Zarazena mozila

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kada otvorim mozilu neotvara mi gogle prozor za pretragu nego direktno neku web stranicu koja je zbog woota koji mi je instaliran zatamnjena pa je neotvaram . Koristim avg anti virus a on mi prijavljuje da su skoro svi programi ustartupu zarazeni. pola sam izbrisao posto ih je smestio u karantin. Sta dalje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Kreneš od ovoga: http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Problem je poceo od 17.02. Posle podizanja sistema mozila startuje sama sa nekom stranicom"I AM Wired start.com". Koristim AVG9 pro ali on neuspeva da ih otkloni nego samo smesta u karantin. Inace napadnuti su skoro svi programi u tray taskbaru. Pokusavao sam sa reinstaliranjem ali opet budu napadnuti. AVG detektuje virus "trojanski konj SHeur2.CMFO. Napadnute su datoteke program fajls i may dokuments. Koristim ADSL internet Telekoma
DDS (Ver_09-12-01.01) - NTFSx86
Run by Juca at 7:35:24,57 on Fri 02/19/2010
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1112 [GMT 1:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Internet Lock\ILSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Common Files\Cloanto\Software Director\softdir.exe
C:\Program Files\vghd\vghd.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Webshots\webshots.scr
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\vghd\VirtuaGirl_downloader.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\DOCUME~1\Juca\LOCALS~1\Temp\setupv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Juca\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www3.iamwired.net/
uSearch Page =
uSearch Bar =
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uURLSearchHooks: H - No File
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: {00A6FAF1-072E-44cf-8957-5838F569A31D} - No File
BHO: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - No File
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {07B18EA1-A523-4961-B6BB-170DE4475CCA} - No File
BHO: {09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: CescrtHlpr Object: {64182481-4f71-486b-a045-b233bd0da8fc} - c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll
BHO: gwprimawega: {78299f52-57b0-c342-b39e-a4bd6297d84c} - c:\windows\system32\3N-4PGBL3zt-3.dll
BHO: {9AA2F14F-E956-44B8-8694-A5B615CDF341} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No File
BHO: kikin Plugin: {e601996f-e400-41ca-804b-cd6373a7eee2} - c:\program files\kikin\ie_kikin.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Webshots Toolbar: {c17590d2-ecb4-4b15-8820-f58798dcc118} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: facemoods Toolbar: {db4e9724-f518-4dfd-9c7c-78b52103cab9} - c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8B79EE88-E62D-4AA8-B530-CC357BA112B7} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [LDM] c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
uRun: [MorEmoticons] c:\program files\moremoticons\MorEmoticons.exe /Minimize
uRun: [Google Update] "c:\documents and settings\juca\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ALLUpdate] "c:\program files\allplayer\ALLUpdate.exe" "sleep"
uRun: [DW6]
uRun: [360desktop]
uRun: [ChristmasTree] c:\documents and settings\juca\desktop\Christmas.exe
uRun: [DriverMax]
uRun: [DriverMax_RESTART]
uRun: [uTorrent] "c:\program files\utorrent\utorrent .exe"
uRun: [TBPanel] c:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [PCTVRemote] c:\program files\pinnacle\pctv stereo\remote\Remoterm.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [LogitechCameraAssistant] c:\program files\logitech\video\CameraAssistant.exe
mRun: [LogitechVideo[inspector]] c:\program files\logitech\video\InstallHelper.exe /inspect
mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [GEST] c:\program files\gigabyte\gest\RUN.e_e
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
mRun: [Regedit32] c:\windows\system32\regedit.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\deskto~1.lnk - c:\program files\vghd\vghd.exe
StartupFolder: c:\documents and settings\juca\start menu\programs\startup\Moo0 SystemMonitor 1.35.lnk.disabled
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\mp3roc~1.lnk - c:\program files\mp3 rocket\MP3Rocket.exe
StartupFolder: c:\documents and settings\juca\start menu\programs\startup\updater.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\Launcher.exe
StartupFolder: c:\docume~1\juca\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\BlueSoleil.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pinnac~1.lnk - c:\program files\pinnacle\shared files\programs\scheduler\PCLEScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\softwa~1.lnk - c:\program files\common files\cloanto\software director\softdir.exe
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Search
IE: &Webshots Photo Search - c:\program files\webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: ComPlusSetup - c:\windows\system32\catsrvut.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\juca\applic~1\mozilla\firefox\profiles\w19fn5wp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www3.iamwired.net/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\w19fn5wp.default\extensions\{aa994882-f391-4d2e-806f-8908da4814ed}\components\kikin.dll
FF - component: c:\documents and settings\juca\application data\mozilla\firefox\profiles\w19fn5wp.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFExternalAlert.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\juca\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\juca\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: LoudMo Contextual Ad Assistant: No Registry Reference - c:\program files\mozilla firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}

---- FIREFOX POLICIES ----
FF - user.js: google.toolbar.linkdoctor.enabled - false
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-18 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-19 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-18 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-18 28424]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-18 360584]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-2-25 234888]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-18 285392]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\the skins factory\hyperdesk\common\HdThemeEnabler.exe [2008-7-21 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [2008-12-17 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\internet lock\ILSvc.exe [2008-12-17 139264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 1028432]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2009-2-18 698368]
R3 NTProcDrv;Process creation detector for NT.;c:\windows\temp\drv4.tmp [2010-2-18 3584]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2009-2-18 6400]
S2 MyWebSearchService;My Web Search Service;c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe --> c:\progra~1\mywebs~1\bar\1.bin\mwssvc.exe [?]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\docume~1\juca\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [2009-11-20 70144]
S3 GEST Service;GEST Service for program management.;c:\program files\gigabyte\gest\gsvr.exe [2009-2-18 55816]

