Vesti

tacija · Novi građanin

Kada otvorim mozilu neotvara mi gogle prozor za pretragu nego direktno neku web stranicu koja je zbog woota koji mi je instaliran zatamnjena pa je neotvaram . Koristim avg anti virus a on mi prijavljuje da su skoro svi programi ustartupu zarazeni. pola sam izbrisao posto ih je smestio u karantin. Sta dalje?

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Kreneš od ovoga: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

tacija · Novi građanin

Problem je poceo od 17.02. Posle podizanja sistema mozila startuje sama sa nekom stranicom"I AM Wired start.com". Koristim AVG9 pro ali on neuspeva da ih otkloni nego samo smesta u karantin. Inace napadnuti su skoro svi programi u tray taskbaru. Pokusavao sam sa reinstaliranjem ali opet budu napadnuti. AVG detektuje virus "trojanski konj SHeur2.CMFO. Napadnute su datoteke program fajls i may dokuments. Koristim ADSL internet Telekoma
DDS (Ver_09-12-01.01) - NTFSx86
Run by Juca at 7:35:24,57 on Fri 02/19/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1112 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Internet Lock\ILSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\DOCUME~1\Juca\LOCALS~1\Temp\setupv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Juca\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www3.iamwired.net/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File
BHO: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No File
BHO: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll
BHO: gwprimawega: {78299f52-57b0-c342-b39e-a4bd6297d84c} - c:\windows\system32\3N-4PGBL3zt-3.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MorEmoticons] c:\program files\moremoticons\MorEmoticons.exe /Minimize
uRun: [Google Update] "c:\documents and settings\juca\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [DW6]
uRun: [360desktop]
uRun: [ChristmasTree] c:\documents and settings\juca\desktop\Christmas.exe
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [uTorrent] "c:\program files\utorrent\utorrent .exe"
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\program files\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [GEST] c:\program files\gigabyte\gest\RUN.e_e
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\deskto~1.lnk - c:\program files\vghd\vghd.exe
StartupFolder: c:\documents and settings\juca\start menu\programs\startup\Moo0 SystemMonitor 1.35.lnk.disabled
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\mp3roc~1.lnk - c:\program files\mp3 rocket\MP3Rocket.exe
StartupFolder: c:\documents and settings\juca\start menu\programs\startup\updater.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\BlueSoleil.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pinnac~1.lnk - c:\program files\pinnacle\shared files\programs\scheduler\PCLEScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Search
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\juca\applic~1\mozilla\firefox\profiles\w19fn5wp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www3.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\w19fn5wp.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\w19fn5wp.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFExternalAlert.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-18 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-19 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-18 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-18 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-18 360584]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-25 234888]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-18 285392]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-21 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [2008-12-17 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-12-17 139264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2009-2-18 698368]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv4.tmp [2010-2-18 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2009-2-18 6400]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\juca\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-11-20 70144]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2009-2-18 55816]

