Zarazena mozila

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-02-21.02 - Juca 02/22/2010 8:36.9.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1334 [GMT 1:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
The following files were disabled during the run:
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Juca\nwiz.exe
c:\documents and settings\Juca\SyncMan.exe
c:\program files\114796.dat
c:\program files\115968.dat
c:\program files\122093.dat
c:\program files\126640.dat
c:\program files\144453.dat
c:\program files\Mozilla Firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
c:\windows\system32\-c6DPF_uCL2_X.exe
c:\windows\system32\elkctrl.exe
c:\windows\system32\lvcomsx.exe
c:\windows\system32\nerocheck.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\tscupgrd.exe

.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 14:00 . 2010-02-21 14:00 -------- d-----w- c:\program files\7-Zip
2010-02-21 05:22 . 2010-02-21 05:22 -------- d-----w- c:\documents and settings\Juca\Application Data\AVG9
2010-02-20 17:53 . 2010-02-20 17:53 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\WMTools Downloaded Files
2010-02-19 07:08 . 2010-02-18 14:06 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-19 07:08 . 2010-02-18 14:06 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-18 16:33 . 2010-02-18 16:33 -------- d-----w- c:\program files\Driver-Soft
2010-02-18 16:20 . 2007-03-16 09:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20 . 2010-02-21 05:17 -------- d-----w- c:\program files\XpertVision
2010-02-18 14:58 . 2010-02-18 14:58 -------- d-----w- c:\documents and settings\Juca\Application Data\InstallShield
2010-02-18 14:38 . 2009-11-25 12:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-18 14:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:27 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:19 . 2010-02-18 14:19 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\AVG Security Toolbar
2010-02-18 14:06 . 2010-02-18 14:06 -------- d-----w- C:\$AVG
2010-02-18 14:06 . 2010-02-18 14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06 . 2010-02-18 14:06 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06 . 2010-02-18 14:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-18 14:06 . 2010-02-22 06:35 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06 . 2010-02-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-18 13:07 . 2004-08-04 01:07 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06 . 2004-08-04 01:07 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-02-18 13:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:36 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-18 08:07 . 2010-02-18 08:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-17 13:34 . 2010-02-17 13:34 -------- d-----w- c:\documents and settings\Juca\Application Data\JewelMatch2
2010-02-17 13:02 . 2010-02-17 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\SuperMP3Download
2010-02-17 12:30 . 2010-02-17 12:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-17 10:25 . 2010-02-22 06:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-02-17 10:24 . 2010-02-17 13:02 -------- d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57 . 2010-02-16 10:57 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-16 10:12 . 2010-02-16 10:12 -------- d-----w- c:\program files\3dGirlz
2010-02-16 10:10 . 2010-02-18 08:07 -------- d-----w- c:\program files\MAdModule
2010-02-15 16:03 . 2010-02-15 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpecialBit
2010-02-13 16:27 . 2010-02-13 16:27 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Astar Games
2010-02-13 13:23 . 2002-06-20 08:56 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23 . 2002-06-17 13:09 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 13:23 . 2002-06-11 03:03 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 09:05 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Cloanto
2010-02-13 09:04 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Cloanto
2010-02-13 08:25 . 2010-02-13 08:27 -------- d-----w- c:\documents and settings\Juca\Application Data\ProfiCAD
2010-02-10 15:59 . 2010-02-10 15:59 -------- d-----w- c:\program files\mresreg
2010-02-10 07:48 . 2010-02-10 07:49 -------- d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15 . 2010-02-09 14:23 -------- d-----w- c:\documents and settings\Juca\Incomplete
2010-02-09 14:15 . 2010-02-09 14:15 -------- d-----w- c:\documents and settings\Juca\Shared
2010-02-08 11:15 . 2010-02-08 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2010-02-06 16:00 . 2010-02-06 16:00 -------- d-----w- c:\documents and settings\Juca\Application Data\SpinTop Games
2010-02-06 14:24 . 2010-02-07 10:18 -------- d-----w- c:\documents and settings\Juca\Application Data\Flood Light Games
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-04 12:24 . 2010-02-04 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\Dragon Altar Games
2010-02-01 14:12 . 2010-02-01 14:12 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Ph03nixNewMedia
2010-02-01 13:05 . 2010-02-01 13:05 81408 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Cogs\4000008000002i\Splash Screen.exe
2010-02-01 12:26 . 2010-02-01 12:27 -------- d-----w- c:\documents and settings\Juca\.mypaint
2010-01-31 10:41 . 2010-01-31 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-31 10:41 . 2010-01-31 10:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Azureus
2010-01-29 11:17 . 2010-02-18 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:16 . 2010-01-29 11:16 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-29 11:14 . 2010-01-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 11:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 07:41 . 2010-01-29 07:43 -------- d-----w- c:\documents and settings\Juca\.rainlendar2
2010-01-28 22:30 . 2010-01-28 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\CobiMobi
2010-01-28 16:33 . 2010-02-01 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\PlayFirst
2010-01-28 07:24 . 2010-01-28 07:24 -------- d-----w- c:\documents and settings\Juca\Application Data\SPlayer
2010-01-27 15:46 . 2010-01-27 15:46 -------- d-sh--w- c:\documents and settings\Juca\Impostazioni locali
2010-01-27 07:47 . 2010-01-29 07:49 -------- d-----w- c:\documents and settings\Juca\Application Data\TeraCopy
2010-01-27 06:53 . 2010-01-27 06:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 06:44 . 2010-01-27 06:44 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcp71.dll
2010-01-27 06:44 . 2010-01-27 06:44 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\jmc.dll
2010-01-27 06:44 . 2010-01-27 06:44 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcr71.dll
2010-01-27 06:44 . 2010-01-27 06:44 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-sse.dll
2010-01-27 06:44 . 2010-01-27 06:44 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-d3d.dll
2010-01-26 13:37 . 2010-01-26 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Rumbic Studio
2010-01-26 07:23 . 2010-02-05 16:42 -------- d-----w- c:\program files\Ceremu
2010-01-26 06:56 . 2010-01-26 06:59 -------- d-----w- c:\documents and settings\Juca\Application Data\vlc
2010-01-26 06:37 . 2010-01-26 06:38 -------- d-----w- c:\documents and settings\Juca\Application Data\Media Player Classic
2010-01-25 16:33 . 2010-01-25 16:33 -------- d-----w- c:\program files\Speccy
2010-01-25 10:57 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43 . 2010-02-12 10:30 -------- d-----w- c:\documents and settings\Juca\Application Data\ERS G-Studio

