System usporen, racunar cesto zakuje

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Kao sto pise u naslovu system je usporen i racunar cesto zakuje pa se mora restartovati. Vjerovatno mu treba jedno ciscenje od virusa i od ko zna cega sve. Evo logova...

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_32
Run by user at 5:17:51 on 2012-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.73 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton Safe Web Lite\Engine\2.0.0.16\ccSvcHst.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\StarGPS\stargps2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
uWindows: load=?
uWindows: Run=?
BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: Norton Safe Web Lite BHO: {f0da78e9-6b60-42fb-bc26-ef2cfb8c8ff3} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
BHO: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll
TB: BS Player Toolbar: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - c:\program files\bs_player\tbBS_P.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Norton Safe Web Lite: {30ceeea2-3742-40e4-85dd-812bf1cbb83d} - c:\program files\norton safe web lite\engine\2.0.0.16\coIEPlg.dll
TB: {2C688203-7EB3-4327-9995-1CB417BA23F9} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [LXDDCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\LXDDtime.dll,_RunDLLEntry@16
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab
TCP: Interfaces\{A39DA86B-9064-4D5E-98BA-4D7108E94797} : NameServer = 195.66.189.137 195.66.189.138
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-12-20 165584]
R1 ccSet_NST;Norton Safe Web Lite Settings Manager;c:\windows\system32\drivers\nst\0200000.010\ccSetx86.sys [2012-1-21 132744]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-12-20 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-20 655944]
R2 NSL;Norton Safe Web Lite;c:\program files\norton safe web lite\engine\2.0.0.16\ccSvcHst.exe [2012-1-21 138760]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-5-25 632792]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-12-20 40384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-20 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ivjwjmqqv;Update Support;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 mtwglv;Boot Center;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]
S2 yoziqnbbr;Support Config;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-8-11 113120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-08-14 02:22:33 -------- d-----w- c:\windows\LastGood.Tmp
2012-08-14 02:15:27 -------- d-----w- c:\windows\ServicePackFiles
2012-08-14 02:15:04 294912 ------w- c:\program files\windows media player\dlimport.exe
2012-08-14 02:14:55 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2012-08-14 02:10:18 19569 ----a-w- c:\windows\003225_.tmp
2012-08-14 01:58:05 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
==================== Find3M ====================
.
2012-08-09 21:38:55 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30:44 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-03 11:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
============= FINISH: 5:18:44,78 ===============



https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

https://www.mycity.rs/must-login.png

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

Pozdrav, Springfield


U toku rešavanja slučaja, zamolio bih te da se pridržavas sledećeg:
Detaljno čitati moja uputstva ( ili uputstva kolega koji će me zamenjivati) i raditi isključivo po njima;
Ne tražiti istovremeno pomoć na drugom mestu;
Nemoj koristiti druge programe za uklanjanje malware-a, osim onih za koje budeš dobio uputstvo;
Ukoliko se desi nešto što ne stoji u uputstvu, a ne znaš šta je, zaustavi sve i pitaj;
U toku intervencije ne koristiti USB memorijske uređaje, dok to ne budem zatražio;
Uvek kopiraj ceo izveštaj u poruku, bez da ga attach-uješ, ukoliko nije tako zatraženo;
Ukoliko ne odgovorim u roku od 24h, osveži temu novim post-om;
Ukoliko se ne javiš u roku od 5 dana, zatvorićemo slučaj.
Za vise informacija o pravilima Ambulante MyCity foruma: LINK



Ukoliko je taj racunar prikljucen na mrezu, otkaci ga sa iste.




Korak 1


Preuzmi Norton Removal Tool, pokreni i isprati instrukcije. Kada proces bude završen, restartuj računar.


Korak 2


Preuzmi sUBs-ov ComboFix sa sledeće adrese na Desktop:


Bleeping Computer
Klikni desnim tasterom na link i odaberi opciju Save Target As... (Save Link As..., Save Linked Content As... ili sličnu);
Kada se otvori dijalog za izbor lokacije na kojoj treba sačuvati fajl, odaberi Desktop i klikni Save.



