shvost.exe Problem !!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:39, on 04/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\NetSupport\NetSupport Manager\client32.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\ClocX\ClocX.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\GIGABYTE\Common\GNConfig.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Link mogu videti samo ulogovani korisnici]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Link mogu videti samo ulogovani korisnici]
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\FlashGet.exe /min
O4 - HKLM\..\Run: [ClocX] C:\Program Files\ClocX\ClocX.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Gigabyte Wireless Utility.lnk = C:\Program Files\GIGABYTE\Common\GNConfig.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [Link mogu videti samo ulogovani korisnici]\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC}: NameServer = 195.252.122.154
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Program Files\NetSupport\NetSupport Manager\client32.exe
O23 - Service: microsoft install le (msile) - Unknown owner - C:\WINDOWS\system\msile.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5315 bytes




Izbacuje mi neki shvost win32 problems i posel 2 min ne mogu vise da se konkt na net?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav...



Aktiviraj prikaz skrivenih file-ova: [Link mogu videti samo ulogovani korisnici]


Upload-uj file: C:\WINDOWS\system\msile.exe

preko ovog linka: [Link mogu videti samo ulogovani korisnici]


-------------------------------------------------------------------------------------



Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.





Skini ComboFix sa jedne od sledecih adresa na Desktop:
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]
[Link mogu videti samo ulogovani korisnici]

Startuj ga i ne diraj prozor programa dok skenira.
Sledi uputstva na ekranu. Kada zavrsi pojavice se log (C:\ComboFix.txt) koji ces nam ovde iskopirati.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uploduvano !

Dopuna: 04 Mar 2009 23:00

Z.Ziska ::Uploduvano !
Bio sam pogresno upload sad sam nasao sta treba i upludovao sam !

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Doista nema potrebe da mi šalješ pp-ove. Piši u temi.

O kakvom skeniranju pišeš? Potrebno je da isključiš AVG po datom uputstvu i dvoklikom pokreneš ComboFix.

Na kraju postupka treba da iskopiraš log koji dobiješ ovde u temu i sačekaš dalja uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pa napisao si to za AVG da sacekam da se ocisti resident shield i meni pise tu neko vreme?Kao da cisti nesto 55min i ide na gore jos vece vreme !

Dopuna: 04 Mar 2009 23:31

ComboFix 09-03-03.01 - Ziska 2009-03-04 23:18:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.63 [GMT 1:00]
Running from: c:\documents and settings\Ziska\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\sysdrv32.sys

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSDRV32
-------\Service_sysdrv32


((((((((((((((((((((((((( Files Created from 2009-02-04 to 2009-03-04 )))))))))))))))))))))))))))))))
.