=============== Created Last 30 ================

2010-02-18 16:33:48 0 d-----w- c:\program files\Driver-Soft
2010-02-18 16:23:56 186407 ----a-w- c:\windows\system32\nvapps.nvb
2010-02-18 16:20:28 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20:27 0 d-----w- c:\program files\XpertVision
2010-02-18 14:39:18 546304 ----a-w- c:\windows\system32\SET212.tmp
2010-02-18 14:38:26 60416 ----a-w- c:\windows\system32\SET14D.tmp
2010-02-18 14:38:26 283648 ----a-w- c:\windows\system32\SET14C.tmp
2010-02-18 14:38:25 473088 ----a-w- c:\windows\system32\wbem\SET150.tmp
2010-02-18 14:38:25 399360 ----a-w- c:\windows\system32\SET14B.tmp
2010-02-18 14:38:24 453120 ----a-w- c:\windows\system32\wbem\SET14F.tmp
2010-02-18 14:38:24 227840 ----a-w- c:\windows\system32\wbem\SET14E.tmp
2010-02-18 14:36:04 1172480 ------w- c:\windows\system32\SETF8.tmp
2010-02-18 14:34:41 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34:40 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34:38 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34:37 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34:01 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:28:44 332800 ----a-w- c:\windows\system32\SET69.tmp
2010-02-18 14:27:11 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:06:50 0 d--h--w- C:\$AVG
2010-02-18 14:06:40 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06:40 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06:40 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06:33 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06:25 0 d-----w- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2010-02-18 14:01:35 44544 ----a-w- c:\windows\system32\alcmtr.exe
2010-02-18 13:45:46 450560 ------w- c:\windows\system32\SETB4.tmp
2010-02-18 13:16:10 44544 ----a-w- c:\documents and settings\juca\alcmtr.exe
2010-02-18 13:16:10 44544 ----a-w- c:\documents and settings\juca\alcmtr .exe
2010-02-18 13:07:59 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06:56 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2010-02-18 13:04:39 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest
2010-02-18 13:04:33 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-02-18 13:04:15 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:35:55 9581 -c--a-w- c:\windows\system32\dllcache\MSMSGS.CAT
2010-02-18 12:23:29 4 ----a-w- c:\program files\126640.dat
2010-02-18 11:07:45 4 ----a-w- c:\program files\144453.dat
2010-02-18 08:07:42 0 d-----w- c:\windows\system32\wbem\Repository
2010-02-18 07:54:31 4 ----a-w- c:\program files\122093.dat
2010-02-17 16:18:35 4 ----a-w- c:\program files\115968.dat
2010-02-17 13:45:18 4 ----a-w- c:\program files\114796.dat
2010-02-17 13:34:45 0 d-----w- c:\docume~1\juca\applic~1\JewelMatch2
2010-02-17 13:29:17 44544 ----a-w- c:\documents and settings\juca\nwiz.exe
2010-02-17 13:29:17 44544 ----a-w- c:\documents and settings\juca\nwiz .exe
2010-02-17 13:29:16 44544 ----a-w- c:\documents and settings\juca\rundll32 .exe
2010-02-17 13:29:15 44544 ----a-w- c:\documents and settings\juca\rthdcpl .exe
2010-02-17 13:28:40 578560 ----a-w- c:\windows\system32\iyffug
2010-02-17 13:17:50 44544 ----a-w- c:\windows\system32\regedit.exe
2010-02-17 13:17:50 44544 ----a-w- c:\windows\system32\regedit .exe
2010-02-17 13:02:47 0 d-----w- c:\docume~1\juca\applic~1\SuperMP3Download
2010-02-17 12:31:16 10763 ----a-w- c:\docume~1\alluse~1\applic~1\_VOIDmainqt.dll
2010-02-17 12:30:57 578560 ----a-w- c:\windows\system32\gzoydphgv
2010-02-17 12:30:57 45056 ----a-w- c:\windows\system32\_VOIDubpixbrrmk.dll
2010-02-17 12:30:48 118284 ----a-w- c:\windows\system32\-c6DPF_uCL2_X.exe
2010-02-17 12:30:37 28672 ----a-w- c:\windows\system32\3f5uk.sr
2010-02-17 12:30:36 32768 ----a-w- c:\windows\system32\fe6hbfe1.an
2010-02-17 12:30:36 32768 ----a-w- c:\windows\system32\23rh46g.4e
2010-02-17 12:30:35 79360 ----a-w- c:\windows\system32\bb52fkri.few
2010-02-17 12:30:35 28672 ----a-w- c:\windows\system32\467.zt
2010-02-17 12:30:19 42496 ----a-w- c:\windows\system32\drivers\_VOIDkvtniyyglt.sys
2010-02-17 12:30:19 26624 ----a-w- c:\windows\system32\_VOIDxtexrhxowk.dll
2010-02-17 12:30:19 233 ----a-w- c:\windows\system32\_VOIDkspawujnqd.dat
2010-02-17 12:29:09 8 ----a-w- c:\docume~1\alluse~1\applic~1\mswintmp.dat
2010-02-17 12:29:08 42531 ----a-w- c:\documents and settings\juca\SyncMan.exe
2010-02-17 12:29:08 42531 ----a-w- c:\documents and settings\juca\syncman .exe
2010-02-17 12:29:07 42531 ----a-w- c:\windows\system32\SyncMan.exe
2010-02-17 12:29:07 42531 ----a-w- c:\windows\system32\syncman .exe
2010-02-17 10:25:53 0 d-----w- c:\docume~1\alluse~1\applic~1\SuperMP3Download
2010-02-17 10:24:43 0 d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57:52 0 d-----w- c:\program files\common files\SWF Studio
2010-02-16 10:57:45 0 d-sh--w- c:\docume~1\juca\applic~1\.#
2010-02-16 10:12:31 0 d-----w- c:\program files\3dGirlz
2010-02-16 10:10:12 0 d-----w- c:\program files\MAdModule
2010-02-15 16:03:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SpecialBit
2010-02-13 13:29:40 7680 ----a-w- C:\AssistentGraph.grf
2010-02-13 13:23:22 5526 ----a-w- c:\windows\TWAINCAP.SRC
2010-02-13 13:23:21 14025 ----a-w- c:\windows\TWAINCAP.INI
2010-02-13 13:23:08 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23:08 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 13:23:08 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 09:04:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Cloanto
2010-02-13 08:25:58 0 d-----w- c:\docume~1\juca\applic~1\ProfiCAD
2010-02-10 15:59:29 0 d-----w- c:\program files\mresreg
2010-02-10 07:48:12 0 d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15:51 0 d-----w- c:\documents and settings\juca\Shared
2010-02-09 14:15:51 0 d-----w- c:\documents and settings\juca\Incomplete
2010-02-08 11:15:43 0 d-----w- c:\docume~1\alluse~1\applic~1\MonteCristo
2010-02-06 16:00:41 0 d-----w- c:\docume~1\juca\applic~1\SpinTop Games
2010-02-06 14:24:10 0 d-----w- c:\docume~1\juca\applic~1\Flood Light Games
2010-02-04 12:24:49 0 d-----w- c:\docume~1\juca\applic~1\Dragon Altar Games
2010-02-02 10:42:46 169 ----a-w- c:\windows\settings.ini
2010-02-01 12:27:42 218 ----a-w- c:\documents and settings\juca\.recently-used.xbel
2010-02-01 12:26:58 0 d-----w- c:\documents and settings\juca\.mypaint
2010-01-31 10:41:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Azureus
2010-01-31 10:41:13 0 d-----w- c:\docume~1\juca\applic~1\Azureus
2010-01-31 07:16:54 0 ----a-w- C:\My Preset.ini
2010-01-31 07:15:53 17 ----a-w- c:\windows\LastXPSetupSMenu.ini
2010-01-29 20:35:12 1273856 ----a-w- c:\windows\system32\3N-4PGBL3zt-3.dll
2010-01-29 11:17:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:14:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 11:14:00 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-01-29 07:41:13 0 d-----w- c:\documents and settings\juca\.rainlendar2
2010-01-28 22:30:03 0 d-----w- c:\docume~1\juca\applic~1\CobiMobi
2010-01-28 07:24:20 0 d-----w- c:\docume~1\juca\applic~1\SPlayer
2010-01-27 15:46:20 0 d-sh--w- c:\documents and settings\juca\Impostazioni locali
2010-01-27 07:47:47 0 d-----w- c:\docume~1\juca\applic~1\TeraCopy
2010-01-26 13:37:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Rumbic Studio
2010-01-26 07:23:28 0 d-----w- c:\program files\Ceremu
2010-01-25 16:33:54 0 d-----w- c:\program files\Speccy
2010-01-25 10:57:10 0 d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43:16 0 d-----w- c:\docume~1\juca\applic~1\ERS G-Studio
2010-01-22 16:43:12 0 d-----w- c:\docume~1\juca\applic~1\ArcticLine
2010-01-22 14:09:53 0 d-----w- c:\program files\Desktop
2010-01-22 12:19:18 0 d-----w- c:\docume~1\juca\applic~1\YoudaGames
2010-01-21 13:02:13 0 d-----w- c:\docume~1\juca\applic~1\AJ SQUARE INC
2010-01-20 09:19:02 0 d-----w- c:\documents and settings\juca\Saved Games