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-22 07:39 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-22 07:36 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-02-22 07:25 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-02-22 07:17 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-02-22 07:17 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-21 18:19 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-02-21 14:25 . 2009-11-18 16:24 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-21 14:22 . 2009-05-11 04:54 -------- d-----w- c:\program files\Unlocker
2010-02-21 09:54 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-02-21 09:52 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-02-21 09:16 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-02-21 05:32 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-21 05:17 . 2009-02-18 18:08 -------- d-----w- c:\program files\uTorrent
2010-02-21 05:17 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2010-02-21 05:17 . 2009-02-23 14:05 -------- d-----w- c:\program files\MorEmoticons
2010-02-21 05:00 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 04:51 . 2009-02-19 11:35 -------- d-----w- c:\program files\DivX
2010-02-20 23:29 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-02-20 17:39 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 16:57 . 2009-02-22 11:42 -------- d-----w- c:\program files\Winamp
2010-02-19 12:31 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-02-18 14:57 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-02-18 13:57 . 2009-12-25 14:41 -------- d-----w- c:\program files\Sandboxie
2010-02-18 13:35 . 2009-02-18 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 13:02 . 2009-11-18 16:24 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 13:02 . 2010-01-11 11:37 -------- d-----w- c:\program files\20 TRIKOVA
2010-02-15 10:11 . 2009-02-22 11:42 -------- d-----w- c:\documents and settings\Juca\Application Data\Winamp
2010-02-13 09:04 . 2009-04-25 11:04 -------- d-----w- c:\program files\Common Files\Cloanto
2010-02-13 09:04 . 2009-04-25 11:02 -------- d-----w- c:\program files\Cloanto
2010-02-05 16:17 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 13:09 . 2009-10-28 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2010-01-31 15:39 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2010-01-31 11:13 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMp3Downloader
2010-01-27 06:44 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-01-26 14:47 . 2009-02-19 11:35 -------- d-----w- c:\documents and settings\Juca\Application Data\Dr. DivX 2.0 OSS
2010-01-22 16:43 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Juca\Application Data\ArcticLine
2010-01-22 14:09 . 2010-01-22 14:09 -------- d-----w- c:\program files\Desktop
2010-01-22 12:19 . 2010-01-22 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\YoudaGames
2010-01-21 13:02 . 2010-01-21 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\AJ SQUARE INC
2010-01-19 14:54 . 2010-01-19 14:57 274 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-01-19 14:29 . 2010-01-19 14:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Gamelab
2010-01-19 06:58 . 2010-01-19 06:52 -------- d-----w- c:\program files\Internet Lock
2010-01-19 06:52 . 2010-01-19 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TopLang
2010-01-18 12:47 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\Juca\Application Data\EasyMp3Downloader
2010-01-17 13:25 . 2010-01-17 13:15 -------- d-----w- c:\program files\ProgDVB
2010-01-16 07:35 . 2009-02-19 12:05 -------- d-----r- c:\program files\Skype
2010-01-15 23:39 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2010-01-15 15:24 . 2009-09-16 05:35 -------- d-----w- c:\program files\Opera
2010-01-14 14:30 . 2010-01-14 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\Stellarium
2010-01-14 07:16 . 2010-01-14 07:16 -------- d-----w- c:\documents and settings\Juca\Application Data\Nero
2010-01-13 14:12 . 2009-02-19 17:03 -------- d-----w- c:\documents and settings\Juca\Application Data\DivX
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-10 07:39 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-09 15:50 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-01-09 07:34 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-01-08 17:23 . 2010-01-08 17:21 -------- d-----w- c:\program files\Amoba
2010-01-08 10:28 . 2010-01-08 07:36 27 ----a-w- c:\windows\popcinfot.dat
2010-01-08 06:58 . 2010-01-08 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1005
2010-01-07 06:59 . 2010-01-07 06:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-06 15:16 . 2010-01-06 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\program files\SCREENSEVEN
2010-01-06 15:14 . 2009-12-14 06:47 -------- d-----w- c:\program files\OXXOGames
2010-01-06 13:23 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 11:08 . 2010-01-05 11:08 -------- d-----w- c:\program files\xp_simulation_setup
2010-01-04 08:10 . 2009-02-19 12:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 16:14 . 2004-08-04 01:07 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:21 . 2009-12-29 07:21 -------- d-----w- c:\documents and settings\Juca\Application Data\facemoods.com
2009-12-29 07:21 . 2009-12-04 08:22 -------- d-----w- c:\program files\Button Shop 4
2009-12-29 07:20 . 2009-12-24 07:31 -------- d-----w- c:\program files\ABBYY FineReader 8.0 Professional Edition
2009-12-26 15:23 . 2009-08-21 14:09 -------- d-----w- c:\program files\Super Internet TV
2009-12-25 06:51 . 2009-12-25 06:51 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000c00002i\jqsnotify.exe
2009-12-25 06:50 . 2009-12-25 06:50 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000df00002i\firefox.exe
2009-12-22 05:42 . 2004-08-04 01:07 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002ba200002i\run.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4ad000006100003i\cmd.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002700002i\SuperFrog.exe
2009-12-17 16:14 . 2009-02-19 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58 . 2009-02-18 15:58 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59 . 2009-12-11 16:00 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11 . 2009-12-11 07:09 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11 . 2009-12-11 07:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-09 06:25 . 2009-12-04 08:41 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-04 14:41 . 2004-08-04 01:07 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 08:37 . 2009-02-18 16:07 48840 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 08:22 . 2009-12-04 08:22 2 ----a-w- c:\windows\system32\krx240.dat
2009-11-29 06:44 . 2009-11-29 06:44 0 ----a-w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-11-27 17:33 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-26 12:45 . 2009-09-21 11:44 3695616 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
.
<pre>
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Lavasoft\Ad-Aware\nwiz .exe
c:\program files\Lavasoft\Ad-Aware\rthdcpl .exe
c:\program files\Lavasoft\Ad-Aware\rundll32 .exe
c:\program files\MAdModule\madservice .exe
c:\program files\Sandboxie\sbiectrl .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\uTorrent\utorrent        .exe
c:\program files\uTorrent\utorrent       .exe
c:\program files\uTorrent\utorrent      .exe
c:\program files\uTorrent\utorrent     .exe
c:\program files\uTorrent\utorrent    .exe
c:\program files\uTorrent\utorrent   .exe
c:\program files\uTorrent\utorrent  .exe
c:\program files\uTorrent\utorrent .exe
</pre>