2009-03-04 22:11 . 2009-03-04 22:11 41,987 --a------ c:\windows\system32\07.scr
2009-03-04 22:09 . 2009-03-04 22:09 41,987 --a------ c:\windows\system32\38.scr
2009-03-04 21:52 . 2009-03-04 21:52 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 20:58 . 2009-03-04 20:58 41,987 --a------ c:\windows\system32\17.scr
2009-03-04 20:42 . 2009-03-04 20:42 41,987 --a------ c:\windows\system32\80.scr
2009-03-04 20:42 . 2009-03-04 20:44 41,987 --a------ c:\windows\system32\42.scr
2009-03-04 20:41 . 2009-03-04 20:41 41,987 --a------ c:\windows\system32\30.scr
2009-03-04 20:40 . 2009-03-04 20:40 41,987 --a------ c:\windows\system32\76.scr
2009-03-04 20:28 . 2009-03-04 20:28 41,987 --a------ c:\windows\system32\67.scr
2009-03-04 20:19 . 2009-03-04 20:19 41,987 --a------ c:\windows\system32\84.scr
2009-03-04 20:09 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\24.scr
2009-03-04 20:09 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\13.scr
2009-03-04 20:05 . 2009-03-04 20:05 41,987 --a------ c:\windows\system32\43.scr
2009-03-04 20:04 . 2009-03-04 20:04 41,987 --a------ c:\windows\system32\72.scr
2009-03-04 19:41 . 2009-03-04 19:41 41,987 --a------ c:\windows\system32\04.scr
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Stardock
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-04 19:30 . 2009-03-04 20:43 41,987 --a------ c:\windows\system32\54.scr
2009-03-04 19:17 . 2009-03-04 19:17 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-03-04 19:15 . 2009-03-04 19:15 41,987 --a------ c:\windows\system32\74.scr
2009-03-04 19:11 . 2009-03-04 21:31 41,987 --a------ c:\windows\system32\37.scr
2009-03-04 18:42 . 2009-03-04 20:28 41,987 --a------ c:\windows\system32\16.scr
2009-03-04 18:41 . 2009-03-04 18:41 41,987 --a------ c:\windows\system32\83.scr
2009-03-04 18:10 . 2009-03-04 21:19 41,987 --a------ c:\windows\system32\45.scr
2009-03-04 18:05 . 2009-03-04 18:05 41,987 --a------ c:\windows\system32\60.scr
2009-03-04 17:44 . 2009-03-04 17:44 41,987 --a------ c:\windows\system32\18.scr
2009-03-04 17:35 . 2009-03-04 21:30 41,987 --a------ c:\windows\system32\36.scr
2009-03-04 16:36 . 2009-03-04 16:36 41,987 --a------ c:\windows\system32\57.scr
2009-03-04 00:05 . 2009-03-04 00:05 41,987 --a------ c:\windows\system32\48.scr
2009-03-04 00:05 . 2009-03-04 00:05 41,987 --a------ c:\windows\system32\22.scr
2009-03-04 00:02 . 2009-03-04 20:03 41,987 --a------ c:\windows\system32\88.scr
2009-03-03 23:58 . 2009-03-04 19:13 41,987 --a------ c:\windows\system32\71.scr
2009-03-03 23:58 . 2009-03-04 20:43 41,987 --a------ c:\windows\system32\14.scr
2009-03-03 23:50 . 2009-03-04 19:16 41,987 --a------ c:\windows\system32\02.scr
2009-03-03 23:45 . 2009-03-04 18:40 41,987 --a------ c:\windows\system32\55.scr
2009-03-03 23:25 . 2009-03-04 20:26 41,987 --a------ c:\windows\system32\81.scr
2009-03-03 23:25 . 2009-03-03 23:25 41,987 --a------ c:\windows\system32\25.scr
2009-03-03 23:23 . 2009-03-04 20:03 41,987 --a------ c:\windows\system32\64.scr
2009-03-03 23:22 . 2009-03-04 19:28 41,987 --a------ c:\windows\system32\06.scr
2009-03-03 23:21 . 2009-03-04 20:29 41,987 --a------ c:\windows\system32\82.scr
2009-03-03 22:56 . 2009-03-03 22:56 41,987 --a------ c:\windows\system32\73.scr
2009-03-03 22:34 . 2009-03-03 22:34 41,987 --a------ c:\windows\system32\03.scr
2009-03-03 22:32 . 2009-03-04 20:10 41,987 --a------ c:\windows\system32\51.scr
2009-03-03 22:32 . 2009-03-04 20:05 41,987 --a------ c:\windows\system32\34.scr
2009-03-03 21:43 . 2009-03-03 21:43 41,987 --a------ c:\windows\system32\47.scr
2009-03-03 21:32 . 2009-03-03 21:32 41,987 --a------ c:\windows\system32\05.scr
2009-03-03 20:51 . 2009-03-03 20:51 41,987 --a------ c:\windows\system32\56.scr
2009-03-03 20:49 . 2009-03-03 20:49 41,987 --a------ c:\windows\system32\50.scr
2009-03-03 20:47 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-03 19:41 . 2009-03-03 23:25 41,987 --a------ c:\windows\system32\35.scr
2009-03-03 19:39 . 2009-03-04 20:09 41,987 --a------ c:\windows\system32\33.scr
2009-03-03 19:38 . 2009-03-04 19:30 41,987 --a------ c:\windows\system32\21.scr
2009-03-03 19:25 . 2009-03-03 19:25 41,987 --a------ c:\windows\system32\68.scr
2009-03-03 19:23 . 2009-03-03 20:11 41,987 -r-hs---- c:\windows\system\msile.exe
2009-03-02 23:41 . 2009-03-04 20:40 41,987 --a------ c:\windows\system32\87.scr
2009-03-01 14:22 . 2009-03-01 14:22 <DIR> d---s---- c:\documents and settings\Ziska\UserData
2009-03-01 13:23 . 2009-03-04 22:47 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 12:40 . 2009-03-04 12:09 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 12:40 . 2009-03-01 14:22 <DIR> d-------- c:\documents and settings\Ziska\Application Data\AVGTOOLBAR
2009-03-01 12:40 . 2009-03-01 12:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 12:40 . 2009-03-01 12:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 12:40 . 2009-03-01 12:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\program files\AVG
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 02:24 . 2009-03-01 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 20:56 . 2009-03-01 01:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\Ziska\Application Data\Malwarebytes
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 18:46 . 2009-03-03 17:37 238 --a------ c:\windows\mafosav.INI
2009-02-14 15:55 . 2009-02-14 15:55 <DIR> d-------- c:\program files\Google
2009-02-04 18:06 . 2004-07-15 08:14 57,344 --a------ c:\windows\system32\Prop713x.dll
2009-02-04 17:11 . 2009-02-04 17:13 <DIR> d-------- c:\windows\system32\NtmsData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-04 21:14 --------- d-----w c:\program files\FlashGet
2009-02-07 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:02 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 18:12 --------- d-----w c:\program files\Common Files\Real
2009-01-24 11:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-23 21:31 --------- d-----w c:\documents and settings\Ziska\Application Data\HLSW
2009-01-16 22:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-16 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 22:12 --------- d-----w c:\program files\Windows Live
2009-01-12 19:58 --------- d-----w c:\documents and settings\Ziska\Application Data\NetSupport
2009-01-12 19:53 --------- d-----w c:\program files\NetSupport
2009-01-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\NetSupport
2009-01-11 21:19 --------- d-----w c:\program files\MessengerDiscovery
2008-12-28 12:05 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-28 12:05 111,110 ----a-w c:\windows\BricoPackUninst.cmd
.