==================== Find3M ====================

2010-02-18 16:34:31 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-18 15:18:07 16608 ----a-w- c:\windows\gdrv.sys
2010-02-18 14:01:26 44544 ----a-w- c:\windows\system32\nerocheck.exe
2010-02-18 14:01:25 44544 ----a-w- c:\windows\system32\elkctrl.exe
2010-02-18 14:01:22 44544 ----a-w- c:\windows\system32\lvcomsx.exe
2010-02-18 13:15:23 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-18 13:02:47 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-01-19 14:54:01 274 ----a-w- c:\docume~1\alluse~1\applic~1\Setting.dat
2010-01-11 07:16:11 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2009-12-31 16:14:12 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-22 05:42:49 662016 ----a-w- c:\windows\system32\SET1BF.tmp
2009-12-22 05:42:49 624640 ----a-w- c:\windows\system32\SET1C0.tmp
2009-12-22 05:42:48 39424 ----a-w- c:\windows\system32\SET1C4.tmp
2009-12-22 05:42:48 1506304 ----a-w- c:\windows\system32\SET1C3.tmp
2009-12-22 05:42:47 3063808 ----a-w- c:\windows\system32\SET1C8.tmp
2009-12-22 05:42:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-22 05:42:45 16384 ----a-w- c:\windows\system32\SET1C9.tmp
2009-12-22 05:42:43 1023488 ----a-w- c:\windows\system32\SET1D0.tmp
2009-12-17 16:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58:04 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35:35 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59:39 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11:25 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11:24 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-08 09:13:51 474112 ------w- c:\windows\system32\SET1C2.tmp
2009-11-29 06:44:20 0 ----a-w- c:\docume~1\alluse~1\applic~1\PKP_DLbx.DAT
2009-11-27 17:33:35 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:33:35 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:37:27 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:37:27 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37:27 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37:27 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37:27 11264 ----a-w- c:\windows\system32\msrle32.dll

============= FINISH: 7:35:50,25 ===============
https://www.mycity.rs/must-login.png GMER nemogu da posaljem posto posle pola sata skeniranja restartuje racunar. Tri puta sam pokusavao ali nemoze da zavrsi skeniranje posto se isto dogadja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Preuzmi DeFogger sa ovog linka na Desktop .


Dvoklikom pokreni DeFogger;

Pojaviće se MsgBox na kome ćeš kliknuti na taster Disable;

Ponovo će se pojaviti MsgBox na kome ćeš kliknuti na Yes;
Sačekaj da se procesuiranje programa DeFogger izvrši pa nastavi prema sledećem uputstvu.

Napomena:Na kraju postupka ce biti potrebno ponovno pokretanje Windows-a.
Ovim postupkom će biti deaktivirani CD/DVD emulatori i omogućen neometan rad programa koje koristimo.




Sada bi Gmer trebao da radi - isprati uputstvo za skeniranje.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 20 Feb 2010 11:40

unar i posle izvesnog vremena ga restartuje i cim digne sistem sam otvori mzilu sa nekom bezveznom nepoznatom stranicom. I ovo sam probao cetiri puta. Cetvrti put nije ni zavrsio skeniranje nego je pre kraja restartovao komp.

Dopuna: 20 Feb 2010 11:42

Evo kako je ispala poruka i nju je iskasapio

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ok, probaćemo drugačije.



Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati file, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix.
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste. prikazati DISCLAIMER OF WARRANTY ON SOFTWARE:
klikni Yes kako bi proces bio nastavljen.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izveštaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obeleženi tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izveštaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izveštaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje file-a C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Posto gmer nece da odradi evo izvestaja od RootRepeala:
https://www.mycity.rs/must-login.png

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Isprati sada gornje uputstvo (za ComboFix).