Kada preuzimanje programa bude završeno:
deaktiviraj zaštitni softver (uputstvo);
zatvori pokrenute programe;
dvoklikom pokreni program ComboFix;
u prozoru koji se otvori klikni "I Agree".
U toku rada, ComboFix će:proveriti postoji li novija verzija programa:
klikni Yes ako bude ponuđeno preuzimanje iste.ako Recovery Console nije instalirana, ponuditi instalaciju:
obavezno prihvati klikom na Yes i isprati postupak.postaviti/dati određeni broj upita/obaveštenja:
prihvati klikom na Yes ili OK.po potrebi, restartovati Windows (više puta);
na kraju rada, otvoriti Notepad sa izveštajem o skeniranju.

Iskopiraj izvještaj koji je ComboFix napravio u temu na forumu:
klikni desnim tasterom miša u prozor Notepad-a i izaberi Select All;
klikni desnim tasterom miša na obilježeni tekst i izaberi Copy;
klikni desnim tasterom miša u polje za pisanje poruke i izaberi Paste.

Napomena:Izvještaj će biti sačuvan pod nazivom ComboFix.txt na sistemskoj particiji (tipična lokacija: C:\ComboFix.txt);
Ukoliko nakon slanja poruke primetiš da izvještaj nije kompletan, iskoristi opciju Prikači fajl za prilaganje fajla C:\ComboFix.txt uz poruku.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 12-08-14.05 - user 15.08.2012 2:20.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.280 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\user\Start Menu\Programs\Download programs.url
c:\documents and settings\user\Start Menu\Programs\Games.url
c:\documents and settings\user\Start Menu\Programs\Translator.url
c:\documents and settings\user\Start Menu\Programs\Videos.url
c:\documents and settings\user\WINDOWS
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-09 21:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:56 . 2012-07-17 02:58 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2012-07-17 02:56 . 2012-07-17 02:56 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 21:38 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
2010-11-29 14:26 3908192 ----a-w- c:\program files\BS_Player\tbBS_P.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"= "c:\program files\BS_Player\tbBS_P.dll" [2010-11-29 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2435:TCP"= 2435:TCP:mypgmmon
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.12.2010 19:53 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2010 19:53 17744]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 ivjwjmqqv;Update Support;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
mtwglv
yoziqnbbr
ivjwjmqqv
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: Interfaces\{A39DA86B-9064-4D5E-98BA-4D7108E94797}: NameServer = 195.66.189.137 195.66.189.138
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Notify-WgaLogon - (no file)
MSConfigStartUp-Advanced WindowsCare 3 - c:\program files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-HService - c:\windows\msservice.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
MSConfigStartUp-Sys32 - c:\windows\Sys32.exe
AddRemove-GTA2 - c:\program files\GTA2 DEMO\Uninst.isu
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-15 02:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228e38a-0c5b-11e0-a647-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,01,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae1eb1e-cc44-11dd-94f1-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329e-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329f-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,cf,5f,5f,5f,5f,cf,cf,5f,5f,
5f,cf,cf,cf,5f,5f,5f,cf,cf,cf,5f,5f,cf,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,df,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c32a1-8ff3-11dc-a39a-806d6172696f}]
@DACL=(02 0000)
"BaseClass"="Drive"
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501dd708-a2ae-11dd-94c4-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51979390-2787-11de-a3c9-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52a7709a-94b2-11dd-94be-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6640045c-3e2c-11dd-944c-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6afeea86-ed8a-11dd-950b-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf4738c-aa64-11dc-93e4-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,
ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5c8346-a5c5-11dd-94c7-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8efb215a-45d5-11dd-9454-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9350d7bc-8bd1-11dd-94bb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c82786a-485d-11dd-945a-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6bd-7bac-11dd-94ae-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6d8-7bac-11dd-94ae-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4bd7fd0-c0bc-11dd-94e1-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6088d18-3319-11de-a3da-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bead24bc-7738-11dd-94ad-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d441f650-6803-11df-a56d-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae51e-4601-11de-a41b-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea71d84e-4ce7-11dd-9460-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,00,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edeebd1f-40d6-11de-a408-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,cf,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420c9-d0a8-11df-a5cb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420ca-d0a8-11df-a5cb-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,cf,5f,5f,5f,5f,5f,00,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c058-51e4-11dd-9464-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c059-51e4-11dd-9464-001bfc1fdefc}]
@DACL=(02 0000)
"BaseClass"="Drive"
"_AutorunStatus"=hex:01,00,01,00,00,01,00,df,df,5f,df,5f,5f,5f,5f,df,df,5f,5f,
5f,df,df,df,5f,5f,5f,df,df,df,5f,5f,df,5f,5f,5f,5f,5f,01,00,01,01,ee,ff,ff,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2012-08-15 02:31:31
ComboFix-quarantined-files.txt 2012-08-15 00:31
.
Pre-Run: 58.416.332.800 bytes free
Post-Run: 58.347.257.856 bytes free
.
- - End Of File - - 9D6EEEB836748823BE7E721A4F0EE163