((((((((((((((((((((((((((((( [Link mogu videti samo ulogovani korisnici] )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-22 07:25 . 2010-02-22 07:25 16384 c:\windows\temp\Perflib_Perfdata_220.dat
+ 2004-01-07 10:21 . 2004-01-07 10:21 237936 c:\windows\system32\unicows.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-07-14 22:37 429280 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [N/A]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [N/A]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [N/A]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [N/A]
"DW6"="" [N/A]
"360desktop"="" [N/A]
"ChristmasTree"="c:\documents and settings\Juca\Desktop\Christmas.exe" [N/A]
"uTorrent"="c:\program files\uTorrent\utorrent .exe" [2010-01-15 288048]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [N/A]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2010-02-20 44544]
"TBC Pro"="c:\program files\TitleBarClock Pro\Tbcpro.exe" [N/A]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [N/A]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [N/A]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [N/A]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [N/A]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [N/A]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [N/A]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [N/A]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [N/A]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.e_e" [N/A]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [N/A]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [N/A]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 423248]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Documents and Settings\\Juca\\Desktop\\utorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 3:06 PM 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 1:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 3:06 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 3:06 PM 360584]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 10:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/18/2010 3:06 PM 285392]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 11:50 AM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 8:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 9:14 AM 139264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 10:34 PM 1028432]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 8:28 PM 698368]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 8:28 PM 6400]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Juca\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Juca\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 6:43 PM 55816]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 9:12 AM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:44]