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 10-02-20.04 - Juca 02/21/2010 6:08.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1250.381.1033.18.2046.1344 [GMT 1:00]
Running from: c:\documents and settings\Juca\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Juca\nwiz .exe
c:\documents and settings\Juca\rundll32.exe
.
---- Previous Run -------
.
c:\program files\Internet Explorer\js.mui
c:\program files\Internet Explorer\wmpscfgs.exe
c:\windows\system32\elkctrl .exe
c:\windows\system32\lvcomsx .exe
c:\windows\system32\nerocheck .exe
c:\windows\system32\nwiz .exe
c:\windows\system32\rthdcpl.exe
c:\windows\system32\rundll32 .exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_SSHNAS
-------\Service_MyWebSearchService


((((((((((((((((((((((((( Files Created from 2010-01-21 to 2010-02-21 )))))))))))))))))))))))))))))))
.

2010-02-19 07:08 . 2010-02-18 14:06 1260800 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-02-19 07:08 . 2010-02-18 14:06 3777280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\setup.exe
2010-02-18 16:33 . 2010-02-18 16:33 -------- d-----w- c:\program files\Driver-Soft
2010-02-18 16:20 . 2007-03-16 09:11 12256 ----a-w- c:\windows\system32\drivers\TBPanel.sys
2010-02-18 16:20 . 2010-02-20 16:56 -------- d-----w- c:\program files\XpertVision
2010-02-18 14:58 . 2010-02-18 14:58 -------- d-----w- c:\documents and settings\Juca\Application Data\InstallShield
2010-02-18 14:38 . 2009-11-25 12:02 1230080 ----a-w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar\IEToolbar.dll
2010-02-18 14:34 . 2009-08-04 13:58 2136064 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-02-18 14:34 . 2009-08-04 14:00 2180352 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-02-18 14:34 . 2009-08-04 13:13 2015744 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-02-18 14:34 . 2009-08-04 13:13 2057728 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-02-18 14:34 . 2008-06-13 13:10 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-02-18 14:27 . 2009-12-04 14:41 453760 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-18 14:19 . 2010-02-18 14:19 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\AVG Security Toolbar
2010-02-18 14:06 . 2010-02-18 14:06 -------- d-----w- C:\$AVG
2010-02-18 14:06 . 2010-02-18 14:06 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-18 14:06 . 2010-02-18 14:06 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-18 14:06 . 2010-02-18 14:06 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-18 14:06 . 2010-02-18 14:06 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-02-18 14:06 . 2010-02-21 04:55 -------- d-----w- c:\windows\system32\drivers\Avg
2010-02-18 14:06 . 2010-02-18 14:38 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-02-18 13:07 . 2004-08-04 01:07 4096 -c--a-w- c:\windows\system32\dllcache\rpcref.dll
2010-02-18 13:06 . 2004-08-04 01:07 42496 -c--a-w- c:\windows\system32\dllcache\davcdata.exe
2010-02-18 13:04 . 2004-08-04 01:07 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-02-18 12:36 . 2004-08-04 01:07 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-02-18 12:36 . 2004-08-04 01:07 13312 ----a-w- c:\windows\system32\irclass.dll
2010-02-18 12:23 . 2010-02-18 12:23 4 ----a-w- c:\program files\126640.dat
2010-02-18 11:07 . 2010-02-18 11:07 4 ----a-w- c:\program files\144453.dat
2010-02-18 08:07 . 2010-02-18 08:07 -------- d-----w- c:\windows\system32\wbem\Repository
2010-02-18 07:54 . 2010-02-18 07:54 4 ----a-w- c:\program files\122093.dat
2010-02-17 16:18 . 2010-02-17 16:18 4 ----a-w- c:\program files\115968.dat
2010-02-17 13:45 . 2010-02-17 13:45 4 ----a-w- c:\program files\114796.dat
2010-02-17 13:34 . 2010-02-17 13:34 -------- d-----w- c:\documents and settings\Juca\Application Data\JewelMatch2
2010-02-17 13:29 . 2010-02-20 16:56 44544 ----a-w- c:\documents and settings\Juca\nwiz.exe
2010-02-17 13:02 . 2010-02-17 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\SuperMP3Download
2010-02-17 12:30 . 2010-02-20 10:07 118375 ----a-w- c:\windows\system32\-c6DPF_uCL2_X.exe
2010-02-17 12:30 . 2010-02-17 12:30 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-17 12:29 . 2010-02-17 13:28 42531 ----a-w- c:\documents and settings\Juca\SyncMan.exe
2010-02-17 12:29 . 2010-02-17 13:28 42531 ----a-w- c:\windows\system32\SyncMan.exe
2010-02-17 10:25 . 2010-02-20 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SuperMP3Download
2010-02-17 10:24 . 2010-02-17 13:02 -------- d-----w- c:\program files\SuperMp3Download
2010-02-16 10:57 . 2010-02-16 10:57 -------- d-----w- c:\program files\Common Files\SWF Studio
2010-02-16 10:12 . 2010-02-16 10:12 -------- d-----w- c:\program files\3dGirlz
2010-02-16 10:10 . 2010-02-18 08:07 -------- d-----w- c:\program files\MAdModule
2010-02-15 16:03 . 2010-02-15 16:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpecialBit
2010-02-13 16:27 . 2010-02-13 16:27 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Astar Games
2010-02-13 13:23 . 2002-06-20 08:56 450641 ----a-w- c:\windows\system32\DiskIO.dll
2010-02-13 13:23 . 2002-06-17 13:09 14604 ----a-w- c:\windows\system32\drivers\pfc.sys
2010-02-13 13:23 . 2002-06-11 03:03 32838 ----a-w- c:\windows\system32\Cachex.dll
2010-02-13 09:05 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Cloanto
2010-02-13 09:04 . 2010-02-13 09:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Cloanto
2010-02-13 08:25 . 2010-02-13 08:27 -------- d-----w- c:\documents and settings\Juca\Application Data\ProfiCAD
2010-02-10 15:59 . 2010-02-10 15:59 -------- d-----w- c:\program files\mresreg
2010-02-10 07:48 . 2010-02-10 07:49 -------- d-----w- c:\program files\10 Days Under The Sea
2010-02-09 14:15 . 2010-02-09 14:23 -------- d-----w- c:\documents and settings\Juca\Incomplete
2010-02-09 14:15 . 2010-02-09 14:15 -------- d-----w- c:\documents and settings\Juca\Shared
2010-02-08 11:15 . 2010-02-08 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\MonteCristo
2010-02-06 16:00 . 2010-02-06 16:00 -------- d-----w- c:\documents and settings\Juca\Application Data\SpinTop Games
2010-02-06 14:24 . 2010-02-07 10:18 -------- d-----w- c:\documents and settings\Juca\Application Data\Flood Light Games
2010-02-05 09:39 . 2010-02-05 09:39 251376 ----a-w- c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
2010-02-04 12:24 . 2010-02-04 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\Dragon Altar Games
2010-02-01 14:12 . 2010-02-01 14:12 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\Ph03nixNewMedia