------- Sigcheck -------

2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll
2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll

2008-04-14 04:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe
2008-04-14 04:42 975872 088a0cd3d4cd3b584f3a4150d6cf941e c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/26/2008 10:59:24 AM 753664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 12:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\client32.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCICTLUI.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pcideply.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCISA.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pciscrui.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\runscrip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2009 12:40:10 PM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2009 12:40:18 PM 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/1/2009 12:39:44 PM 298264]
S2 msile;microsoft install le;c:\windows\system\msile.exe [3/3/2009 7:23:04 PM 41987]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2008 11:23:14 AM 670592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSDRV32
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC} = 195.252.122.154
FF - ProfilePath - c:\documents and settings\Ziska\Application Data\Mozilla\Firefox\Profiles\nhsg24iv.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-04 23:23:37
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Nf815c75f]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="M"
"InternetCode"="U52LDJMC37ONPGW35EG4SPJX45LFAJ6ESRKK7IY8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'csrss.exe'(544)
c:\program files\NetSupport\NetSupport Manager\pcihooks.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-04 23:25:49 - machine was rebooted [Ziska]
ComboFix-quarantined-files.txt 2009-03-04 22:25:45

Pre-Run: 5,684,174,848 bytes free
Post-Run: 5,675,335,680 bytes free

213
Ewo jel to to?

Dopuna: 05 Mar 2009 17:03

Sta sad da radim Dr.Bora?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pisalo je da isključiš AVG Resident Shield.
Ovaj put to i uradi (po datom uputstvu).



Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\07.scr
c:\windows\system32\38.scr
c:\windows\system32\17.scr
c:\windows\system32\80.scr
c:\windows\system32\42.scr
c:\windows\system32\30.scr
c:\windows\system32\76.scr
c:\windows\system32\67.scr
c:\windows\system32\84.scr
c:\windows\system32\24.scr
c:\windows\system32\13.scr
c:\windows\system32\43.scr
c:\windows\system32\72.scr
c:\windows\system32\04.scr
c:\windows\system32\54.scr
c:\windows\system32\74.scr
c:\windows\system32\37.scr
c:\windows\system32\16.scr
c:\windows\system32\83.scr
c:\windows\system32\45.scr
c:\windows\system32\60.scr
c:\windows\system32\18.scr
c:\windows\system32\36.scr
c:\windows\system32\57.scr
c:\windows\system32\48.scr
c:\windows\system32\22.scr
c:\windows\system32\88.scr
c:\windows\system32\71.scr
c:\windows\system32\14.scr
c:\windows\system32\02.scr
c:\windows\system32\55.scr
c:\windows\system32\81.scr
c:\windows\system32\25.scr
c:\windows\system32\64.scr
c:\windows\system32\06.scr
c:\windows\system32\82.scr
c:\windows\system32\73.scr
c:\windows\system32\03.scr
c:\windows\system32\51.scr
c:\windows\system32\34.scr
c:\windows\system32\47.scr
c:\windows\system32\05.scr
c:\windows\system32\56.scr
c:\windows\system32\50.scr
c:\windows\system32\35.scr
c:\windows\system32\33.scr
c:\windows\system32\21.scr
c:\windows\system32\68.scr
c:\windows\system\msile.exe
c:\windows\system32\87.scr

Driver::
msile

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msile]


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Al nzm kak oda iskljucim avg nema toga kako ste na pisali?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onda isprati ostatak uputstva.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 09-03-04.01 - Ziska 2009-03-05 18:00:11.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.255.63 [GMT 1:00]
Running from: c:\documents and settings\Ziska\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Ziska\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\system\msile.exe
c:\windows\system32\02.scr
c:\windows\system32\03.scr
c:\windows\system32\04.scr
c:\windows\system32\05.scr
c:\windows\system32\06.scr
c:\windows\system32\07.scr
c:\windows\system32\13.scr
c:\windows\system32\14.scr
c:\windows\system32\16.scr
c:\windows\system32\17.scr
c:\windows\system32\18.scr
c:\windows\system32\21.scr
c:\windows\system32\22.scr
c:\windows\system32\24.scr
c:\windows\system32\25.scr
c:\windows\system32\30.scr
c:\windows\system32\33.scr
c:\windows\system32\34.scr
c:\windows\system32\35.scr
c:\windows\system32\36.scr
c:\windows\system32\37.scr
c:\windows\system32\38.scr
c:\windows\system32\42.scr
c:\windows\system32\43.scr
c:\windows\system32\45.scr
c:\windows\system32\47.scr
c:\windows\system32\48.scr
c:\windows\system32\50.scr
c:\windows\system32\51.scr
c:\windows\system32\54.scr
c:\windows\system32\55.scr
c:\windows\system32\56.scr
c:\windows\system32\57.scr
c:\windows\system32\60.scr
c:\windows\system32\64.scr
c:\windows\system32\67.scr
c:\windows\system32\68.scr
c:\windows\system32\71.scr
c:\windows\system32\72.scr
c:\windows\system32\73.scr
c:\windows\system32\74.scr
c:\windows\system32\76.scr
c:\windows\system32\80.scr
c:\windows\system32\81.scr
c:\windows\system32\82.scr
c:\windows\system32\83.scr
c:\windows\system32\84.scr
c:\windows\system32\87.scr
c:\windows\system32\88.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system\msile.exe
c:\windows\system32\02.scr
c:\windows\system32\05.scr
c:\windows\system32\06.scr
c:\windows\system32\07.scr
c:\windows\system32\13.scr
c:\windows\system32\14.scr
c:\windows\system32\16.scr
c:\windows\system32\17.scr
c:\windows\system32\24.scr
c:\windows\system32\25.scr
c:\windows\system32\30.scr
c:\windows\system32\33.scr
c:\windows\system32\34.scr
c:\windows\system32\36.scr
c:\windows\system32\37.scr
c:\windows\system32\38.scr
c:\windows\system32\42.scr
c:\windows\system32\43.scr
c:\windows\system32\45.scr
c:\windows\system32\48.scr
c:\windows\system32\50.scr
c:\windows\system32\51.scr
c:\windows\system32\54.scr
c:\windows\system32\64.scr
c:\windows\system32\67.scr
c:\windows\system32\71.scr
c:\windows\system32\72.scr
c:\windows\system32\76.scr
c:\windows\system32\80.scr
c:\windows\system32\81.scr
c:\windows\system32\82.scr
c:\windows\system32\84.scr
c:\windows\system32\87.scr
c:\windows\system32\88.scr