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeći tekst:

Driver::
ivjwjmqqv

Netsvc::
mtwglv
yoziqnbbr
ivjwjmqqv

File::
c:\program files\BS_Player\tbBS_P.dll

Folder::
c:\program files\ConduitEngine

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
[-HKEY_CLASSES_ROOT\clsid\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=-
"{30F9B915-B755-4826-820B-08FBA6BD249D}"=-
[-HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2435:TCP"=-
"1723:TCP"=-
"1701:UDP"=-
"500:UDP"=-

RegLockDel::
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\A]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\C]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0228e38a-0c5b-11e0-a647-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae1eb1e-cc44-11dd-94f1-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329e-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c329f-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{454c32a1-8ff3-11dc-a39a-806d6172696f}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{501dd708-a2ae-11dd-94c4-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{51979390-2787-11de-a3c9-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{52a7709a-94b2-11dd-94be-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6640045c-3e2c-11dd-944c-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6afeea86-ed8a-11dd-950b-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6bf4738c-aa64-11dc-93e4-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7b5c8346-a5c5-11dd-94c7-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8efb215a-45d5-11dd-9454-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9350d7bc-8bd1-11dd-94bb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9c82786a-485d-11dd-945a-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6bd-7bac-11dd-94ae-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a166b6d8-7bac-11dd-94ae-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a4bd7fd0-c0bc-11dd-94e1-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b6088d18-3319-11de-a3da-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bead24bc-7738-11dd-94ad-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d441f650-6803-11df-a56d-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e44ae51e-4601-11de-a41b-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ea71d84e-4ce7-11dd-9460-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{edeebd1f-40d6-11de-a408-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420c9-d0a8-11df-a5cb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fc0420ca-d0a8-11df-a5cb-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c058-51e4-11dd-9464-001bfc1fdefc}]
[HKEY_USERS\S-1-5-21-1417001333-602609370-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fe73c059-51e4-11dd-9464-001bfc1fdefc}]

Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledećoj poruci log koji bude bio napravljen na kraju čišćenja/skeniranja.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 12-08-15.01 - user 16.08.2012 2:16.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.261 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
FILE ::
"c:\program files\BS_Player\tbBS_P.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BS_Player\tbBS_P.dll
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\toolbar.cfg
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_IVJWJMQQV
-------\Service_ivjwjmqqv
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-09 21:38 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-17 02:56 . 2012-07-17 02:58 -------- d-----w- c:\documents and settings\user\Application Data\Notepad++
2012-07-17 02:56 . 2012-07-17 02:56 -------- d-----w- c:\program files\Notepad++
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-09 21:38 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-15_00.28.54 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-08-16 00:25 . 2012-08-16 00:25 16384 c:\windows\Temp\Perflib_Perfdata_390.dat
+ 2012-08-15 04:39 . 2012-08-15 04:39 55808 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\ae762cdc59ea894dcea7c1f5b7e496dd\System.Xaml.Hosting.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 35328 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Pres#\5172f64c070a65b834e61f5cd6d0e632\System.Windows.Presentation.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 24064 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Routing\94938a2770c5a8f8d5fe2eb4a78a1dd4\System.Web.Routing.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 46592 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\3b25cac7d0e813760d06d71f4285a0aa\System.Web.DynamicData.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 24576 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Abstract#\6f92f45d86d82065a08bb5c20312d9b1\System.Web.Abstractions.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 12288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fe1aff4ad8dddc97204a371feba3599d\System.ServiceModel.ServiceMoniker40.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 82432 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\76ba7b2f5232c390b8db9dfcd935af93\System.ServiceModel.Channels.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 78848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn.Contra#\a5c37bc9caf315df294f8b680a1ccd6f\System.AddIn.Contract.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 404480 c:\windows\assembly\NativeImages_v4.0.30319_32\XamlBuildTask\ca5aa92ac8de0c5e875c0af8a15bd1e9\XamlBuildTask.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 253952 c:\windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\a64f6c2fbfed13a2bff7a4d5d00f700b\WindowsFormsIntegration.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 484352 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClient\067c005d73ef58a2c3b85c1eb1f82468\UIAutomationClient.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 194560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\29d24fe44bdfa436ea463565028dc849\System.Windows.Forms.DataVisualization.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 864256 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\6adec34334da9c0762fe2e69f398b0df\System.Web.Extensions.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 334848 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity\2559ef16c23dd644f60fa31f11521aaa\System.Web.Entity.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 297984 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Entity.D#\5979cc4d4fe53dbf0919ea82370fe261\System.Web.Entity.Design.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 708096 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\c6737478e64d305aa13ed952ac69543b\System.Web.DynamicData.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 260608 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\19e49ece4814c78f87a6a4c1bbf58bd1\System.Web.DataVisualization.Design.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 425472 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\f066bf86e14ba530d4c11d8134ef0719\System.ServiceModel.Activation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 365056 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\c59256d906eb8bf251fdcade8d3e8db8\System.ServiceModel.Routing.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 652800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Net\24d2d4150f7c122d6c66cf7574db5b2f\System.Net.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 626176 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Messaging\6816b81bbf5b0e4d948c7014270024e9\System.Messaging.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 395264 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management.I#\5cb0d92749a57afb6f7fb8220fd5a23d\System.Management.Instrumentation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 413696 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IO.Log\ee6b0560b2f6fe2c590144b716767ac9\System.IO.Log.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 229376 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityMode#\fc5861a7b6a55a0179ec33611a25725c\System.IdentityModel.Selectors.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 913920 c:\windows\assembly\NativeImages_v4.0.30319_32\System.DirectorySer#\37878191c4d2cea35b7d78b3530f862b\System.DirectoryServices.AccountManagement.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 112640 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Device\6aaf2213386341b4c3d3b3ad0c6438dd\System.Device.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 508416 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\8283fae01802be3191d597d68eaadf64\System.Data.Services.Design.