2010-02-01 13:05 . 2010-02-01 13:05 81408 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Cogs\4000008000002i\Splash Screen.exe
2010-02-01 12:26 . 2010-02-01 12:27 -------- d-----w- c:\documents and settings\Juca\.mypaint
2010-01-31 10:41 . 2010-01-31 10:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Azureus
2010-01-31 10:41 . 2010-01-31 10:46 -------- d-----w- c:\documents and settings\Juca\Application Data\Azureus
2010-01-29 11:17 . 2010-02-18 08:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-29 11:16 . 2010-01-29 11:16 5115823 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-29 11:14 . 2010-01-29 11:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-29 11:14 . 2010-01-07 15:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-29 07:41 . 2010-01-29 07:43 -------- d-----w- c:\documents and settings\Juca\.rainlendar2
2010-01-28 22:30 . 2010-01-28 22:30 -------- d-----w- c:\documents and settings\Juca\Application Data\CobiMobi
2010-01-28 16:33 . 2010-02-01 12:24 -------- d-----w- c:\documents and settings\Juca\Application Data\PlayFirst
2010-01-28 07:24 . 2010-01-28 07:24 -------- d-----w- c:\documents and settings\Juca\Application Data\SPlayer
2010-01-27 15:46 . 2010-01-27 15:46 -------- d-sh--w- c:\documents and settings\Juca\Impostazioni locali
2010-01-27 07:47 . 2010-01-29 07:49 -------- d-----w- c:\documents and settings\Juca\Application Data\TeraCopy
2010-01-27 06:53 . 2010-01-27 06:53 -------- d-----w- c:\program files\Common Files\Java
2010-01-27 06:44 . 2010-01-27 06:44 503808 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcp71.dll
2010-01-27 06:44 . 2010-01-27 06:44 499712 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\jmc.dll
2010-01-27 06:44 . 2010-01-27 06:44 348160 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-78bb6087-n\msvcr71.dll
2010-01-27 06:44 . 2010-01-27 06:44 61440 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-sse.dll
2010-01-27 06:44 . 2010-01-27 06:44 12800 ----a-w- c:\documents and settings\Juca\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-1953df3f-n\decora-d3d.dll
2010-01-26 13:37 . 2010-01-26 13:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Rumbic Studio
2010-01-26 07:23 . 2010-02-05 16:42 -------- d-----w- c:\program files\Ceremu
2010-01-26 06:56 . 2010-01-26 06:59 -------- d-----w- c:\documents and settings\Juca\Application Data\vlc
2010-01-26 06:37 . 2010-01-26 06:38 -------- d-----w- c:\documents and settings\Juca\Application Data\Media Player Classic
2010-01-25 16:33 . 2010-01-25 16:33 -------- d-----w- c:\program files\Speccy
2010-01-25 10:57 . 2010-01-25 10:57 -------- d-----w- c:\program files\MKVtoolnix
2010-01-23 11:43 . 2010-02-12 10:30 -------- d-----w- c:\documents and settings\Juca\Application Data\ERS G-Studio
2010-01-22 16:43 . 2010-01-22 16:43 -------- d-----w- c:\documents and settings\Juca\Application Data\ArcticLine
2010-01-22 16:25 . 2010-01-22 16:28 -------- d-----w- c:\documents and settings\Juca\Local Settings\Application Data\plantthis
2010-01-22 14:09 . 2010-01-22 14:09 -------- d-----w- c:\program files\Desktop
2010-01-22 12:19 . 2010-01-22 12:19 -------- d-----w- c:\documents and settings\Juca\Application Data\YoudaGames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 05:06 . 2009-02-18 18:08 -------- d-----w- c:\documents and settings\Juca\Application Data\uTorrent
2010-02-21 05:00 . 2009-05-11 04:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-21 04:52 . 2009-02-20 14:53 7 ----a-w- c:\windows\sbacknt.bin
2010-02-21 04:51 . 2009-02-19 11:35 -------- d-----w- c:\program files\DivX
2010-02-20 23:29 . 2010-01-19 06:52 311 ----a-w- c:\windows\system32\InetLock.dat
2010-02-20 23:29 . 2009-02-18 17:42 16608 ----a-w- c:\windows\gdrv.sys
2010-02-20 23:29 . 2008-12-17 07:03 17659 ----a-w- c:\windows\system32\drivers\inetlock.sys
2010-02-20 18:19 . 2009-12-28 07:33 0 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\prvlcl.dat
2010-02-20 17:39 . 2009-02-19 11:31 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-20 17:00 . 2009-12-07 07:33 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-02-20 16:57 . 2009-02-22 11:42 -------- d-----w- c:\program files\Winamp
2010-02-20 16:56 . 2009-02-18 18:08 -------- d-----w- c:\program files\uTorrent
2010-02-20 16:56 . 2009-05-30 11:37 -------- d-----w- c:\program files\ALLPlayer
2010-02-20 16:56 . 2009-05-11 04:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-20 16:56 . 2009-02-23 14:05 -------- d-----w- c:\program files\MorEmoticons
2010-02-20 16:46 . 2009-02-20 15:00 44544 ----a-w- c:\windows\system32\nerocheck.exe
2010-02-20 16:46 . 2009-02-19 16:14 44544 ----a-w- c:\windows\system32\elkctrl.exe
2010-02-20 16:46 . 2005-12-09 14:32 44544 ----a-w- c:\windows\system32\lvcomsx.exe
2010-02-19 12:31 . 2009-02-19 12:26 -------- d-----w- c:\program files\SpywareBlaster
2010-02-18 14:57 . 2009-03-16 13:32 -------- d-----w- c:\program files\Google
2010-02-18 13:57 . 2009-12-25 14:41 -------- d-----w- c:\program files\Sandboxie
2010-02-18 13:35 . 2009-02-18 17:43 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-18 13:15 . 2009-11-18 16:24 53512 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT
2010-02-18 13:02 . 2009-11-18 16:24 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-02-17 13:02 . 2010-01-11 11:37 -------- d-----w- c:\program files\20 TRIKOVA
2010-02-17 09:59 . 2009-02-19 11:12 -------- d-----w- c:\documents and settings\Juca\Application Data\Thinstall
2010-02-15 10:11 . 2009-02-22 11:42 -------- d-----w- c:\documents and settings\Juca\Application Data\Winamp
2010-02-14 15:51 . 2009-02-19 12:05 -------- d-----w- c:\documents and settings\Juca\Application Data\Skype
2010-02-14 10:57 . 2009-02-19 12:07 -------- d-----w- c:\documents and settings\Juca\Application Data\skypePM
2010-02-13 09:04 . 2009-04-25 11:04 -------- d-----w- c:\program files\Common Files\Cloanto
2010-02-13 09:04 . 2009-04-25 11:02 -------- d-----w- c:\program files\Cloanto
2010-02-05 16:17 . 2009-07-15 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Norton Security Scan
2010-02-05 16:17 . 2009-06-22 05:52 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-02-01 13:09 . 2009-10-28 22:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Intenium
2010-01-31 15:39 . 2009-02-25 06:54 26 ----a-w- c:\windows\popcinfo.dat
2010-01-31 11:13 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\All Users\Application Data\EasyMp3Downloader
2010-01-27 06:44 . 2009-02-19 09:12 -------- d-----w- c:\program files\Java
