zamrzava mi se windovs

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 11-03-02.05 - MILANA 03.03.2011 12:14:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1023.523 [GMT 1:00]
Running from: c:\documents and settings\MILANA\My Documents\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *Enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\regedit.exe . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2011-02-03 to 2011-03-03 )))))))))))))))))))))))))))))))
.

2011-02-26 08:29 . 2011-02-26 08:29 -------- d-----w- c:\documents and settings\MILANA\Application Data\Uniblue
2011-02-26 08:29 . 2011-03-02 04:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{DE8EABB5-1C85-4410-A68D-79BD8A4518F4}
2011-02-26 08:29 . 2011-02-26 08:29 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\PackageAware
2011-02-17 18:57 . 2010-09-17 10:13 548864 ----a-w- c:\windows\system32\GDS32.DLL
2011-02-17 18:57 . 2010-09-17 10:16 462848 ----a-w- c:\windows\system32\Firebird2Control.cpl
2011-02-17 17:46 . 2011-02-17 17:46 -------- d-----w- C:\dsp_sps
2011-02-16 15:44 . 2011-02-16 15:48 -------- d-----w- c:\documents and settings\All Users\Application Data\PhotoStitch
2011-02-16 10:08 . 2011-02-16 10:08 -------- d-----w- c:\documents and settings\MILANA\Application Data\GRETECH
2011-02-15 23:27 . 2011-03-03 07:00 -------- d-----w- c:\documents and settings\All Users\Application Data\firebird
2011-02-15 13:04 . 2011-02-17 17:44 -------- d-----w- c:\program files\SHOUTcast Radio Toolbar
2011-02-14 20:27 . 2011-02-14 20:27 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\VS Revo Group
2011-02-14 20:26 . 2011-02-14 20:26 -------- d-----w- c:\program files\VS Revo Group
2011-02-12 15:35 . 2011-02-12 15:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar
2011-02-11 21:46 . 2011-02-13 09:55 -------- d-----w- c:\program files\Bonjour
2011-02-11 17:35 . 2008-05-14 08:34 3077416 ----a-w- c:\windows\system32\AdvrCntr2D6E0B790.dll
2011-02-11 15:59 . 2011-02-11 15:59 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\Xilisoft
2011-02-11 15:59 . 2011-02-11 15:59 -------- d-----w- c:\documents and settings\MILANA\Application Data\Xilisoft
2011-02-11 15:58 . 2011-02-18 04:34 -------- d-----w- c:\documents and settings\MILANA\Application Data\Toolbar4
2011-02-11 15:58 . 2011-02-11 15:58 -------- d-----w- c:\program files\Xilisoft
2011-02-11 15:58 . 2011-02-11 15:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Xilisoft
2011-02-11 12:37 . 2011-02-11 12:38 -------- d-----w- c:\program files\BeCyIconGrabber
2011-02-11 12:34 . 2011-02-11 12:34 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-11 12:28 . 2011-02-11 13:11 -------- d-----w- c:\documents and settings\MILANA\Tracing
2011-02-11 12:22 . 2011-02-11 12:22 -------- d-----w- c:\program files\Common Files\Windows Live
2011-02-11 12:05 . 2011-02-11 12:10 213 ----a-w- c:\windows\BricoPackFoldersDelete.cmd
2011-02-11 08:18 . 2011-02-11 08:18 -------- d-----w- c:\documents and settings\MILANA\Application Data\FastStone
2011-02-11 08:18 . 2011-02-11 13:25 -------- d-----w- c:\program files\FastStone Image Viewer
2011-02-11 08:11 . 2011-02-11 08:11 -------- d-----w- c:\program files\GRETECH