=============== Created Last 30 ================

2010-02-18 16:33:48 0 d-----w- c:\program files\Driver-Soft
2010-02-18 16:23:56 186407 ----a-w- c:\windows\system32\nvapps.nvb
2010-02-18 16:20:28 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20:27 0 d-----w- c:\program files\XpertVision
2010-02-18 14:39:18 546304 ----a-w- c:\windows\system32\SET212.tmp
2010-02-18 14:38:26 60416 ----a-w- c:\windows\system32\SET14D.tmp
2010-02-18 14:38:26 283648 ----a-w- c:\windows\system32\SET14C.tmp
2010-02-18 14:38:25 473088 ----a-w- c:\windows\system32\wbem\SET150.tmp
2010-02-18 14:38:25 399360 ----a-w- c:\windows\system32\SET14B.tmp
2010-02-18 14:38:24 453120 ----a-w- c:\windows\system32\wbem\SET14F.tmp
2010-02-18 14:38:24 227840 ----a-w- c:\windows\system32\wbem\SET14E.tmp
2010-02-18 14:36:04 1172480 ------w- c:\windows\system32\SETF8.tmp
2010-02-18 14:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34:38 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34:37 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34:01 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:28:44 332800 ----a-w- c:\windows\system32\SET69.tmp
2010-02-18 14:27:11 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:06:50 0 d--h--w- C:\$AVG
2010-02-18 14:06:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06:40 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-18 14:01:35 44544 ----a-w- c:\windows\system32\alcmtr.exe
2010-02-18 13:45:46 450560 ------w- c:\windows\system32\SETB4.tmp
2010-02-18 13:16:10 44544 ----a-w- c:\documents and settings\juca\alcmtr.exe
2010-02-18 13:16:10 44544 ----a-w- c:\documents and settings\juca\alcmtr .exe
2010-02-18 13:07:59 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06:56 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2010-02-18 13:04:39 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-18 13:04:15 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:35:55 9581 -c--a-w- c:\windows\system32\dllcache\MSMSGS.CAT
2010-02-18 12:23:29 4 ----a-w- c:\program files\126640.dat
2010-02-18 11:07:45 4 ----a-w- c:\program files\144453.dat
2010-02-18 08:07:42 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-18 07:54:31 4 ----a-w- c:\program files\122093.dat
2010-02-17 16:18:35 4 ----a-w- c:\program files\115968.dat
2010-02-17 13:45:18 4 ----a-w- c:\program files\114796.dat
2010-02-17 13:34:45 0 d-----w- c:\docume~1\juca\applic~1\JewelMatch2
2010-02-17 13:29:17 44544 ----a-w- c:\documents and settings\juca\nwiz.exe
2010-02-17 13:29:17 44544 ----a-w- c:\documents and settings\juca\nwiz .exe
2010-02-17 13:29:16 44544 ----a-w- c:\documents and settings\juca\rundll32 .exe
2010-02-17 13:29:15 44544 ----a-w- c:\documents and settings\juca\rthdcpl .exe
2010-02-17 13:28:40 578560 ----a-w- c:\windows\system32\iyffug
2010-02-17 13:17:50 44544 ----a-w- c:\windows\system32\regedit.exe
2010-02-17 13:17:50 44544 ----a-w- c:\windows\system32\regedit .exe
2010-02-17 13:02:47 0 d-----w- c:\docume~1\juca\applic~1\SuperMP3Download
2010-02-17 12:31:16 10763 ----a-w- c:\docume~1\alluse~1\applic~1\_VOIDmainqt.dll
2010-02-17 12:30:57 578560 ----a-w- c:\windows\system32\gzoydphgv
2010-02-17 12:30:57 45056 ----a-w- c:\windows\system32\_VOIDubpixbrrmk.dll
2010-02-17 12:30:48 118284 ----a-w- c:\windows\system32\-c6DPF_uCL2_X.exe
2010-02-17 12:30:37 28672 ----a-w- c:\windows\system32\3f5uk.sr
2010-02-17 12:30:36 32768 ----a-w- c:\windows\system32\fe6hbfe1.an
2010-02-17 12:30:36 32768 ----a-w- c:\windows\system32\23rh46g.4e
2010-02-17 12:30:35 79360 ----a-w- c:\windows\system32\bb52fkri.few
2010-02-17 12:30:35 28672 ----a-w- c:\windows\system32\467.zt
2010-02-17 12:30:19 42496 ----a-w- c:\windows\system32\drivers\_VOIDkvtniyyglt.sys
2010-02-17 12:30:19 26624 ----a-w- c:\windows\system32\_VOIDxtexrhxowk.dll
2010-02-17 12:30:19 233 ----a-w- c:\windows\system32\_VOIDkspawujnqd.dat
2010-02-17 12:29:09 8 ----a-w- c:\docume~1\alluse~1\applic~1\mswintmp.dat
2010-02-17 12:29:08 42531 ----a-w- c:\documents and settings\juca\SyncMan.exe
2010-02-17 12:29:08 42531 ----a-w- c:\documents and settings\juca\syncman .exe
2010-02-17 12:29:07 42531 ----a-w- c:\windows\system32\SyncMan.exe
2010-02-17 12:29:07 42531 ----a-w- c:\windows\system32\syncman .exe
2010-02-17 10:25:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SuperMP3Download
2010-02-17 10:24:43 0 d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57:52 0 d-----w- c:\program files\common files\SWF Studio
2010-02-16 10:57:45 0 d-sh--w- c:\docume~1\juca\applic~1\.#
2010-02-16 10:12:31 0 d-----w- c:\program files\3dGirlz
2010-02-16 10:10:12 0 d-----w- c:\program files\MAdModule
2010-02-15 16:03:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SpecialBit
2010-02-13 13:29:40 7680 ----a-w- C:\AssistentGraph.grf
2010-02-13 13:23:22 5526 ----a-w- c:\windows\TWAINCAP.SRC
2010-02-13 13:23:21 14025 ----a-w- c:\windows\TWAINCAP.INI
2010-02-13 13:23:08 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23:08 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 13:23:08 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 09:04:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Cloanto
2010-02-13 08:25:58 0 d-----w- c:\docume~1\juca\applic~1\ProfiCAD
2010-02-10 15:59:29 0 d-----w- c:\program files\mresreg
2010-02-10 07:48:12 0 d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15:51 0 d-----w- c:\documents and settings\juca\Shared
2010-02-09 14:15:51 0 d-----w- c:\documents and settings\juca\Incomplete
2010-02-08 11:15:43 0 d-----w- c:\docume~1\alluse~1\applic~1\MonteCristo
2010-02-06 16:00:41 0 d-----w- c:\docume~1\juca\applic~1\SpinTop Games
2010-02-06 14:24:10 0 d-----w- c:\docume~1\juca\applic~1\Flood Light Games
2010-02-04 12:24:49 0 d-----w- c:\docume~1\juca\applic~1\Dragon Altar Games
2010-02-02 10:42:46 169 ----a-w- c:\windows\settings.ini
2010-02-01 12:27:42 218 ----a-w- c:\documents and settings\juca\.recently-used.xbel
2010-02-01 12:26:58 0 d-----w- c:\documents and settings\juca\.mypaint
2010-01-31 10:41:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-01-31 10:41:13 0 d-----w- c:\docume~1\juca\applic~1\Azureus
2010-01-31 07:16:54 0 ----a-w- C:\My Preset.ini
2010-01-31 07:15:53 17 ----a-w- c:\windows\LastXPSetupSMenu.ini
2010-01-29 20:35:12 1273856 ----a-w- c:\windows\system32\3N-4PGBL3zt-3.dll
2010-01-29 11:17:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:14:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 11:14:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-29 07:41:13 0 d-----w- c:\documents and settings\juca\.rainlendar2
2010-01-28 22:30:03 0 d-----w- c:\docume~1\juca\applic~1\CobiMobi
2010-01-28 07:24:20 0 d-----w- c:\docume~1\juca\applic~1\SPlayer
2010-01-27 15:46:20 0 d-sh--w- c:\documents and settings\juca\Impostazioni locali
2010-01-27 07:47:47 0 d-----w- c:\docume~1\juca\applic~1\TeraCopy
2010-01-26 13:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Rumbic Studio
2010-01-26 07:23:28 0 d-----w- c:\program files\Ceremu
2010-01-25 16:33:54 0 d-----w- c:\program files\Speccy
2010-01-25 10:57:10 0 d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43:16 0 d-----w- c:\docume~1\juca\applic~1\ERS G-Studio
2010-01-22 16:43:12 0 d-----w- c:\docume~1\juca\applic~1\ArcticLine
2010-01-22 14:09:53 0 d-----w- c:\program files\Desktop
2010-01-22 12:19:18 0 d-----w- c:\docume~1\juca\applic~1\YoudaGames
2010-01-21 13:02:13 0 d-----w- c:\docume~1\juca\applic~1\AJ SQUARE INC
2010-01-20 09:19:02 0 d-----w- c:\documents and settings\juca\Saved Games

==================== Find3M ====================

2010-02-18 16:34:31 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-18 15:18:07 16608 ----a-w- c:\windows\gdrv.sys
2010-02-18 14:01:26 44544 ----a-w- c:\windows\system32\nerocheck.exe
2010-02-18 14:01:25 44544 ----a-w- c:\windows\system32\elkctrl.exe
2010-02-18 14:01:22 44544 ----a-w- c:\windows\system32\lvcomsx.exe
2010-02-18 13:15:23 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-18 13:02:47 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-19 14:54:01 274 ----a-w- c:\docume~1\alluse~1\applic~1\Setting.dat
2010-01-11 07:16:11 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\SET1BF.tmp
2009-12-22 05:42:49 624640 ----a-w- c:\windows\system32\SET1C0.tmp
2009-12-22 05:42:48 39424 ----a-w- c:\windows\system32\SET1C4.tmp
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\SET1C3.tmp
2009-12-22 05:42:47 3063808 ----a-w- c:\windows\system32\SET1C8.tmp
2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:42:45 16384 ----a-w- c:\windows\system32\SET1C9.tmp
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\SET1D0.tmp
2009-12-17 16:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59:39 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11:25 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-08 09:13:51 474112 ------w- c:\windows\system32\SET1C2.tmp
2009-11-29 06:44:20 0 ----a-w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 7:35:50,25 ===============
http://www.mycity.rs/uploads2/140512_506800907_Attach.txt GMER nemogu da posaljem posto posle pola sata skeniranja restartuje racunar. Tri puta sam pokusavao ali nemoze da zavrsi skeniranje posto se isto dogadja.