2010-02-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-10-06 07:22]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = [Link mogu videti samo ulogovani korisnici]
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Search
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

AddRemove--c6DPF_uCL2_X - c:\windows\system32\-c6DPF_uCL2_X.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2010-02-22 08:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2532)
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-02-22 08:42:57
ComboFix-quarantined-files.txt 2010-02-22 07:42
ComboFix2.txt 2010-02-21 05:15
ComboFix3.txt 2009-07-23 06:15

Pre-Run: 98,733,899,776 bytes free
Post-Run: 98,698,436,608 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 6432E9D3A0FFFC90001C2B5BA160E507

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Log napravljen na kraju sledećeg skeniranja će biti sačuvan kao C:\ComboFix.txt.

Nemoj ga kopirati u poruku, već ga prikači korišćenjem opcije Prikači fajl.

Ne pokreći ComboFix više puta.




Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\program files\Spybot - Search & Destroy\TeaTimer.exe

NoOrphans::

KillAll::

FileLook::
c:\program files\ALLPlayer\allupdate .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Lavasoft\Ad-Aware\nwiz .exe
c:\program files\Lavasoft\Ad-Aware\rthdcpl .exe
c:\program files\Lavasoft\Ad-Aware\rundll32 .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\logitechdesktopmessenger .exe
c:\program files\MAdModule\madservice .exe
c:\program files\MorEmoticons\moremoticons .exe
c:\program files\Sandboxie\sbiectrl .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\uTorrent\utorrent        .exe
c:\program files\uTorrent\utorrent       .exe
c:\program files\uTorrent\utorrent      .exe
c:\program files\uTorrent\utorrent     .exe
c:\program files\uTorrent\utorrent    .exe
c:\program files\uTorrent\utorrent   .exe
c:\program files\uTorrent\utorrent  .exe
c:\program files\uTorrent\utorrent .exe
c:\program files\XpertVision\tbpanel .exe



