSystemTray.exe
MSConfigStartUp-snp2uvc - c:\windows\vsnp2uvc.exe
MSConfigStartUp-TomTomHOME - c:\program files\TomTom HOME 2\HOMERunner.exe
MSConfigStartUp-Ulead AutoDetector v2 - c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe


.
------- Yderligere scanning -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download video with Free Download Manager - file://c:\program files\Free Download Manager\dlfvideo.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-12 13:59:40
Windows 6.0.6001 Service Pack 1 NTFS

scanner skjulte processer ...

scanner skjulte autostarter ...

scanner skjulte filer ...

scanning gennemført med succes
skjulte filer: 0

**************************************************************************
.
Gennemført tid: 2009-04-12 14:01:39
ComboFix-quarantined-files.txt 2009-04-12 12:01:37

Pre-Kørsel: 138,654,748,672 byte ledig
Post-Kørsel: 138,621,566,976 byte ledig

289 --- E O F --- 2009-03-28 10:30:22

Uradijo sam sve onako kako si objasnijo nema tu nista da je nejasno....

Meni se sve cini ako se nevaram da je sve ovo oko ove vrste zajebancije
sve pocelo od kako sam poceo sa windows updatiranjem......

Malo pre nisi dobro prekopirao skriptu u ComboFix, sada jesi i obrisalo se ono sto sam napisao. Jel ti to AVG nasao neki virus? Sta je sad ovo: Panda Security? Restartuj racunar u Safe Mode i uradi scan sa HijackThis-om i postavi ovde novi izvestaj. Formatiraj one USB flashove kao sto sam ti napisao. Kakvo je sada stanje?

Vidi sto se tice usb flasha to i nemam vise niti koristim....
a to panda sada to sam pokusao online scan my pc for virus

Ok. Hajde da uninstaliramo ComboFix:

Otvori Start > Run i ukucaj combofix /u

Program ce se automatski uninstalirati. Nemoj zaboraviti da ukljucis svu zastitu, posto si je gasio zbog rada ovog programa.

======================

Ja ne vidim ovde vise tragova malware-a. Hajde dok smo vec ovde da pogledamo jos nesto. Preuzmi program ShellExView. Instaliraj ga i pokreni. On ce automatski izvrsiti skeniranje racunara. Kad se skeniranje zavrsi (traje par sekundi) sortiraj spisak po tipu (Type) tako sto ces kliknuti na Type i spisak ce automatski biti sortiran. Potrebno je na vrhu spiska da dobijes Context Menu spisak kao na slici:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:57:11, on 09-04-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\AVG\AVG8\avgscanx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\SndVol.exe
C:\Users\Privat\Desktop\RSIT.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\trend micro\Privat.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

--
End of file - 2201 bytes

Extension Name : Display Effects CPL Extension
Disabled : No
Type : System
Description : API til Windows-tema
Version : 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name : Microsoft® Windows® Operativsystem
Company : Microsoft Corporation
My Computer : No
Desktop : No
Control Panel : No
My Network Places : No
Entire Network : No
Remote Computer : No
Filename : C:\Windows\system32\themeui.dll
CLSID : {41E300E0-78B6-11ce-849B-444553540000}
File Created Time : 17-01-2009 02:57:12
CLSID Modified Time: 02-11-2006 14:53:15
Microsoft : Yes
File Extensions :
File Attributes : A
File Size : 615.424

A sada mi se pojavijo Resident Shield alert sa porukom
multiple threat detection
-c:\user\privat\appdata\roaming\microsoft\windows\cookies\low\privat@doubleclick(1).txt
--c:\user\privat\appdata\roaming\microsoft\windows\cookies\low\privat@statcounter(1).txt

To ti nije nista opasno. Slobodno obrisi. Sta bi sa ShellExView-om? Slika?