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Preuzmi DeFogger sa ovog linka na Desktop .

Dvoklikom pokreni DeFogger;
Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable;
Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;

Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.

Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će biti deaktivirani CD/DVD emulatori i omogućen neometan rad programa koje koristimo.

Sada bi Gmer trebao da radi - isprati uputstvo za skeniranje.

tacija · Novi građanin

----------- Napisano: 20 Feb 2010 11:40 ---------

unar i posle izvesnog vremena ga restartuje i cim digne sistem sam otvori mzilu sa nekom bezveznom nepoznatom stranicom. I ovo sam probao cetiri puta. Cetvrti put nije ni zavrsio skeniranje nego je pre kraja restartovao komp.

----------- Dopuna: 20 Feb 2010 11:42 ---------

Evo kako je ispala poruka i nju je iskasapio

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Ok, probaćemo drugačije.

Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:

Bleeping Computer

Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.

Kada preuzimanje programa bude završeno:

deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.

U toku rada, ComboFix će:

proveriti postoji li novija verzija programa:
- klikni Yes ako bude ponuđeno preuzimanje iste.
prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
- klikni Yes kako bi proces bio nastavljen.
ako Recovery Console nije instalirana, ponuditi instalaciju:
- obavezno prihvati klikom na Yes i isprati postupak.
postaviti/dati određeni broj upita/obaveštenja:
- prihvati klikom na Yes ili OK.
po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:

klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:

Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

tacija · Novi građanin

Posto gmer nece da odradi evo izvestaja od RootRepeala:
http://www.mycity.rs/uploads2/140512_338122807_RootRepeal.Report.txt

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Isprati sada gornje uputstvo (za ComboFix).