2010-01-26 14:47 . 2009-02-19 11:35 -------- d-----w- c:\documents and settings\Juca\Application Data\Dr. DivX 2.0 OSS
2010-01-21 13:02 . 2010-01-21 13:02 -------- d-----w- c:\documents and settings\Juca\Application Data\AJ SQUARE INC
2010-01-19 14:54 . 2010-01-19 14:57 274 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat
2010-01-19 14:29 . 2010-01-19 14:29 -------- d-----w- c:\documents and settings\Juca\Application Data\Gamelab
2010-01-19 06:58 . 2010-01-19 06:52 -------- d-----w- c:\program files\Internet Lock
2010-01-19 06:52 . 2010-01-19 06:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TopLang
2010-01-18 12:47 . 2010-01-18 12:47 -------- d-----w- c:\documents and settings\Juca\Application Data\EasyMp3Downloader
2010-01-17 13:25 . 2010-01-17 13:15 -------- d-----w- c:\program files\ProgDVB
2010-01-16 07:35 . 2009-02-19 12:05 -------- d-----r- c:\program files\Skype
2010-01-15 23:39 . 2009-02-19 11:38 -------- d-----w- c:\documents and settings\Juca\Application Data\UpdateStar
2010-01-15 15:24 . 2009-09-16 05:35 -------- d-----w- c:\program files\Opera
2010-01-14 14:30 . 2010-01-14 14:26 -------- d-----w- c:\documents and settings\Juca\Application Data\Stellarium
2010-01-14 07:16 . 2010-01-14 07:16 -------- d-----w- c:\documents and settings\Juca\Application Data\Nero
2010-01-13 14:12 . 2009-02-19 17:03 -------- d-----w- c:\documents and settings\Juca\Application Data\DivX
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-11 07:16 . 2009-03-07 12:37 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-01-10 07:39 . 2009-03-06 14:05 -------- d-----w- c:\documents and settings\All Users\Application Data\CanonIJPLM
2010-01-09 15:50 . 2009-11-08 06:35 -------- d-----w- c:\documents and settings\Juca\Application Data\KidZui
2010-01-09 07:34 . 2010-01-09 06:38 -------- d-----w- c:\program files\Memorija v1.4
2010-01-08 17:23 . 2010-01-08 17:21 -------- d-----w- c:\program files\Amoba
2010-01-08 10:28 . 2010-01-08 07:36 27 ----a-w- c:\windows\popcinfot.dat
2010-01-08 06:58 . 2010-01-08 06:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCapv1005
2010-01-07 06:59 . 2010-01-07 06:59 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-06 15:16 . 2010-01-06 15:16 -------- d-----w- c:\documents and settings\All Users\Application Data\ScreenSeven
2010-01-06 15:15 . 2010-01-06 15:15 -------- d-----w- c:\program files\SCREENSEVEN
2010-01-06 15:14 . 2009-12-14 06:47 -------- d-----w- c:\program files\OXXOGames
2010-01-06 13:23 . 2009-02-18 19:32 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-05 11:08 . 2010-01-05 11:08 -------- d-----w- c:\program files\xp_simulation_setup
2010-01-04 08:10 . 2009-02-19 12:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-31 16:14 . 2004-08-04 01:07 352640 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-29 07:21 . 2009-12-29 07:21 -------- d-----w- c:\documents and settings\Juca\Application Data\facemoods.com
2009-12-29 07:21 . 2009-12-04 08:22 -------- d-----w- c:\program files\Button Shop 4
2009-12-29 07:20 . 2009-12-24 07:31 -------- d-----w- c:\program files\ABBYY FineReader 8.0 Professional Edition
2009-12-26 15:23 . 2009-08-21 14:09 -------- d-----w- c:\program files\Super Internet TV
2009-12-25 06:51 . 2009-12-25 06:51 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000c00002i\jqsnotify.exe
2009-12-25 06:50 . 2009-12-25 06:50 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\PhotoScape\400000df00002i\firefox.exe
2009-12-24 07:32 . 2009-12-24 07:32 -------- d-----w- c:\documents and settings\Juca\Application Data\ABBYY
2009-12-23 14:43 . 2009-12-23 14:43 -------- d-----w- c:\program files\MSECache
2009-12-23 06:53 . 2009-12-23 06:53 -------- d-----w- c:\documents and settings\Juca\Application Data\YCanPDF
2009-12-22 05:42 . 2004-08-04 01:07 662016 ------w- c:\windows\system32\wininet.dll
2009-12-22 05:42 . 2004-08-04 01:07 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002ba200002i\run.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4ad000006100003i\cmd.exe
2009-12-20 13:33 . 2009-12-20 13:33 7680 ----a-w- c:\documents and settings\Juca\Application Data\Thinstall\Superfrog\4000002700002i\SuperFrog.exe
2009-12-17 16:14 . 2009-02-19 09:12 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-16 12:58 . 2009-02-18 15:58 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:35 . 2004-08-04 01:07 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-11 15:59 . 2009-12-11 16:00 737280 ----a-w- c:\windows\iun6002.exe
2009-12-11 07:11 . 2009-12-11 07:09 245760 ----a-w- c:\windows\Setup1.exe
2009-12-11 07:11 . 2009-12-11 07:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2009-12-09 06:25 . 2009-12-04 08:41 13952 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2009-12-04 14:41 . 2004-08-04 01:07 453760 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-12-04 08:37 . 2009-02-18 16:07 48840 ----a-w- c:\documents and settings\Juca\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-04 08:22 . 2009-12-04 08:22 2 ----a-w- c:\windows\system32\krx240.dat
2009-11-29 06:44 . 2009-11-29 06:44 0 ----a-w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2009-11-27 17:33 . 2004-08-04 01:07 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:33 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:37 . 2004-08-04 01:07 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:37 . 2004-08-04 01:07 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:37 . 2004-08-04 01:07 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:37 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:37 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
.
<pre>
c:\program files\ALLPlayer\allupdate .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Lavasoft\Ad-Aware\nwiz .exe
c:\program files\Lavasoft\Ad-Aware\rthdcpl .exe
c:\program files\Lavasoft\Ad-Aware\rundll32 .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\logitechdesktopmessenger .exe
c:\program files\MAdModule\madservice .exe
c:\program files\MorEmoticons\moremoticons .exe
c:\program files\Sandboxie\sbiectrl .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\uTorrent\utorrent        .exe
c:\program files\uTorrent\utorrent       .exe
c:\program files\uTorrent\utorrent      .exe
c:\program files\uTorrent\utorrent     .exe
c:\program files\uTorrent\utorrent    .exe
c:\program files\uTorrent\utorrent   .exe
c:\program files\uTorrent\utorrent  .exe
c:\program files\uTorrent\utorrent .exe
c:\program files\XpertVision\tbpanel .exe
</pre>