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MSILE
-------\Legacy_SYSDRV32
-------\Service_msile


((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-05 17:48 . 2009-03-05 17:48 41,987 --a------ c:\windows\system32\86.scr
2009-03-05 17:26 . 2009-03-05 17:26 41,987 --a------ c:\windows\system32\26.scr
2009-03-05 16:47 . 2009-03-05 16:47 41,987 --a------ c:\windows\system32\23.scr
2009-03-05 14:53 . 2009-03-05 14:53 41,987 --a------ c:\windows\system32\46.scr
2009-03-05 14:43 . 2009-03-05 14:43 41,987 --a------ c:\windows\system32\75.scr
2009-03-05 14:42 . 2009-03-05 14:42 41,987 --a------ c:\windows\system32\32.scr
2009-03-05 13:50 . 2009-03-05 14:41 41,987 --a------ c:\windows\system32\41.scr
2009-03-05 13:49 . 2009-03-05 13:49 41,987 --a------ c:\windows\system32\40.scr
2009-03-05 13:29 . 2009-03-05 13:29 41,987 --a------ c:\windows\system32\28.scr
2009-03-05 12:51 . 2009-03-05 13:50 41,987 --a------ c:\windows\system32\53.scr
2009-03-05 12:36 . 2009-03-05 12:36 <DIR> d-------- c:\program files\Prevx
2009-03-05 12:36 . 2009-03-05 12:36 22,536 --a------ c:\windows\system32\drivers\pxscan.sys
2009-03-05 12:35 . 2009-03-05 12:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\PrevxCSI
2009-03-05 12:35 . 2009-03-05 12:35 63 --a------ c:\windows\wininit.ini
2009-03-04 21:52 . 2009-03-04 21:52 <DIR> d-------- c:\program files\Trend Micro
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Stardock
2009-03-04 19:34 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Common Files\Stardock
2009-03-04 19:17 . 2009-03-04 19:17 2,560 --a------ c:\windows\_MSRSTRT.EXE
2009-03-03 20:47 . 2009-03-04 19:34 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-03 20:47 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-03 20:47 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-01 14:22 . 2009-03-01 14:22 <DIR> d---s---- c:\documents and settings\Ziska\UserData
2009-03-01 13:23 . 2009-03-05 17:46 <DIR> d--h----- C:\$AVG8.VAULT$
2009-03-01 12:40 . 2009-03-05 12:29 <DIR> d-------- c:\windows\system32\drivers\Avg
2009-03-01 12:40 . 2009-03-01 14:22 <DIR> d-------- c:\documents and settings\Ziska\Application Data\AVGTOOLBAR
2009-03-01 12:40 . 2009-03-01 12:40 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys
2009-03-01 12:40 . 2009-03-01 12:40 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys
2009-03-01 12:40 . 2009-03-01 12:40 10,520 --a------ c:\windows\system32\avgrsstx.dll
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\program files\AVG
2009-03-01 12:39 . 2009-03-01 12:39 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8
2009-03-01 02:24 . 2009-03-01 23:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-27 20:56 . 2009-03-01 01:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware(2)
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\Ziska\Application Data\Malwarebytes
2009-02-26 22:02 . 2009-02-26 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-14 18:46 . 2009-03-03 17:37 238 --a------ c:\windows\mafosav.INI
2009-02-14 15:55 . 2009-02-14 15:55 <DIR> d-------- c:\program files\Google