2011-02-10 12:51 . 2011-02-10 12:51 -------- d-----w- c:\documents and settings\MILANA\Application Data\Reviversoft
2011-02-10 12:35 . 2011-02-10 12:35 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\uTorrentBar
2011-02-10 12:35 . 2011-02-10 12:35 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\ConduitEngine
2011-02-10 12:35 . 2011-02-10 12:35 -------- d-----w- c:\program files\ConduitEngine
2011-02-10 12:34 . 2011-02-10 12:34 -------- d-----w- c:\program files\uTorrent
2011-02-10 12:32 . 2011-02-22 08:58 -------- d-----w- c:\documents and settings\MILANA\Application Data\uTorrent
2011-02-10 12:30 . 2010-12-13 12:24 11264 ----a-w- c:\windows\system32\roboot.exe
2011-02-10 12:30 . 2011-02-10 12:30 -------- d-----w- c:\program files\Reviversoft
2011-02-10 12:29 . 2011-02-10 12:31 -------- d-----w- c:\documents and settings\MILANA\Local Settings\Application Data\OpenCandy
2011-02-10 12:29 . 2011-02-10 12:29 -------- d-----w- c:\documents and settings\MILANA\Application Data\OpenCandy
2011-02-10 11:26 . 2008-04-14 04:42 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-02-10 11:26 . 2008-04-13 21:57 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-02-10 11:26 . 2008-04-14 04:40 102912 -c----w- c:\windows\system32\dllcache\dpcdll.dll
2011-02-10 11:26 . 2008-04-14 04:42 10752 ------w- c:\windows\system32\smtpapi.dll
2011-02-10 11:26 . 2008-04-14 04:42 9728 ------w- c:\windows\system32\rwnh.dll
2011-02-10 11:26 . 2008-04-13 23:15 46592 ------w- c:\windows\system32\drivers\irbus.sys
2011-02-10 11:26 . 2008-04-13 23:13 9728 ------w- c:\windows\system32\comsdupd.exe
2011-02-10 11:22 . 2008-04-14 04:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2011-02-10 11:21 . 2008-04-14 04:42 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-02-10 08:30 . 2011-02-10 08:30 -------- d-----w- c:\documents and settings\All Users\Application Data\The Skins Factory
2011-02-10 08:05 . 2011-02-10 08:55 -------- d-----w- c:\program files\UseNeXT
2011-02-09 20:04 . 2011-02-12 21:45 -------- d-----w- c:\program files\Ask.com
2011-02-09 20:00 . 2011-02-09 20:00 -------- d-----w- c:\documents and settings\MILANA\Application Data\GetRightToGo
2011-02-08 19:53 . 2011-02-21 22:08 -------- d-----w- c:\program files\CDBurnerXP
2011-02-08 16:38 . 2011-02-08 16:38 -------- d-----w- c:\documents and settings\MILANA\Application Data\URSoft
2011-02-08 16:23 . 2011-02-08 16:23 -------- d-----w- c:\program files\VITSOFT
2011-02-07 10:37 . 2011-02-07 10:37 126512 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-07 10:37 . 2011-02-07 10:37 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-02-07 10:37 . 2011-02-07 11:32 -------- d-----w- c:\program files\Common Files\Symantec Shared
2011-02-07 10:37 . 2011-02-07 10:37 -------- d-----w- c:\program files\Symantec
2011-02-07 10:36 . 2011-02-07 11:08 -------- d-----w- c:\windows\system32\drivers\NIS
2011-02-07 10:36 . 2011-02-07 10:36 -------- d-----w- c:\program files\Norton Internet Security
2011-02-07 10:36 . 2011-02-07 10:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2011-02-07 10:36 . 2011-02-07 10:36 -------- d-----w- c:\program files\NortonInstaller