tacija · Novi građanin

ComboFix 10-02-20.04 - Juca 02/21/2010 6:08.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1344 [GMT 1:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Juca\nwiz .exe
c:\documents and settings\Juca\rundll32.exe
.
---- Previous Run -------
.
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\elkctrl .exe
c:\windows\system32\lvcomsx .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\nwiz .exe
c:\windows\system32\rthdcpl.exe
c:\windows\system32\rundll32 .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-19 07:08 . 2010-02-18 14:06 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-19 07:08 . 2010-02-18 14:06 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-18 16:33 . 2010-02-18 16:33 -------- d-----w- c:\program files\Driver-Soft
2010-02-18 16:20 . 2007-03-16 09:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20 . 2010-02-20 16:56 -------- d-----w- c:\program files\XpertVision
2010-02-18 14:58 . 2010-02-18 14:58 -------- d-----w- c:\documents and settings\Juca\Application Data\InstallShield
2010-02-18 14:38 . 2009-11-25 12:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-18 14:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:27 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:19 . 2010-02-18 14:19 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\AVG Security Toolbar
2010-02-18 14:06 . 2010-02-18 14:06 -------- d-----w- C:\$AVG
2010-02-18 14:06 . 2010-02-18 14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06 . 2010-02-18 14:06 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06 . 2010-02-18 14:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-18 14:06 . 2010-02-21 04:55 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06 . 2010-02-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-18 13:07 . 2004-08-04 01:07 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06 . 2004-08-04 01:07 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-02-18 13:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:36 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-18 12:23 . 2010-02-18 12:23 4 ----a-w- c:\program files\126640.dat
2010-02-18 11:07 . 2010-02-18 11:07 4 ----a-w- c:\program files\144453.dat
2010-02-18 08:07 . 2010-02-18 08:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 07:54 . 2010-02-18 07:54 4 ----a-w- c:\program files\122093.dat
2010-02-17 16:18 . 2010-02-17 16:18 4 ----a-w- c:\program files\115968.dat
2010-02-17 13:45 . 2010-02-17 13:45 4 ----a-w- c:\program files\114796.dat
2010-02-17 13:34 . 2010-02-17 13:34 -------- d-----w- c:\documents and settings\Juca\Application Data\JewelMatch2
2010-02-17 13:29 . 2010-02-20 16:56 44544 ----a-w- c:\documents and settings\Juca\nwiz.exe
2010-02-17 13:02 . 2010-02-17 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\SuperMP3Download
2010-02-17 12:30 . 2010-02-20 10:07 118375 ----a-w- c:\windows\system32\-c6DPF_uCL2_X.exe
2010-02-17 12:30 . 2010-02-17 12:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-17 12:29 . 2010-02-17 13:28 42531 ----a-w- c:\documents and settings\Juca\SyncMan.exe
2010-02-17 12:29 . 2010-02-17 13:28 42531 ----a-w- c:\windows\system32\SyncMan.exe
2010-02-17 10:25 . 2010-02-20 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-02-17 10:24 . 2010-02-17 13:02 -------- d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57 . 2010-02-16 10:57 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-16 10:12 . 2010-02-16 10:12 -------- d-----w- c:\program files\3dGirlz
2010-02-16 10:10 . 2010-02-18 08:07 -------- d-----w- c:\program files\MAdModule
2010-02-15 16:03 . 2010-02-15 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpecialBit
2010-02-13 16:27 . 2010-02-13 16:27 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Astar Games
2010-02-13 13:23 . 2002-06-20 08:56 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23 . 2002-06-17 13:09 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 13:23 . 2002-06-11 03:03 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 09:05 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Cloanto
2010-02-13 09:04 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Cloanto
2010-02-13 08:25 . 2010-02-13 08:27 -------- d-----w- c:\documents and settings\Juca\Application Data\ProfiCAD
2010-02-10 15:59 . 2010-02-10 15:59 -------- d-----w- c:\program files\mresreg
2010-02-10 07:48 . 2010-02-10 07:49 -------- d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15 . 2010-02-09 14:23 -------- d-----w- c:\documents and settings\Juca\Incomplete
2010-02-09 14:15 . 2010-02-09 14:15 -------- d-----w- c:\documents and settings\Juca\Shared
2010-02-08 11:15 . 2010-02-08 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2010-02-06 16:00 . 2010-02-06 16:00 -------- d-----w- c:\documents and settings\Juca\Application Data\SpinTop Games
2010-02-06 14:24 . 2010-02-07 10:18 -------- d-----w- c:\documents and settings\Juca\Application Data\Flood Light Games
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-04 12:24 . 2010-02-04 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\Dragon Altar Games
2010-02-01 14:12 . 2010-02-01 14:12 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Ph03nixNewMedia
2010-02-01 13:05 . 2010-02-01 13:05 81408 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Cogs\4000008000002i\Splash Screen.exe
2010-02-01 12:26 . 2010-02-01 12:27 -------- d-----w- c:\documents and settings\Juca\.mypaint
2010-01-31 10:41 . 2010-01-31 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-31 10:41 . 2010-01-31 10:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Azureus
2010-01-29 11:17 . 2010-02-18 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:16 . 2010-01-29 11:16 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-29 11:14 . 2010-01-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 11:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 07:41 . 2010-01-29 07:43 -------- d-----w- c:\documents and settings\Juca\.rainlendar2
2010-01-28 22:30 . 2010-01-28 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\CobiMobi
2010-01-28 16:33 . 2010-02-01 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\PlayFirst
2010-01-28 07:24 . 2010-01-28 07:24 -------- d-----w- c:\documents and settings\Juca\Application Data\SPlayer
2010-01-27 15:46 . 2010-01-27 15:46 -------- d-sh--w- c:\documents and settings\Juca\Impostazioni locali
2010-01-27 07:47 . 2010-01-29 07:49 -------- d-----w- c:\documents and settings\Juca\Application Data\TeraCopy
2010-01-27 06:53 . 2010-01-27 06:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 06:44 . 2010-01-27 06:44 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcp71.dll
2010-01-27 06:44 . 2010-01-27 06:44 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\jmc.dll
2010-01-27 06:44 . 2010-01-27 06:44 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcr71.dll
2010-01-27 06:44 . 2010-01-27 06:44 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-sse.dll
2010-01-27 06:44 . 2010-01-27 06:44 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-d3d.dll
2010-01-26 13:37 . 2010-01-26 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Rumbic Studio
2010-01-26 07:23 . 2010-02-05 16:42 -------- d-----w- c:\program files\Ceremu
2010-01-26 06:56 . 2010-01-26 06:59 -------- d-----w- c:\documents and settings\Juca\Application Data\vlc
2010-01-26 06:37 . 2010-01-26 06:38 -------- d-----w- c:\documents and settings\Juca\Application Data\Media Player Classic
2010-01-25 16:33 . 2010-01-25 16:33 -------- d-----w- c:\program files\Speccy
2010-01-25 10:57 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43 . 2010-02-12 10:30 -------- d-----w- c:\documents and settings\Juca\Application Data\ERS G-Studio