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 134656 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.DataSet#\623f6a322d104b4424aae3a9fb34e13f\System.Data.DataSetExtensions.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 194048 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ComponentMod#\86c524ba4d7c611933fd831482fc37b2\System.ComponentModel.DataAnnotations.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 624128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.AddIn\847a89aa3ca79dd380995cb43694d6e9\System.AddIn.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 404992 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.D#\48a515b17e8631c620aa0b293a0eb594\System.Activities.DurableInstancing.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1063424 c:\windows\assembly\NativeImages_v4.0.30319_32\UIAutomationClients#\699b33373dccad550e1c3816dd75c321\UIAutomationClientsideProviders.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1211904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.WorkflowServ#\eed3da66d4b3306d756d3115df0f6bb1\System.WorkflowServices.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 1969152 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Run#\0f273ab1c90c8ae0e99696d5775ceeaa\System.Workflow.Runtime.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 4475904 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Com#\5acb45c358bf02fb59410bb895c9ec48\System.Workflow.ComponentModel.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 2872320 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Workflow.Act#\868856b522838fbf26dbe8cb705031b4\System.Workflow.Activities.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 4586496 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Form#\e4e27bb9487647504e4b9f5ed0711be6\System.Windows.Forms.DataVisualization.ni.dll
+ 2012-08-15 04:40 . 2012-08-15 04:40 2334720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Mobile\f9f93f4c8b467bafeb32a325cfde622c\System.Web.Mobile.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 3123200 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.Extensio#\5a5c95719bc244782badb71e93920dba\System.Web.Extensions.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 4574720 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DataVisu#\8d031a0cbe9ee927b5d99f0932065f0e\System.Web.DataVisualization.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 2010624 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Speech\55ff552cd61d1c825e65660fa705df81\System.Speech.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1051648 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\fb1dafd33ea1f8f4c8ced2c9299bd366\System.ServiceModel.Web.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 1128960 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\cac970090ee40f6eb194fcc66391d99f\System.ServiceModel.Discovery.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1387520 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel#\49d13cef799a2cbb948f3292a87995fe\System.ServiceModel.Activities.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:39 1218560 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\6a277b0dd5279e1f76d31604b4eeb31f\System.Management.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1072128 c:\windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\9c5381e06b81e9859210d9164288cd8b\System.IdentityModel.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 2018304 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Services\65200fd86ad84cb83eab83777f75d882\System.Data.Services.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 1338880 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Service#\cda5338af4bedb3a42d01451e0cc0784\System.Data.Services.Client.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 1408000 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity.#\61f1d7775319b93374b3ec1989c9580e\System.Data.Entity.Design.ni.dll
+ 2012-08-15 00:29 . 2012-08-15 00:29 4121088 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities\69ed7b4d15e9637e3756f38833a8ae3a\System.Activities.ni.dll
+ 2012-08-15 00:30 . 2012-08-15 00:30 3755008 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.P#\2514311fe2bd97e63d383a1aa7481290\System.Activities.Presentation.ni.dll
+ 2012-08-15 00:29 . 2012-08-15 00:29 1544192 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Activities.C#\7c94adcec5f00ebe4357fc854e9568d3\System.Activities.Core.Presentation.ni.dll
+ 2012-08-15 04:39 . 2012-08-15 04:39 2452480 c:\windows\assembly\NativeImages_v4.0.30319_32\Microsoft.JScript\9f600932530e718cc45e80939bcc1966\Microsoft.JScript.ni.dll
+ 2012-08-15 04:38 . 2012-08-15 04:38 17996800 c:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8be0d48c6312a96e2ff0fd5bafb70469\System.ServiceModel.ni.dll
+ 2012-08-15 04:37 . 2012-08-15 04:37 13324288 c:\windows\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\4c3b8750cd9b5b61f300275a6dd9ed07\System.Data.Entity.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [20.12.2010 19:53 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2010 19:53 17744]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:30 655944]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [25.5.2010 15:45 632792]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 mtwglv;Boot Center;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
S2 yoziqnbbr;Support Config;c:\windows\system32\svchost.exe -k netsvcs [4.8.2004 3:07 14336]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.8.2012 6:14 113120]
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-16 02:26
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(3944)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-16 02:28:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 00:28
ComboFix2.txt 2012-08-15 00:31
.
Pre-Run: 58.163.159.040 bytes free
Post-Run: 58.067.390.464 bytes free
.
- - End Of File - - 03DD770B4C4412CD42554437AB5A76E5