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-13 08:51 . 2010-05-08 10:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-13 08:51 . 2010-05-07 19:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-11 12:10 . 2009-12-14 09:49 134107 ----a-w- c:\windows\BricoPackUninst.cmd
2011-02-11 12:10 . 2004-08-03 22:56 218624 ----a-w- c:\windows\system32\uxtheme.dll
2010-12-06 07:31 . 2010-12-06 07:31 237320 ----a-w- c:\windows\system32\PDBoot.exe
.

------- Sigcheck -------

[7] 2009-08-06 . 62BB79160F86CD962F312C68C6239BFD . 53472 . . [7.4.7600.226] . . c:\windows\ERDNT\cache\wuauclt.exe

[-] 2010-02-25 . 974772C74DA7C7A8E7C813A9908A845F . 5946880 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\mshtml.dll
[-] 2009-12-21 . E6B64C6C729BBC38AB7CC92CE33F97A5 . 5945856 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . D1CF72C34BAF70C52797D1CB78D6EE92 . 3070976 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\mshtml.dll
[-] 2009-10-29 . C0F9AC6FAB2C788FFEE3E69585A0E93F . 5944320 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\mshtml.dll
[-] 2009-10-29 . DA551BFEC150760A38A9AD0C95A8A71C . 3073024 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\mshtml.dll
[-] 2009-10-29 . F3A9E882DF2F155C9395979FF9D7B0A7 . 3070976 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\mshtml.dll
[-] 2008-04-14 . FAF0B7CBC359831970AF068390A0CB4C . 3507200 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[-] 2008-04-14 . FAF0B7CBC359831970AF068390A0CB4C . 3507200 . . [6.00.2900.5512] . . c:\windows\system32\mshtml.dll
[-] 2004-08-03 . 6B34C92AC4935E0BCF035FE78E3905A2 . 3444224 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\mshtml.dll

[-] 2010-02-25 . 4458D59F2B0369F4D3B137541D284041 . 919040 . . [8.00.6001.22995] . . c:\windows\$hf_mig$\KB980182-IE8\SP3QFE\wininet.dll
[-] 2009-12-21 . 5E1F666B8955FD77E65D65C4C4D882A3 . 916480 . . [8.00.6001.22967] . . c:\windows\$hf_mig$\KB978207-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 6AF52998B90F72FF2325D84D90EDA1CC . 916480 . . [8.00.6001.22945] . . c:\windows\$hf_mig$\KB976325-IE8\SP3QFE\wininet.dll
[-] 2009-10-29 . 3839BD07F2C693EFE995F96BAAB7F4BF . 667136 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3GDR\wininet.dll
[-] 2009-10-29 . 6AC4AA42CC9AAEFAB1D5E4E2AF2E3D2B . 668672 . . [6.00.2900.5897] . . c:\windows\$hf_mig$\KB976325\SP3QFE\wininet.dll
[-] 2009-10-29 . DF1F2953B7983F9630CD658899826344 . 668672 . . [6.00.2900.3640] . . c:\windows\$hf_mig$\KB976325\SP2QFE\wininet.dll
[-] 2008-04-14 . 8A513E79E7980018DAEDCA586B866BC3 . 699904 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\wininet.dll
[-] 2008-04-14 . 8A513E79E7980018DAEDCA586B866BC3 . 699904 . . [6.00.2900.5512] . . c:\windows\system32\wininet.dll
[-] 2004-08-03 . 3A5EE0514F56B1B775D7641CFBA5AD37 . 690176 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\wininet.dll
[7] 2004-08-03 . C0823FC5469663BA63E7DB88F9919D70 . 656384 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\wininet.dll

[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\explorer.exe

[-] 2008-04-14 . AAC9DAE0E7C43BD26C43FC7436E2F1B0 . 832512 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[-] 2004-08-03 . 2D54D6321AE200903A363C5AC60D8A37 . 832512 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\ERDNT\cache\IEXPLORE.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 11:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-12 16384512]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\dalibor\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

c:\documents and settings\MILANA\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=c:\windows\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^MILANA^Start Menu^Programs^Startup^RocketDock.lnk]
backup=c:\windows\pss\RocketDock.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MILANA^Start Menu^Programs^Startup^UberIcon.lnk]
backup=c:\windows\pss\UberIcon.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^MILANA^Start Menu^Programs^Startup^Y'z Shadow.lnk]
backup=c:\windows\pss\Y'z Shadow.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2009-08-28 10:57 75048 ----a-w- c:\program files\CyberLink\Shared Files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-01-22 10:13 152872 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Domino]
2006-06-28 16:54 49152 ----a-w- c:\windows\Domino.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-06-15 21:53 136176 -----tw- c:\documents and settings\MILANA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2008-05-28 07:27 570664 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-01-26 16:05 15026056 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-01-26 14:31 2144088 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2006-11-10 10:35 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-08-30 09:58 49152 ----a-w- c:\windows\vmsnap3.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Raptr\\raptr.exe"=
"c:\\Program Files\\Raptr\\raptr_im.exe"=
"c:\\Documents and Settings\\MILANA\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1205000.07D\symds.sys [2/7/2011 12:00 PM 340016]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1205000.07D\symefa.sys [2/7/2011 12:00 PM 652336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110225.002\BHDrvx86.sys [2/25/2011 10:59 PM 800376]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1205000.07D\ironx86.sys [2/7/2011 12:00 PM 136312]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbguard.exe [2/17/2011 7:57 PM 98304]
R2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe [2/7/2011 11:59 AM 130000]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2/7/2011 11:59 AM 102448]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_5\bin\fbserver.exe [2/17/2011 7:57 PM 3735552]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110302.001\IDSXpx86.sys [3/2/2011 5:34 AM 341944]
R3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys [12/13/2009 11:53 PM 428160]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/19/2010 1:21 PM 136176]
S2 HdThemeEnabler;Hyperdesk Theme Enabler;"c:\windows\HDThemeEnabler.exe" -service --> c:\windows\HDThemeEnabler.exe [?]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\windows\TEMP\drv1.tmp --> c:\windows\TEMP\drv1.tmp [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\i:\ntglm7x.sys --> i:\NTGLM7X.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2011-03-03 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2009\OneClickStarter.exe [2009-11-16 15:54]