2010-01-22 16:43 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Juca\Application Data\ArcticLine
2010-01-22 16:25 . 2010-01-22 16:28 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\plantthis
2010-01-22 14:09 . 2010-01-22 14:09 -------- d-----w- c:\program files\Desktop
2010-01-22 12:19 . 2010-01-22 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\YoudaGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 05:06 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-02-21 05:00 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 04:52 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-02-21 04:51 . 2009-02-19 11:35 -------- d-----w- c:\program files\DivX
2010-02-20 23:29 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-02-20 23:29 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-02-20 23:29 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-20 18:19 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-02-20 17:39 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 17:00 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-20 16:57 . 2009-02-22 11:42 -------- d-----w- c:\program files\Winamp
2010-02-20 16:56 . 2009-02-18 18:08 -------- d-----w- c:\program files\uTorrent
2010-02-20 16:56 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2010-02-20 16:56 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 16:56 . 2009-02-23 14:05 -------- d-----w- c:\program files\MorEmoticons
2010-02-20 16:46 . 2009-02-20 15:00 44544 ----a-w- c:\windows\system32\nerocheck.exe
2010-02-20 16:46 . 2009-02-19 16:14 44544 ----a-w- c:\windows\system32\elkctrl.exe
2010-02-20 16:46 . 2005-12-09 14:32 44544 ----a-w- c:\windows\system32\lvcomsx.exe
2010-02-19 12:31 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-02-18 14:57 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-02-18 13:57 . 2009-12-25 14:41 -------- d-----w- c:\program files\Sandboxie
2010-02-18 13:35 . 2009-02-18 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 13:15 . 2009-11-18 16:24 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-18 13:02 . 2009-11-18 16:24 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 13:02 . 2010-01-11 11:37 -------- d-----w- c:\program files\20 TRIKOVA
2010-02-17 09:59 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-02-15 10:11 . 2009-02-22 11:42 -------- d-----w- c:\documents and settings\Juca\Application Data\Winamp
2010-02-14 15:51 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-02-14 10:57 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-02-13 09:04 . 2009-04-25 11:04 -------- d-----w- c:\program files\Common Files\Cloanto
2010-02-13 09:04 . 2009-04-25 11:02 -------- d-----w- c:\program files\Cloanto
2010-02-05 16:17 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 13:09 . 2009-10-28 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2010-01-31 15:39 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2010-01-31 11:13 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMp3Downloader
2010-01-27 06:44 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-01-26 14:47 . 2009-02-19 11:35 -------- d-----w- c:\documents and settings\Juca\Application Data\Dr. DivX 2.0 OSS
2010-01-21 13:02 . 2010-01-21 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\AJ SQUARE INC
2010-01-19 14:54 . 2010-01-19 14:57 274 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-01-19 14:29 . 2010-01-19 14:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Gamelab
2010-01-19 06:58 . 2010-01-19 06:52 -------- d-----w- c:\program files\Internet Lock
2010-01-19 06:52 . 2010-01-19 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TopLang
2010-01-18 12:47 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\Juca\Application Data\EasyMp3Downloader
2010-01-17 13:25 . 2010-01-17 13:15 -------- d-----w- c:\program files\ProgDVB
2010-01-16 07:35 . 2009-02-19 12:05 -------- d-----r- c:\program files\Skype
2010-01-15 23:39 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2010-01-15 15:24 . 2009-09-16 05:35 -------- d-----w- c:\program files\Opera
2010-01-14 14:30 . 2010-01-14 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\Stellarium
2010-01-14 07:16 . 2010-01-14 07:16 -------- d-----w- c:\documents and settings\Juca\Application Data\Nero
2010-01-13 14:12 . 2009-02-19 17:03 -------- d-----w- c:\documents and settings\Juca\Application Data\DivX
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-10 07:39 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-09 15:50 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-01-09 07:34 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-01-08 17:23 . 2010-01-08 17:21 -------- d-----w- c:\program files\Amoba
2010-01-08 10:28 . 2010-01-08 07:36 27 ----a-w- c:\windows\popcinfot.dat
2010-01-08 06:58 . 2010-01-08 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1005
2010-01-07 06:59 . 2010-01-07 06:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-06 15:16 . 2010-01-06 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\program files\SCREENSEVEN
2010-01-06 15:14 . 2009-12-14 06:47 -------- d-----w- c:\program files\OXXOGames
2010-01-06 13:23 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 11:08 . 2010-01-05 11:08 -------- d-----w- c:\program files\xp_simulation_setup
2010-01-04 08:10 . 2009-02-19 12:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 16:14 . 2004-08-04 01:07 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:21 . 2009-12-29 07:21 -------- d-----w- c:\documents and settings\Juca\Application Data\facemoods.com
2009-12-29 07:21 . 2009-12-04 08:22 -------- d-----w- c:\program files\Button Shop 4
2009-12-29 07:20 . 2009-12-24 07:31 -------- d-----w- c:\program files\ABBYY FineReader 8.0 Professional Edition
2009-12-26 15:23 . 2009-08-21 14:09 -------- d-----w- c:\program files\Super Internet TV
2009-12-25 06:51 . 2009-12-25 06:51 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000c00002i\jqsnotify.exe
2009-12-25 06:50 . 2009-12-25 06:50 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000df00002i\firefox.exe
2009-12-24 07:32 . 2009-12-24 07:32 -------- d-----w- c:\documents and settings\Juca\Application Data\ABBYY
2009-12-23 14:43 . 2009-12-23 14:43 -------- d-----w- c:\program files\MSECache
2009-12-23 06:53 . 2009-12-23 06:53 -------- d-----w- c:\documents and settings\Juca\Application Data\YCanPDF
2009-12-22 05:42 . 2004-08-04 01:07 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002ba200002i\run.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4ad000006100003i\cmd.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002700002i\SuperFrog.exe
2009-12-17 16:14 . 2009-02-19 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58 . 2009-02-18 15:58 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59 . 2009-12-11 16:00 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11 . 2009-12-11 07:09 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11 . 2009-12-11 07:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-09 06:25 . 2009-12-04 08:41 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-04 14:41 . 2004-08-04 01:07 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 08:37 . 2009-02-18 16:07 48840 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 08:22 . 2009-12-04 08:22 2 ----a-w- c:\windows\system32\krx240.dat
2009-11-29 06:44 . 2009-11-29 06:44 0 ----a-w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-11-27 17:33 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Prilično nezgodna infekcija... Inficirani su praktično svi programi koji se startuju sa Windowsom.