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

rsenog skeniranja restartovao je racunar i nakon ponovnog pokretanja otorio se CF sa porukom: Preparing Log Report- DO not run any programs until ComboFix has finished _ . Ne izbacuje izvestaj. Sta dalje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ponovi prethodni postupak.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Probao sam dva puta iponovo se dogadja isto. Kad prevucem fajl CFScript u combo fiks on ostaje na desktopu i kada se zavrsi skeniranje i ponovo podigne sistem , umesto njega na desktopu je precica za internet eksplorer
Inace nisam rekao da se kada startuje combo fix prvo pojavi poruka: ComboFix.exe - Ordinal not found

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isključio si AVG i TeaTimer pre pokretanja programa ComboFix?

Ako nisi, isključi pa ponovi postupak.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Iskljucio sam i AVG iTeaTimer iAdware iponovo probao i ponovo se desava isto.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi SystemLook na Desktop.

Dvoklikom pokreni SystemLook i u njegov prozor iskopiraj sve što se nalazi unutar kod polja:



:filefind
*allupdate*
*avgtray*
*dwtrig20*
*nwiz*
*rthdcpl*
*rundll32*
*logitechdesktopmessenger*
*madservice*
*moremoticons*
*sbiectrl*
*teatimer*
*utorrent*
*tbpanel*




Klikni Look.


Po završetku skeniranja priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktopu.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:29 on 25/02/2010 by Juca (Administrator - Elevation successful)

========== filefind ==========

Searching for "*allupdate*"
No files found.

Searching for "*avgtray*"
C:\Program Files\AVG\AVG9\avgtray .exe --a--- 2033432 bytes [08:04 22/12/2009] [08:55 23/12/2009] 72A7A352072EB6EC4953F9F580463B0D
C:\Program Files\AVG\AVG9\avgtray.exe --a--- 2033432 bytes [14:06 18/02/2010] [14:06 18/02/2010] 72A7A352072EB6EC4953F9F580463B0D

Searching for "*dwtrig20*"
C:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\FILES\PFILES\COMMON\MSSHARED\DW\DWTRIG20.EXE --a--- 34880 bytes [20:53 14/07/2003] [11:17 19/02/2009] 193D159EA2E807C67B718FDEFCAED47B
C:\Program Files\Common Files\Microsoft Shared\DW\dwtrig20 .exe --a--- 39264 bytes [14:38 13/03/2007] [14:38 13/03/2007] 6D787FDF93DE266CE25378FB362DF011

Searching for "*nwiz*"
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\nwiz .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:44 18/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\nwiz .exe.vir --a--- 1630208 bytes [17:54 18/02/2009] [18:31 16/05/2008] 3860B249BF5AF7B28D11F2731FCF6088

Searching for "*rthdcpl*"
C:\Program Files\Realtek\Audio\InstallShield\RTHDCPL.exe --a--- 16857600 bytes [17:46 18/02/2009] [06:31 13/02/2008] A6543BD31E3B48F70DA57FB01F13D934
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rthdcpl .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:29 17/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rthdcpl.exe.vir --a--- 44544 bytes [16:46 20/02/2010] [16:46 20/02/2010] 1881D049F9D48F5E95196892C845566C
C:\WINDOWS\Prefetch\RTHDCPL.EXE-06918CFA.pf --a--- 22126 bytes [06:37 25/02/2010] [06:37 25/02/2010] CE60BA30342F219BC99305181F3BBD43
C:\WINDOWS\RTHDCPL.exe -ra--- 16857600 bytes [17:46 18/02/2009] [06:31 13/02/2008] A6543BD31E3B48F70DA57FB01F13D934