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

Snapshot::

Driver::
mtwglv
yoziqnbbr


Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.



Kakvo je sada stanje sistema?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Napisano: 17 Avg 2012 1:50

ComboFix 12-08-16.01 - user 17.08.2012 1:30.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.273 [GMT 2:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_MTWGLV
-------\Legacy_YOZIQNBBR
-------\Service_mtwglv
-------\Service_yoziqnbbr
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 23:08 . 2012-08-16 23:08 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2012-08-16 23:06 . 2012-08-16 23:06 -------- d-----w- c:\program files\Common Files\Java
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\program files\Oracle
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\documents and settings\user\Application Data\Oracle
2012-08-16 23:05 . 2012-07-05 20:07 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-16 23:05 . 2012-08-16 23:05 -------- d-----w- c:\program files\Java
2012-08-16 22:52 . 2012-08-16 23:39 -------- d-----w- c:\documents and settings\All Users\Application Data\MCShield
2012-08-16 22:52 . 2012-08-16 22:52 -------- d-----w- c:\program files\MCShield
2012-08-16 22:41 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-16 22:41 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-16 22:41 . 2012-07-03 16:21 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-16 22:41 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-16 22:41 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-16 22:41 . 2012-07-03 16:21 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-08-16 22:41 . 2012-07-03 16:21 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-08-16 22:41 . 2012-07-03 16:21 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-08-16 22:40 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-08-16 22:40 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-16 22:40 . 2012-08-16 22:40 -------- d-----w- c:\program files\AVAST Software
2012-08-16 22:40 . 2012-08-16 22:40 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2012-08-16 00:37 . 2012-08-16 00:37 -------- d-----w- c:\documents and settings\user\Application Data\Qualys
2012-08-15 00:09 . 2012-08-15 00:09 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2012-08-15 00:06 . 2012-08-15 00:06 -------- d-sh--w- c:\documents and settings\user\IETldCache
2012-08-15 00:04 . 2012-08-15 00:05 -------- dc-h--w- c:\windows\ie8
2012-08-14 23:11 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-08-14 23:10 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-08-14 23:10 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-08-14 23:09 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-08-14 23:08 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-08-14 23:08 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-08-14 23:08 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-08-14 23:07 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-08-14 23:06 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-08-14 23:06 . 2012-07-04 14:05 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-08-14 23:03 . 2012-05-28 18:16 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-08-14 23:01 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-08-14 23:00 . 2009-03-08 02:33 759296 -c--a-w- c:\windows\system32\dllcache\VGX.dll
2012-08-14 23:00 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-08-14 22:59 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-08-14 22:59 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-08-14 22:55 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-08-14 22:54 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-08-14 02:15 . 2008-04-14 03:42 294912 ------w- c:\program files\Windows Media Player\dlimport.exe
2012-08-14 01:58 . 2012-08-14 03:08 -------- d-----w- C:\e134cd84a4a3136cb4b9
2012-07-24 22:15 . 2012-08-16 23:08 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 23:08 . 2012-02-04 19:00 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-13 21:30 . 2007-11-11 19:13 196608 ----a-w- c:\windows\system32\drivers\aStandard.bin
2012-07-06 13:58 . 2004-08-04 01:07 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-05 20:06 . 2012-05-05 00:35 772544 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-07-05 20:06 . 2010-10-13 22:30 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:05 . 2007-11-11 18:38 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2004-08-04 01:07 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 11:46 . 2010-12-20 17:30 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 15:50 . 2004-08-04 01:07 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2004-08-04 01:07 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2007-07-30 17:18 22040 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2007-11-11 18:39 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2007-11-11 18:39 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2007-11-11 18:39 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2007-11-11 18:39 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2007-07-30 17:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2007-07-30 17:19 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2004-08-04 01:07 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2007-07-30 17:18 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2007-11-11 18:39 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2007-11-11 18:39 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2004-08-04 01:07 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-07-14 00:17 . 2012-08-11 04:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MCShield Monitor"="c:\program files\MCShield\mcshieldrtm.exe" [2012-06-22 603648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"LXDDCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 102400]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=c:\windows\pss\OpenOffice.org 2.3.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^Warcraft Config.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\Warcraft Config.lnk
backup=c:\windows\pss\Warcraft Config.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^windows.pif]
path=c:\documents and settings\user\Start Menu\Programs\Startup\windows.pif
backup=c:\windows\pss\windows.pifStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ------r- c:\windows\Alcmtr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-09-25 08:12 90112 ----a-w- c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 03:42 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FaxCenterServer]
2007-02-13 00:00 312240 ----a-w- c:\program files\Lexmark Fax Solutions\fm3032.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-21 06:30 136176 ----atw- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddamon]
2007-02-05 23:32 20480 ----a-w- c:\program files\Lexmark 2500 Series\lxddamon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxddmon.exe]
2007-02-12 23:58 291760 ----a-w- c:\program files\Lexmark 2500 Series\lxddmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
2012-07-03 11:46 462920 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 03:42 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegistryMechanic]
2010-04-08 07:15 3233752 ----a-w- c:\program files\Registry Mechanic\RegMech.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
2006-05-16 10:04 2879488 ------r- c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxddcoms.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"c:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"c:\\Program Files\\PopCap Games\\Zuma Deluxe\\Zuma.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\ATI Technologies\\ATI\\Mirc.exe"=
"c:\\Program Files\\Warcraft III Reign of Chaos & The Frozen Throne\\war3.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [17.8.2012 0:41 721000]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [17.8.2012 0:41 353688]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [17.8.2012 0:41 21256]
R2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe -service --> c:\windows\system32\lxddcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [20.12.2010 19:30 655944]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [25.5.2010 15:45 632792]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [20.12.2010 19:30 22344]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [3.7.2012 13:19 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [25.7.2012 0:15 250056]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15.1.2010 14:49 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [11.8.2012 6:14 113120]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWSNX
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-24 23:08]
.
2012-08-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-08-16 16:21]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 00:15]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
2012-08-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-602609370-725345543-1003UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-05 06:30]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\user\Application Data\Mozilla\Firefox\Profiles\rorkc3h3.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-17 01:40
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
LXDDCATS = rundll32 c:\windows\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(852)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4024)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\ATKKBService.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\windows\system32\lxddcoms.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-08-17 01:43:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 23:43
ComboFix2.txt 2012-08-16 00:28
ComboFix3.txt 2012-08-15 00:31
.
Pre-Run: 57.939.193.856 bytes free
Post-Run: 57.924.509.696 bytes free
.
- - End Of File - - 0045275BEFC0CC8BE5084367D43465A1