U ovom koraku ćemo pokušati da deaktiviramo malware, a u idućem da popravimo što se popraviti može - preostale programe ćeš morati reinstalirati.

Bitno: ne instaliraj bilo kakve programe i ne skeniraj bilo čime.

Log napravljen na kraju sledećeg skeniranja će biti sačuvan kao C:\ComboFix.txt.

Nemoj ga kopirati u poruku, već ga prikači korišćenjem opcije Prikači fajl.

Ne pokreći ComboFix više puta.

Otvoriti Notepad i iskopirati sledeci tekst:

tacija · Novi građanin

ComboFix 10-02-21.02 - Juca 02/22/2010 8:36.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1334 [GMT 1:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Juca\nwiz.exe
c:\documents and settings\Juca\SyncMan.exe
c:\program files\114796.dat
c:\program files\115968.dat
c:\program files\122093.dat
c:\program files\126640.dat
c:\program files\144453.dat
c:\program files\Mozilla Firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
c:\windows\system32\-c6DPF_uCL2_X.exe
c:\windows\system32\elkctrl.exe
c:\windows\system32\lvcomsx.exe
c:\windows\system32\nerocheck.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\tscupgrd.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 14:00 . 2010-02-21 14:00 -------- d-----w- c:\program files\7-Zip
2010-02-21 05:22 . 2010-02-21 05:22 -------- d-----w- c:\documents and settings\Juca\Application Data\AVG9
2010-02-20 17:53 . 2010-02-20 17:53 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\WMTools Downloaded Files
2010-02-19 07:08 . 2010-02-18 14:06 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-19 07:08 . 2010-02-18 14:06 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-18 16:33 . 2010-02-18 16:33 -------- d-----w- c:\program files\Driver-Soft
2010-02-18 16:20 . 2007-03-16 09:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20 . 2010-02-21 05:17 -------- d-----w- c:\program files\XpertVision
2010-02-18 14:58 . 2010-02-18 14:58 -------- d-----w- c:\documents and settings\Juca\Application Data\InstallShield
2010-02-18 14:38 . 2009-11-25 12:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-18 14:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:27 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:19 . 2010-02-18 14:19 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\AVG Security Toolbar
2010-02-18 14:06 . 2010-02-18 14:06 -------- d-----w- C:\$AVG
2010-02-18 14:06 . 2010-02-18 14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06 . 2010-02-18 14:06 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06 . 2010-02-18 14:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-18 14:06 . 2010-02-22 06:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06 . 2010-02-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-18 13:07 . 2004-08-04 01:07 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06 . 2004-08-04 01:07 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-02-18 13:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:36 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-18 08:07 . 2010-02-18 08:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-17 13:34 . 2010-02-17 13:34 -------- d-----w- c:\documents and settings\Juca\Application Data\JewelMatch2
2010-02-17 13:02 . 2010-02-17 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\SuperMP3Download
2010-02-17 12:30 . 2010-02-17 12:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-17 10:25 . 2010-02-22 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-02-17 10:24 . 2010-02-17 13:02 -------- d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57 . 2010-02-16 10:57 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-16 10:12 . 2010-02-16 10:12 -------- d-----w- c:\program files\3dGirlz
2010-02-16 10:10 . 2010-02-18 08:07 -------- d-----w- c:\program files\MAdModule
2010-02-15 16:03 . 2010-02-15 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpecialBit
2010-02-13 16:27 . 2010-02-13 16:27 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Astar Games
2010-02-13 13:23 . 2002-06-20 08:56 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23 . 2002-06-17 13:09 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 13:23 . 2002-06-11 03:03 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 09:05 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Cloanto
2010-02-13 09:04 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Cloanto
2010-02-13 08:25 . 2010-02-13 08:27 -------- d-----w- c:\documents and settings\Juca\Application Data\ProfiCAD
2010-02-10 15:59 . 2010-02-10 15:59 -------- d-----w- c:\program files\mresreg
2010-02-10 07:48 . 2010-02-10 07:49 -------- d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15 . 2010-02-09 14:23 -------- d-----w- c:\documents and settings\Juca\Incomplete
2010-02-09 14:15 . 2010-02-09 14:15 -------- d-----w- c:\documents and settings\Juca\Shared
2010-02-08 11:15 . 2010-02-08 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2010-02-06 16:00 . 2010-02-06 16:00 -------- d-----w- c:\documents and settings\Juca\Application Data\SpinTop Games
2010-02-06 14:24 . 2010-02-07 10:18 -------- d-----w- c:\documents and settings\Juca\Application Data\Flood Light Games
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-04 12:24 . 2010-02-04 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\Dragon Altar Games
2010-02-01 14:12 . 2010-02-01 14:12 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Ph03nixNewMedia
2010-02-01 13:05 . 2010-02-01 13:05 81408 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Cogs\4000008000002i\Splash Screen.exe
2010-02-01 12:26 . 2010-02-01 12:27 -------- d-----w- c:\documents and settings\Juca\.mypaint
2010-01-31 10:41 . 2010-01-31 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-31 10:41 . 2010-01-31 10:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Azureus
2010-01-29 11:17 . 2010-02-18 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:16 . 2010-01-29 11:16 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-29 11:14 . 2010-01-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 11:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 07:41 . 2010-01-29 07:43 -------- d-----w- c:\documents and settings\Juca\.rainlendar2
2010-01-28 22:30 . 2010-01-28 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\CobiMobi
2010-01-28 16:33 . 2010-02-01 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\PlayFirst
2010-01-28 07:24 . 2010-01-28 07:24 -------- d-----w- c:\documents and settings\Juca\Application Data\SPlayer
2010-01-27 15:46 . 2010-01-27 15:46 -------- d-sh--w- c:\documents and settings\Juca\Impostazioni locali
2010-01-27 07:47 . 2010-01-29 07:49 -------- d-----w- c:\documents and settings\Juca\Application Data\TeraCopy
2010-01-27 06:53 . 2010-01-27 06:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 06:44 . 2010-01-27 06:44 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcp71.dll
2010-01-27 06:44 . 2010-01-27 06:44 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\jmc.dll
2010-01-27 06:44 . 2010-01-27 06:44 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcr71.dll
2010-01-27 06:44 . 2010-01-27 06:44 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-sse.dll
2010-01-27 06:44 . 2010-01-27 06:44 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-d3d.dll
2010-01-26 13:37 . 2010-01-26 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Rumbic Studio
2010-01-26 07:23 . 2010-02-05 16:42 -------- d-----w- c:\program files\Ceremu
2010-01-26 06:56 . 2010-01-26 06:59 -------- d-----w- c:\documents and settings\Juca\Application Data\vlc
2010-01-26 06:37 . 2010-01-26 06:38 -------- d-----w- c:\documents and settings\Juca\Application Data\Media Player Classic
2010-01-25 16:33 . 2010-01-25 16:33 -------- d-----w- c:\program files\Speccy
2010-01-25 10:57 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43 . 2010-02-12 10:30 -------- d-----w- c:\documents and settings\Juca\Application Data\ERS G-Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 07:39 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-22 07:36 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-02-22 07:25 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-02-22 07:17 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-02-22 07:17 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-21 18:19 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-02-21 14:25 . 2009-11-18 16:24 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-21 14:22 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-02-21 09:54 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-02-21 09:52 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-02-21 09:16 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-02-21 05:32 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-21 05:17 . 2009-02-18 18:08 -------- d-----w- c:\program files\uTorrent
2010-02-21 05:17 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2010-02-21 05:17 . 2009-02-23 14:05 -------- d-----w- c:\program files\MorEmoticons
2010-02-21 05:00 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 04:51 . 2009-02-19 11:35 -------- d-----w- c:\program files\DivX
2010-02-20 23:29 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-02-20 17:39 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 16:57 . 2009-02-22 11:42 -------- d-----w- c:\program files\Winamp
2010-02-19 12:31 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-02-18 14:57 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-02-18 13:57 . 2009-12-25 14:41 -------- d-----w- c:\program files\Sandboxie
2010-02-18 13:35 . 2009-02-18 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 13:02 . 2009-11-18 16:24 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 13:02 . 2010-01-11 11:37 -------- d-----w- c:\program files\20 TRIKOVA
2010-02-15 10:11 . 2009-02-22 11:42 -------- d-----w- c:\documents and settings\Juca\Application Data\Winamp
2010-02-13 09:04 . 2009-04-25 11:04 -------- d-----w- c:\program files\Common Files\Cloanto
2010-02-13 09:04 . 2009-04-25 11:02 -------- d-----w- c:\program files\Cloanto
2010-02-05 16:17 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 13:09 . 2009-10-28 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2010-01-31 15:39 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2010-01-31 11:13 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMp3Downloader
2010-01-27 06:44 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-01-26 14:47 . 2009-02-19 11:35 -------- d-----w- c:\documents and settings\Juca\Application Data\Dr. DivX 2.0 OSS
2010-01-22 16:43 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Juca\Application Data\ArcticLine
2010-01-22 14:09 . 2010-01-22 14:09 -------- d-----w- c:\program files\Desktop
2010-01-22 12:19 . 2010-01-22 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\YoudaGames
2010-01-21 13:02 . 2010-01-21 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\AJ SQUARE INC
2010-01-19 14:54 . 2010-01-19 14:57 274 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-01-19 14:29 . 2010-01-19 14:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Gamelab
2010-01-19 06:58 . 2010-01-19 06:52 -------- d-----w- c:\program files\Internet Lock
2010-01-19 06:52 . 2010-01-19 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TopLang
2010-01-18 12:47 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\Juca\Application Data\EasyMp3Downloader
2010-01-17 13:25 . 2010-01-17 13:15 -------- d-----w- c:\program files\ProgDVB
2010-01-16 07:35 . 2009-02-19 12:05 -------- d-----r- c:\program files\Skype
2010-01-15 23:39 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2010-01-15 15:24 . 2009-09-16 05:35 -------- d-----w- c:\program files\Opera
2010-01-14 14:30 . 2010-01-14 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\Stellarium
2010-01-14 07:16 . 2010-01-14 07:16 -------- d-----w- c:\documents and settings\Juca\Application Data\Nero
2010-01-13 14:12 . 2009-02-19 17:03 -------- d-----w- c:\documents and settings\Juca\Application Data\DivX
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-10 07:39 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-09 15:50 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-01-09 07:34 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-01-08 17:23 . 2010-01-08 17:21 -------- d-----w- c:\program files\Amoba
2010-01-08 10:28 . 2010-01-08 07:36 27 ----a-w- c:\windows\popcinfot.dat
2010-01-08 06:58 . 2010-01-08 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1005
2010-01-07 06:59 . 2010-01-07 06:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-06 15:16 . 2010-01-06 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\program files\SCREENSEVEN
2010-01-06 15:14 . 2009-12-14 06:47 -------- d-----w- c:\program files\OXXOGames
2010-01-06 13:23 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 11:08 . 2010-01-05 11:08 -------- d-----w- c:\program files\xp_simulation_setup
2010-01-04 08:10 . 2009-02-19 12:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 16:14 . 2004-08-04 01:07 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:21 . 2009-12-29 07:21 -------- d-----w- c:\documents and settings\Juca\Application Data\facemoods.com
2009-12-29 07:21 . 2009-12-04 08:22 -------- d-----w- c:\program files\Button Shop 4
2009-12-29 07:20 . 2009-12-24 07:31 -------- d-----w- c:\program files\ABBYY FineReader 8.0 Professional Edition
2009-12-26 15:23 . 2009-08-21 14:09 -------- d-----w- c:\program files\Super Internet TV
2009-12-25 06:51 . 2009-12-25 06:51 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000c00002i\jqsnotify.exe
2009-12-25 06:50 . 2009-12-25 06:50 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000df00002i\firefox.exe
2009-12-22 05:42 . 2004-08-04 01:07 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002ba200002i\run.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4ad000006100003i\cmd.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002700002i\SuperFrog.exe
2009-12-17 16:14 . 2009-02-19 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58 . 2009-02-18 15:58 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59 . 2009-12-11 16:00 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11 . 2009-12-11 07:09 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11 . 2009-12-11 07:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-09 06:25 . 2009-12-04 08:41 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-04 14:41 . 2004-08-04 01:07 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 08:37 . 2009-02-18 16:07 48840 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 08:22 . 2009-12-04 08:22 2 ----a-w- c:\windows\system32\krx240.dat
2009-11-29 06:44 . 2009-11-29 06:44 0 ----a-w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-11-27 17:33 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-26 12:45 . 2009-09-21 11:44 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
.