2011-02-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 12:21]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-19 12:21]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-789336058-839522115-1003Core.job
- c:\documents and settings\MILANA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 21:53]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-789336058-839522115-1003UA.job
- c:\documents and settings\MILANA\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-06-15 21:53]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1229272821-839522115-1003Core.job
- c:\documents and settings\dalibor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]

2011-03-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1844237615-1229272821-839522115-1003UA.job
- c:\documents and settings\dalibor\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-30 14:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.facemoods.com/?a=ddr
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://www.bigseekpro.com/xilisoftyoutube/{49BA1E45-ABD6-46AB-9CBF-26930761A8FB}
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with Xilisoft YouTube Video Converter - d:\ljeto 2009\YouTube Video Converter\upod_link.HTM
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - ProfilePath - c:\documents and settings\MILANA\Application Data\Mozilla\Firefox\Profiles\o4pc4r91.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1142338&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.rs/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=STC&o=15570&locale=en_EU&apn_uid=6F67C369-CCDB-4645-B0E6-4C9D1BB06E81&apn_ptnrs=IP&apn_sauid=AD252805-2D5F-4136-B713-E432F6B88D2C&apn_dtid=YYYYYYYYRS&q=
FF - Ext: Earth From Orbit Toolbar: efotoolbar@earth-from-orbit - c:\program files\Mozilla Firefox\extensions\efotoolbar@earth-from-orbit
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Earth From Orbit Toolbar: efotoolbar@earth-from-orbit - %profile%\extensions\efotoolbar@earth-from-orbit
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: Facemoods: ffxtlbr@Facemoods.com - %profile%\extensions\ffxtlbr@Facemoods.com
FF - Ext: Softonic Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com
FF - Ext: SHOUTcast Radio Toolbar: {12e4c684-c03e-4e4d-85bc-0c065e7a9489} - %profile%\extensions\{12e4c684-c03e-4e4d-85bc-0c065e7a9489}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: Softonic English Community Toolbar: {930f1200-f5f1-4870-bac6-e233ec8e7023} - %profile%\extensions\{930f1200-f5f1-4870-bac6-e233ec8e7023}
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
MSConfigStartUp-WinampAgent - c:\program files\Winamp\winampa.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-03 12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.5.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\windows\TEMP\drv1.tmp"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(740)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
.
Completion time: 2011-03-03 12:27:25
ComboFix-quarantined-files.txt 2011-03-03 11:27
ComboFix2.txt 2011-02-07 15:40
ComboFix3.txt 2011-02-07 08:07

Pre-Run: 4.120.199.168 bytes free
Post-Run: 4.086.480.896 bytes free

- - End Of File - - 8C85718FED7889DD1B77A6C0EA558908

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pozdrav njuskalo75!







http://www.mycity.rs/Ambulanta/Kako-otvoriti-temu-u-Ambulanti.html



Jednom si ovo vec procitao, zar ne?
Mozda treba jos jednom.







ComboFix nije dijagnosticki alat kao ovi iz uputstva. To je jako mocan alat, koji nepravilnim rukovanjem, moze unistiti operativni sistem ili pak sve padatke sa hard diska. Pokrece se iskljucivo uz predlog, nadleznost i detaljno uputstvo helpera koji je expert u toj oblasti i zna sta radi.

Za ubuduce, ne pokreci ComboFix na svoju ruku.




Inace, tvoj problem sa racunarom je? Po mogucstvu, budi sto detaljniji i iznesi sto vise informacija.






goran9888 (AMF Tim)