Searching for "*rundll32*"
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rundll32 .exe.vir --a--- 44544 bytes [13:29 17/02/2010] [13:29 17/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\Documents and Settings\Juca\rundll32.exe.vir --a--- 44544 bytes [16:56 20/02/2010] [16:56 20/02/2010] 1881D049F9D48F5E95196892C845566C
C:\Qoobox\Quarantine\C\WINDOWS\system32\rundll32 .exe.vir --a--- 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\Prefetch\RUNDLL32.EXE-1340EF7F.pf --a--- 29840 bytes [06:37 25/02/2010] [06:37 25/02/2010] 6610185D45649ADE813F74C41ED5573B
C:\WINDOWS\Prefetch\RUNDLL32.EXE-13B7EE14.pf --a--- 15240 bytes [14:35 25/02/2010] [14:35 25/02/2010] 57D516F2F9AEFA4D3D4D68CC6280421F
C:\WINDOWS\Prefetch\RUNDLL32.EXE-415F88EC.pf --a--- 27044 bytes [06:37 25/02/2010] [06:37 25/02/2010] 6BF916CD2A91BC4FEACFD30A466372FB
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451433C9.pf --a--- 20036 bytes [14:34 25/02/2010] [14:34 25/02/2010] D0D0E8AEF93550D9F9E5B450B73102E6
C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf --a--- 13922 bytes [10:41 25/02/2010] [14:36 25/02/2010] E79E3437B1BA5A7B2A8C94FB2F8FFD43
C:\WINDOWS\system32\dllcache\rundll32.exe --a--c 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF
C:\WINDOWS\system32\rundll32.exe --a--- 33280 bytes [01:07 04/08/2004] [01:07 04/08/2004] DA285490BBD8A1D0CE6623577D5BA1FF

Searching for "*logitechdesktopmessenger*"
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe.appid.8876480 --a--- 0 bytes [16:13 19/02/2009] [16:13 19/02/2009] D41D8CD98F00B204E9800998ECF8427E

Searching for "*madservice*"
C:\Program Files\MAdModule\madservice .exe --a--- 764416 bytes [10:10 16/02/2010] [17:58 16/02/2010] 0ED89CB63ADAA36964B60E1570ED8896

Searching for "*moremoticons*"
C:\Documents and Settings\Juca\Start Menu\Programs\MorEmoticons\MorEmoticons.lnk --a--- 754 bytes [14:05 23/02/2009] [14:05 23/02/2009] BC1E0C8F38A17A5411DE2A2764E9FAD9
C:\Program Files\MorEmoticons\Moremoticons.dll --a--- 101376 bytes [02:35 12/11/2007] [02:35 12/11/2007] EDDF5EA51214CC518907FAA579BCD4AB

Searching for "*sbiectrl*"
C:\Program Files\Sandboxie\sbiectrl .exe --a--- 389120 bytes [13:55 01/12/2009] [13:55 01/12/2009] 5D0F2626553613B22AF1BF709DD84148

Searching for "*teatimer*"
C:\Documents and Settings\Juca\Desktop\Ambulanta\ResetTeaTimer.exe --a--- 126976 bytes [05:02 21/02/2010] [05:02 21/02/2010] 8636BC3216983F241A5B4287DFF48CDB
C:\Documents and Settings\Juca\Desktop\Korisni programi\SpybotSD_Portable_1.6.3.50_MultiLang\App\SpybotSD\TeaTimer.exe --a--- 2144088 bytes [11:49 21/02/2010] [16:31 26/01/2009] 896A1DB9A972AD2339C2E8569EC926D1
C:\Program Files\Spybot - Search & Destroy\teatimer .exe -rahs- 2260480 bytes [04:50 11/05/2009] [14:07 05/03/2009] 390679F7A217A5E73D756276C40AE887
C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.exe --a--- 1065888 bytes [05:04 13/05/2009] [08:20 11/03/2009] 03DFB01979908D80BAEC49A9740D3646
C:\Program Files\Spybot - Search & Destroy\Updates\teatimer166.zip --a--- 1036085 bytes [05:04 13/05/2009] [05:04 11/03/2009] B25DDC8AC4641F37F31066A2D7ACCEBB
C:\Qoobox\Quarantine\C\Program Files\Spybot - Search & Destroy\teatimer.exe.vir --a--- 44544 bytes [04:50 11/05/2009] [16:56 20/02/2010] 1881D049F9D48F5E95196892C845566C