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Log napravljen na kraju sledećeg skeniranja će biti sačuvan kao C:\ComboFix.txt.

Nemoj ga kopirati u poruku, već ga prikači korišćenjem opcije Prikači fajl.

Ne pokreći ComboFix više puta.

Otvoriti Notepad i iskopirati sledeci tekst:

tacija · Novi građanin

rsenog skeniranja restartovao je racunar i nakon ponovnog pokretanja otorio se CF sa porukom: Preparing Log Report- DO not run any programs until ComboFix has finished _ . Ne izbacuje izvestaj. Sta dalje?

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Ponovi prethodni postupak.

tacija · Novi građanin

Probao sam dva puta iponovo se dogadja isto. Kad prevucem fajl CFScript u combo fiks on ostaje na desktopu i kada se zavrsi skeniranje i ponovo podigne sistem , umesto njega na desktopu je precica za internet eksplorer
Inace nisam rekao da se kada startuje combo fix prvo pojavi poruka: ComboFix.exe - Ordinal not found

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Isključio si AVG i TeaTimer pre pokretanja programa ComboFix?

Ako nisi, isključi pa ponovi postupak.

tacija · Novi građanin

Iskljucio sam i AVG iTeaTimer iAdware iponovo probao i ponovo se desava isto.

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Preuzmi SystemLook na Desktop.

Dvoklikom pokreni SystemLook i u njegov prozor iskopiraj sve što se nalazi unutar kod polja:

tacija · Novi građanin

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:29 on 25/02/2010 by Juca (Administrator - Elevation successful)

========== filefind ==========

Searching for "*allupdate*"
No files found.

Searching for "*avgtray*"
C:\Program Files\AVG\AVG9\avgtray .exe --a--- 2033432 bytes [08:04 22/12/2009] [08:55 23/12/2009] 72A7A352072EB6EC4953F9F580463B0D
C:\Program Files\AVG\AVG9\avgtray.exe --a--- 2033432 bytes [14:06 18/02/2010] [14:06 18/02/2010] 72A7A352072EB6EC4953F9F580463B0D

Searching for "*dwtrig20*"
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE --a--- 34880 bytes [20:53 14/07/2003] [11:17 19/02/2009] 193D159EA2E807C67B718FDEFCAED47B
C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe --a--- 39264 bytes [14:38 13/03/2007] [14:38 13/03/2007] 6D787FDF93DE266CE25378FB362DF011

Searching for "*nwiz*"
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\nwiz .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:44 18/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwiz .exe.vir --a--- 1630208 bytes [17:54 18/02/2009] [18:31 16/05/2008] 3860B249BF5AF7B28D11F2731FCF6088

Searching for "*rthdcpl*"
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe --a--- 16857600 bytes [17:46 18/02/2009] [06:31 13/02/2008] A6543BD31E3B48F70DA57FB01F13D934
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rthdcpl .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:29 17/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rthdcpl.exe.vir --a--- 44544 bytes [16:46 20/02/2010] [16:46 20/02/2010] 1881D049F9D48F5E95196892C845566C
C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf --a--- 22126 bytes [06:37 25/02/2010] [06:37 25/02/2010] CE60BA30342F219BC99305181F3BBD43
C:\WINDOWS\RTHDCPL.exe -ra--- 16857600 bytes [17:46 18/02/2009] [06:31 13/02/2008] A6543BD31E3B48F70DA57FB01F13D934

Searching for "*rundll32*"
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rundll32 .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:29 17/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rundll32.exe.vir --a--- 44544 bytes [16:56 20/02/2010] [16:56 20/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32 .exe.vir --a--- 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf --a--- 29840 bytes [06:37 25/02/2010] [06:37 25/02/2010] 6610185D45649ADE813F74C41ED5573B
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13B7EE14.pf --a--- 15240 bytes [14:35 25/02/2010] [14:35 25/02/2010] 57D516F2F9AEFA4D3D4D68CC6280421F
C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --a--- 27044 bytes [06:37 25/02/2010] [06:37 25/02/2010] 6BF916CD2A91BC4FEACFD30A466372FB
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451433C9.pf --a--- 20036 bytes [14:34 25/02/2010] [14:34 25/02/2010] D0D0E8AEF93550D9F9E5B450B73102E6
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --a--- 13922 bytes [10:41 25/02/2010] [14:36 25/02/2010] E79E3437B1BA5A7B2A8C94FB2F8FFD43
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "*logitechdesktopmessenger*"
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.appid.8876480 --a--- 0 bytes [16:13 19/02/2009] [16:13 19/02/2009] D41D8CD98F00B204E9800998ECF8427E

Searching for "*madservice*"
C:\Program Files\MAdModule\madservice .exe --a--- 764416 bytes [10:10 16/02/2010] [17:58 16/02/2010] 0ED89CB63ADAA36964B60E1570ED8896