((((((((((((((((((((((((((((( SnapShot@2010-02-20_16.52.38 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-21 04:51 . 2010-02-21 04:51 16384 c:\windows\Temp\Perflib_Perfdata_7f8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-24 19:25 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{64182481-4F71-486b-A045-B233BD0DA8FC}]
c:\program files\facemoods.com\facemoods\1.3.43.0\escort.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78299f52-57b0-c342-b39e-a4bd6297d84c}]
c:\windows\system32\3N-4PGBL3zt-3.dll [BU]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 12:02 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2009-07-14 22:37 429280 ----a-w- c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]
"{DB4E9724-F518-4dfd-9C7C-78B52103CAB9}"= "c:\program files\facemoods.com\facemoods\1.3.43.0\escorTlbr.dll" [BU]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CLASSES_ROOT\clsid\{db4e9724-f518-4dfd-9c7c-78b52103cab9}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\escorTlbr.DskBnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-24 333192]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2010-02-20 44544]
"MorEmoticons"="c:\program files\MorEmoticons\MorEmoticons.exe" [2010-02-20 44544]
"Google Update"="c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-20 44544]
"ALLUpdate"="c:\program files\ALLPlayer\ALLUpdate.exe" [2010-02-20 44544]
"DW6"="" [N/A]
"360desktop"="" [N/A]
"ChristmasTree"="c:\documents and settings\Juca\Desktop\Christmas.exe" [N/A]
"uTorrent"="c:\program files\uTorrent\utorrent .exe" [2010-01-15 288048]
"TBPanel"="c:\program files\XpertVision\TBPanel.exe" [2010-02-20 44544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-16 13529088]
"nwiz"="nwiz.exe" [N/A]
"PCTVRemote"="c:\program files\Pinnacle\PCTV Stereo\Remote\Remoterm.exe" [2002-10-11 61699]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [N/A]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [N/A]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2010-02-20 44544]
"LogitechCameraAssistant"="c:\program files\Logitech\Video\CameraAssistant.exe" [N/A]
"LogitechVideo[inspector]"="c:\program files\Logitech\Video\InstallHelper.exe" [N/A]
"LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2010-02-20 44544]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2010-02-20 44544]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [N/A]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [N/A]
"GEST"="c:\program files\GIGABYTE\GEST\RUN.e_e" [N/A]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [N/A]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [N/A]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [N/A]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-16 86016]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-18 44544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]