Searching for "*utorrent*"
C:\Documents and Settings\Juca\Application Data\uTorrent\Provjera porta-utorrent.torrent ------ 735 bytes [18:21 18/02/2009] [07:41 18/02/2009] BAF5E27CE4E441B3A2E87FA5DECFB7F1
C:\Documents and Settings\Juca\Application Data\uTorrent\utorrent postavke.torrent ------ 700 bytes [18:17 18/02/2009] [07:41 18/02/2009] A79E00B9C94C8F24CC06330716639D5F
C:\Documents and Settings\Juca\Application Data\uTorrent\utorrent.lng --a--- 596989 bytes [18:10 18/02/2009] [22:20 14/01/2010] ECAD439FCED335740BF165639AF1210A
C:\Documents and Settings\Juca\Desktop\utorrent.exe --a--- 177152 bytes [05:57 21/02/2010] [07:05 01/02/2010] E3013175D75CB6ABBB55F61FDFEF7F50
C:\Documents and Settings\Juca\Recent\uTorrent.lnk --a--- 690 bytes [14:27 13/02/2010] [14:27 13/02/2010] 593BE4F17024BFD00258DFF453B23AD4
C:\Program Files\uTorrent\14458-utorrent.416e.dmp --a--- 144914 bytes [06:03 19/08/2009] [06:03 19/08/2009] AC20F6677F56BE1BCC8793E1C7DFC2D5
C:\Program Files\uTorrent\14458-utorrent.8baa.dmp --a--- 141140 bytes [16:40 12/01/2010] [16:40 12/01/2010] 4036AC6EA736552E81F2EE503223A289
C:\Program Files\uTorrent\14458-utorrent.94b4.dmp --a--- 119474 bytes [16:11 04/01/2010] [16:11 04/01/2010] 00FEF011AAED2658560FDC875B9266EE
C:\Program Files\uTorrent\14458-utorrent.9dc2.dmp --a--- 120443 bytes [14:37 08/01/2010] [14:37 08/01/2010] 1914A00208C7A8128ABF9DE9B66C5099
C:\Program Files\uTorrent\14458-utorrent.b568.dmp --a--- 121998 bytes [13:47 20/12/2009] [13:47 20/12/2009] C3B33B3716E197A40A9DC54FC0BC841E
C:\Program Files\uTorrent\15619-utorrent.27b7.dmp --a--- 117346 bytes [22:08 04/02/2010] [22:08 04/02/2010] 2779A3C381BC61D6F3E43B3EAC0AB99F
C:\Program Files\uTorrent\15619-utorrent.d438.dmp --a--- 139285 bytes [14:23 19/02/2010] [14:24 19/02/2010] 6350B9E3559D5038AD7DF537BB6BE19F
C:\Program Files\uTorrent\utorrent .exe --a--- 288048 bytes [18:08 18/02/2009] [16:17 15/01/2010] 9BB58700DD33D03B94655EB638DD32D1
C:\Qoobox\Quarantine\Registry_backups\AddRemove-uTorrent.reg.dat --a--- 922 bytes [16:53 20/02/2010] [16:53 20/02/2010] 1C28D364C7E29983EA162FDB0D4E50FF
C:\WINDOWS\Prefetch\UTORRENT .EXE-20F88EB0.pf --a--- 39750 bytes [06:37 25/02/2010] [06:37 25/02/2010] D7419D2F778DAEE988255EBACA3EADF6
C:\WINDOWS\Prefetch\UTORRENT.EXE-19FBBC89.pf --a--- 30606 bytes [06:43 25/02/2010] [06:43 25/02/2010] DE80FB3CC49AB1793AFE0D3ADC998083

Searching for "*tbpanel* "
C:\Program Files\XpertVision\TBPANEL.url --a--- 52 bytes [16:20 18/02/2010] [16:20 18/02/2010] A5D395A37F94A2D55B5C0DF06A44AD36
C:\Program Files\XpertVision\TBPanelExt.dll --a--- 32768 bytes [16:20 18/02/2010] [10:31 31/01/2007] 8A02616D3F78E313725C9671B4AA2953
C:\WINDOWS\system32\drivers\TBPanel.sys --a--- 12256 bytes [16:20 18/02/2010] [09:11 16/03/2007] 04E1C782CF14B7282EBC633B0FD3ED16

-=End Of File=-

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Citat:Po završetku skeniranja priloži uz poruku file SystemLook.txt koji će se nalaziti na Desktopu.