Searching for "*moremoticons*"
C:\Documents and Settings\Juca\Start Menu\Programs\MorEmoticons\MorEmoticons.lnk --a--- 754 bytes [14:05 23/02/2009] [14:05 23/02/2009] BC1E0C8F38A17A5411DE2A2764E9FAD9
C:\Program Files\MorEmoticons\Moremoticons.dll --a--- 101376 bytes [02:35 12/11/2007] [02:35 12/11/2007] EDDF5EA51214CC518907FAA579BCD4AB

Searching for "*sbiectrl*"
C:\Program Files\Sandboxie\sbiectrl .exe --a--- 389120 bytes [13:55 01/12/2009] [13:55 01/12/2009] 5D0F2626553613B22AF1BF709DD84148

Searching for "*teatimer*"
C:\Documents and Settings\Juca\Desktop\Ambulanta\ResetTeaTimer.exe --a--- 126976 bytes [05:02 21/02/2010] [05:02 21/02/2010] 8636BC3216983F241A5B4287DFF48CDB
C:\Documents and Settings\Juca\Desktop\Korisni programi\SpybotSD_Portable_1.6.3.50_MultiLang\App\SpybotSD\TeaTimer.exe --a--- 2144088 bytes [11:49 21/02/2010] [16:31 26/01/2009] 896A1DB9A972AD2339C2E8569EC926D1
C:\Program Files\Spybot - Search & Destroy\teatimer .exe -rahs- 2260480 bytes [04:50 11/05/2009] [14:07 05/03/2009] 390679F7A217A5E73D756276C40AE887
C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.exe --a--- 1065888 bytes [05:04 13/05/2009] [08:20 11/03/2009] 03DFB01979908D80BAEC49A9740D3646
C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.zip --a--- 1036085 bytes [05:04 13/05/2009] [05:04 11/03/2009] B25DDC8AC4641F37F31066A2D7ACCEBB
C:\Qoobox\Quarantine\C\Program Files\Spybot - Search & Destroy\teatimer.exe.vir --a--- 44544 bytes [04:50 11/05/2009] [16:56 20/02/2010] 1881D049F9D48F5E95196892C845566C

Searching for "*utorrent*"
C:\Documents and Settings\Juca\Application Data\uTorrent\Provjera porta-utorrent.torrent ------ 735 bytes [18:21 18/02/2009] [07:41 18/02/2009] BAF5E27CE4E441B3A2E87FA5DECFB7F1
C:\Documents and Settings\Juca\Application Data\uTorrent\utorrent postavke.torrent ------ 700 bytes [18:17 18/02/2009] [07:41 18/02/2009] A79E00B9C94C8F24CC06330716639D5F
C:\Documents and Settings\Juca\Application Data\uTorrent\utorrent.lng --a--- 596989 bytes [18:10 18/02/2009] [22:20 14/01/2010] ECAD439FCED335740BF165639AF1210A
C:\Documents and Settings\Juca\Desktop\utorrent.exe --a--- 177152 bytes [05:57 21/02/2010] [07:05 01/02/2010] E3013175D75CB6ABBB55F61FDFEF7F50
C:\Documents and Settings\Juca\Recent\uTorrent.lnk --a--- 690 bytes [14:27 13/02/2010] [14:27 13/02/2010] 593BE4F17024BFD00258DFF453B23AD4
C:\Program Files\uTorrent\14458-utorrent.416e.dmp --a--- 144914 bytes [06:03 19/08/2009] [06:03 19/08/2009] AC20F6677F56BE1BCC8793E1C7DFC2D5
C:\Program Files\uTorrent\14458-utorrent.8baa.dmp --a--- 141140 bytes [16:40 12/01/2010] [16:40 12/01/2010] 4036AC6EA736552E81F2EE503223A289
C:\Program Files\uTorrent\14458-utorrent.94b4.dmp --a--- 119474 bytes [16:11 04/01/2010] [16:11 04/01/2010] 00FEF011AAED2658560FDC875B9266EE
C:\Program Files\uTorrent\14458-utorrent.9dc2.dmp --a--- 120443 bytes [14:37 08/01/2010] [14:37 08/01/2010] 1914A00208C7A8128ABF9DE9B66C5099
C:\Program Files\uTorrent\14458-utorrent.b568.dmp --a--- 121998 bytes [13:47 20/12/2009] [13:47 20/12/2009] C3B33B3716E197A40A9DC54FC0BC841E
C:\Program Files\uTorrent\15619-utorrent.27b7.dmp --a--- 117346 bytes [22:08 04/02/2010] [22:08 04/02/2010] 2779A3C381BC61D6F3E43B3EAC0AB99F
C:\Program Files\uTorrent\15619-utorrent.d438.dmp --a--- 139285 bytes [14:23 19/02/2010] [14:24 19/02/2010] 6350B9E3559D5038AD7DF537BB6BE19F
C:\Program Files\uTorrent\utorrent .exe --a--- 288048 bytes [18:08 18/02/2009] [16:17 15/01/2010] 9BB58700DD33D03B94655EB638DD32D1
C:\Qoobox\Quarantine\Registry_backups\AddRemove-uTorrent.reg.dat --a--- 922 bytes [16:53 20/02/2010] [16:53 20/02/2010] 1C28D364C7E29983EA162FDB0D4E50FF
C:\WINDOWS\Prefetch\UTORRENT .EXE-20F88EB0.pf --a--- 39750 bytes [06:37 25/02/2010] [06:37 25/02/2010] D7419D2F778DAEE988255EBACA3EADF6
C:\WINDOWS\Prefetch\UTORRENT.EXE-19FBBC89.pf --a--- 30606 bytes [06:43 25/02/2010] [06:43 25/02/2010] DE80FB3CC49AB1793AFE0D3ADC998083

Searching for "*tbpanel* "
C:\Program Files\XpertVision\TBPANEL.url --a--- 52 bytes [16:20 18/02/2010] [16:20 18/02/2010] A5D395A37F94A2D55B5C0DF06A44AD36
C:\Program Files\XpertVision\TBPanelExt.dll --a--- 32768 bytes [16:20 18/02/2010] [10:31 31/01/2007] 8A02616D3F78E313725C9671B4AA2953
C:\WINDOWS\system32\drivers\TBPanel.sys --a--- 12256 bytes [16:20 18/02/2010] [09:11 16/03/2007] 04E1C782CF14B7282EBC633B0FD3ED16

-=End Of File=-

dr_Bora · Anti Malware Fighter Rank 2 Supermoderator tech foruma

Vesti

Zarazena mozila