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 11:26 --------- d-----w c:\program files\FlashGet
2009-02-07 15:22 --------- d--h--w c:\program files\InstallShield Installation Information
2009-02-07 12:02 --------- d-----w c:\program files\Messenger Plus! Live
2009-01-25 18:12 --------- d-----w c:\program files\Common Files\Real
2009-01-24 11:34 410,984 ----a-w c:\windows\system32\deploytk.dll
2009-01-23 21:31 --------- d-----w c:\documents and settings\Ziska\Application Data\HLSW
2009-01-16 22:24 --------- dcsh--w c:\program files\Common Files\WindowsLiveInstaller
2009-01-16 22:24 --------- d-----w c:\documents and settings\All Users\Application Data\WLInstaller
2009-01-16 22:12 --------- d-----w c:\program files\Windows Live
2009-01-12 19:58 --------- d-----w c:\documents and settings\Ziska\Application Data\NetSupport
2009-01-12 19:53 --------- d-----w c:\program files\NetSupport
2009-01-12 19:53 --------- d-----w c:\documents and settings\All Users\Application Data\NetSupport
2009-01-11 21:19 --------- d-----w c:\program files\MessengerDiscovery
2008-12-28 12:05 218,624 ----a-w c:\windows\system32\uxtheme.dll
2008-12-28 12:05 111,110 ----a-w c:\windows\BricoPackUninst.cmd
.

------- Sigcheck -------

2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\wininet.dll
2008-04-14 04:42 699904 8a513e79e7980018daedca586b866bc3 c:\windows\system32\dllcache\wininet.dll

2008-04-14 04:42 975872 561a50497324f378e30f55d09b4e1258 c:\windows\explorer.exe
2008-04-14 04:42 975872 088a0cd3d4cd3b584f3a4150d6cf941e c:\windows\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-10 86016]
"Flashget"="c:\program files\FlashGet\FlashGet.exe" [2007-09-25 2007088]
"ClocX"="c:\program files\ClocX\ClocX.exe" [2007-07-26 270336]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-03-01 1601304]
"SoundMan"="SOUNDMAN.EXE" [2004-12-01 c:\windows\SOUNDMAN.EXE]
"nwiz"="nwiz.exe" [2005-12-10 c:\windows\system32\nwiz.exe]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Gigabyte Wireless Utility.lnk - c:\program files\GIGABYTE\Common\GNConfig.exe [12/26/2008 10:59:24 AM 753664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-01 12:40 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\client32.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCICTLUI.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pcideply.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\PCISA.EXE"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\pciscrui.exe"=
"c:\\Program Files\\NetSupport\\NetSupport Manager\\runscrip.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"139:TCP"= 139:TCP:@xpsp2res.dll,-22004

R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [3/5/2009 12:36:03 PM 22536]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/1/2009 12:40:10 PM 325128]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/1/2009 12:40:18 PM 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [3/1/2009 12:39:44 PM 298264]
R2 CSIScanner;CSIScanner;c:\program files\Prevx\prevx.exe [3/5/2009 12:36:02 PM 4150840]
S3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [12/26/2008 11:23:14 AM 670592]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
.
.
------- Supplementary Scan -------
.
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {BCE8778D-1AE7-46C0-98F0-93CB5E6CF7BC} = 195.252.122.154
FF - ProfilePath - c:\documents and settings\Ziska\Application Data\Mozilla\Firefox\Profiles\nhsg24iv.default\
FF - prefs.js: browser.startup.homepage - [Link mogu videti samo ulogovani korisnici]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [Link mogu videti samo ulogovani korisnici]
Rootkit scan 2009-03-05 18:04:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Nf815c75f]
@Denied: (4) (Everyone)
@Denied: (4) (Administrators)
@Allowed: (A B C D Full GENERIC_EXECUTE GENERIC_WRITE Read 1 2 3 4 5 6) (LocalSystem)
"a"="M"
"InternetCode"="U52LDJMC37ONPGW35EG4SPJX45LFAJ6ESRKK7IY8"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'csrss.exe'(532)
c:\program files\NetSupport\NetSupport Manager\pcihooks.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\NetSupport\NetSupport Manager\client32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-05 18:06:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-05 17:06:40
ComboFix2.txt 2009-03-04 22:25:51

Pre-Run: 5,607,002,112 bytes free
Post-Run: 5,599,375,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

263

Dopuna: 05 Mar 2009 18:18

Ewo !!!!!!!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
c:\windows\system32\86.scr
c:\windows\system32\26.scr
c:\windows\system32\23.scr
c:\windows\system32\46.scr
c:\windows\system32\75.scr
c:\windows\system32\32.scr
c:\windows\system32\41.scr
c:\windows\system32\40.scr
c:\windows\system32\28.scr
c:\windows\system32\53.scr


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.