c:\documents and settings\Juca\Start Menu\Programs\Startup\
DesktopVideoPlayer.LNK - c:\program files\vghd\vghd.exe [2009-2-20 423248]
Moo0 SystemMonitor 1.35.lnk.disabled [2009-5-11 888]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk.disabled [2009-3-19 1593]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2009-2-19 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-02-18 14:06 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ComPlusSetup]
2004-08-04 01:07 628224 ----a-w- c:\windows\system32\catsrvut.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Juca^Start Menu^Programs^Startup^FrostWire On Startup.lnk]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Klipfolio"="c:\program files\KlipFolio\Klipfolio.exe" /BOOT

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\GIGABYTE\\GEST\\run.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"d:\\Skidanje sa RapidShare\\CryptLoad 1.0.6\\CryptLoad.exe"=
"c:\\Program Files\\Java\\jre6\\launch4j-tmp\\JDownloader.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Juca\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\360desktop\\360desktop.exe"=
"c:\\Program Files\\360desktop\\360manager.exe"=
"d:\\Portabl programi\\uTorrent_1.8.5.17091_Final_Portable\\App\\utorrent\\utorrent.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\AVG\\AVG9\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"d:\\Nova mapa\\utorrent.exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=
"c:\\Program Files\\uTorrent\\utorrent .exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54945:TCP"= 54945:TCP:tcp54945
"54945:UDP"= 54945:UDP:udp54945
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2/18/2010 3:06 PM 161800]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/19/2009 1:44 PM 64160]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/18/2010 3:06 PM 333192]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/18/2010 3:06 PM 360584]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [2/25/2009 10:31 AM 234888]
R2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2/18/2010 3:06 PM 285392]
R2 HdThemeEnabler;Hyperdesk Theme Enabler;c:\program files\The Skins Factory\Hyperdesk\Common\HdThemeEnabler.exe [7/21/2008 11:50 AM 106496]
R2 INETLOCK;INETLOCK;c:\windows\system32\drivers\inetlock.sys [12/17/2008 8:03 AM 17659]
R2 INETLOCKSVC;Internet Lock Service;c:\program files\Internet Lock\ILSvc.exe [12/17/2008 9:14 AM 139264]
R3 3xHybrid;Pinnacle PCTV Stereo service;c:\windows\system32\drivers\3xhybrid.sys [2/18/2009 8:28 PM 698368]
R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 10:34 PM 1028432]
R3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
R3 pctvvbi;PCTVVBI;c:\windows\system32\drivers\pctvvbi.sys [2/18/2009 8:28 PM 6400]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Juca\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Juca\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\GEST\gsvr.exe [2/18/2009 6:43 PM 55816]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [6/29/2009 9:12 AM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-02-15 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 11:44]

2010-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003Core.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 16:56]

2010-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1659004503-2077806209-725345543-1003UA.job
- c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 16:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www3.iamwired.net/
uInternet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101787&gct=&gc=1&q=%s
IE: &Download all 4shared files
IE: &Download using 4shared Desktop
IE: &Search
IE: &Webshots Photo Search - c:\program files\Webshots\WSToolbar4IE.dll/MENUSEARCH.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Vorlesen mit MWS Reader 4
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
TCP: {C5A62D61-DD73-4038-8C7F-E808128A0E20} = 192.168.1.1,192.168.1.2
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components\kikin.dll
FF - component: c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\extensions\{ca4d3df2-64ad-4af4-aebe-e7bbe7163ace}\components\FFExternalAlert.dll
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - plugin: c:\documents and settings\Juca\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
BHO-{09ec805c-cb2e-4d53-b0d3-a75a428b81c7} - (no file)
BHO-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-21 06:13
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"abdgjpinehmiiapkdbbdfcinajdafclgcd"=hex:67,61,70,65,6b,65,70,6b,6c,6c,64,67,
62,68,00,7c
"bbdgjpinehmiiapkdbecccopidfflhnjfefm"=hex:61,62,6f,65,63,63,67,62,70,65,67,6d,
65,65,6b,6e,6d,66,63,69,63,6e,6c,65,65,6b,65,64,69,6b,62,63,68,68,00,00
.
Completion time: 2010-02-21 06:15:26
ComboFix-quarantined-files.txt 2010-02-21 05:15
ComboFix2.txt 2009-07-23 06:15

Pre-Run: 99,116,212,224 bytes free
Post-Run: 99,079,348,224 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 888884FF06A070A002E0886A74BA494F

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Prilično nezgodna infekcija... Inficirani su praktično svi programi koji se startuju sa Windowsom.

U ovom koraku ćemo pokušati da deaktiviramo malware, a u idućem da popravimo što se popraviti može - preostale programe ćeš morati reinstalirati.

Bitno: ne instaliraj bilo kakve programe i ne skeniraj bilo čime.

Log napravljen na kraju sledećeg skeniranja će biti sačuvan kao C:\ComboFix.txt.

Nemoj ga kopirati u poruku, već ga prikači korišćenjem opcije Prikači fajl.

Ne pokreći ComboFix više puta.







Otvoriti Notepad i iskopirati sledeci tekst:


File::
c:\documents and settings\Juca\SyncMan.exe
c:\windows\system32\SyncMan.exe
c:\windows\system32\-c6DPF_uCL2_X.exe
c:\documents and settings\Juca\nwiz.exe
c:\program files\126640.dat
c:\program files\144453.dat
c:\program files\122093.dat
c:\program files\115968.dat
c:\program files\114796.dat
c:\program files\Mozilla Firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll
c:\windows\system32\nerocheck.exe
c:\windows\system32\elkctrl.exe
c:\windows\system32\lvcomsx.exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
c:\program files\MorEmoticons\MorEmoticons.exe
c:\documents and settings\Juca\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\ALLPlayer\ALLUpdate.exe
c:\program files\XpertVision\TBPanel.exe
c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe
c:\windows\system32\tscupgrd.exe

NoOrphans::

KillAll::

FileLook::
c:\program files\ALLPlayer\allupdate .exe
c:\program files\AVG\AVG9\avgtray .exe
c:\program files\Common Files\Microsoft Shared\DW\dwtrig20 .exe
c:\program files\Lavasoft\Ad-Aware\nwiz .exe
c:\program files\Lavasoft\Ad-Aware\rthdcpl .exe
c:\program files\Lavasoft\Ad-Aware\rundll32 .exe
c:\program files\Logitech\Desktop Messenger\8876480\Program\logitechdesktopmessenger .exe
c:\program files\MAdModule\madservice .exe
c:\program files\MorEmoticons\moremoticons .exe
c:\program files\Sandboxie\sbiectrl .exe
c:\program files\Spybot - Search & Destroy\teatimer .exe
c:\program files\uTorrent\utorrent        .exe
c:\program files\uTorrent\utorrent       .exe
c:\program files\uTorrent\utorrent      .exe
c:\program files\uTorrent\utorrent     .exe
c:\program files\uTorrent\utorrent    .exe
c:\program files\uTorrent\utorrent   .exe
c:\program files\uTorrent\utorrent  .exe
c:\program files\uTorrent\utorrent .exe
c:\program files\XpertVision\tbpanel .exe

DDS::
uStart Page = hxxp://www3.iamwired.net/

Firefox::
FF - ProfilePath - c:\documents and settings\Juca\Application Data\Mozilla\Firefox\Profiles\w19fn5wp.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - prefs.js: keyword.URL - hxxp://www3.iamwired.net/websearch.php?src=tops&search=
FF - component: c:\program files\Mozilla Firefox\extensions\{bf1c572e-ee4a-a52e-eecd-f9c8b2bbaabf}\components\cjmRbj--m3CBEPL.dll

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78299f52-57b0-c342-b39e-a4bd6297d84c}]

RegNull::
[HKEY_USERS\S-1-5-21-1659004503-2077806209-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8BE5D901-C3A6-EA11-8FD9-CA472E696B4E}*]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.