Pa stanje je generalno bolje, jos sam ja update neke programe i tako to. Ali stanje je primijetno bolje e sad sa 512MB Ram-a kapiram da mora sjeckati i kociti cim se otvore 2programa a i star je racunar. Uglavnom sto se tice malware system je cist?

Imam 1 pitanje, zasto ComboFix nije mogao da instalira recovery console?

Dopuna: 17 Avg 2012 2:39

I ovo ne mogu da unistaliram...

• 1Ovo se svidja korisniku: Springfield
  
  Registruj se da bi pohvalio/la poruku!

Racunar je bio zarazen Conficker crvom, koji je verovatno dosao preko USB-a, a sto je posledica neazuriranog sistema...

Potrebno je da skines i instaliras ovaj patch kako bi "zakrpio" tu rupu u sigurnosti.

Preporuka je da odradis kompletan Windows Update, tako sto ces u Control Panel ukljuciti Automatic Update ukoliko to vec nisi ucinio.
Manuelno apdejtove mozes instalirati tako sto ces kliknuti na Start -> All Program -> Windows Update i pratiti instrukcije.


Vidim da si instalirao MCShield (eh da si to pre uradio ), no isprati takodje ovaj postupak kako bi sredili USB uredjaje

Preuzmi MCShield sa sljedeće adrese:

http://amf.mycity.rs/mcshield/MCShield-Setup.exe

Instaliraj MCShield i sačekaj da se završi uvodno skeniranje.

Kad se završi uvodno skeniranje, ubacuj sve USB memorijske uređaje redom u USB port i svaki zadrži u portu dok MCShield ne izbaci poruku da je skeniranje završeno. Ukoliko imaš više USB uređaja, zabilježi negdje kojim su redom ubacivani.

Objašnjenje: U USB memorijske uređaje spadaju svi oni uređaji koji po priključivanju na kompjuter dobijaju svoju oznaku particije. Tu spadaju USB flash drajvovi, eksterni hard-diskovi, memorijske kartice, MP3 i MP4 plejeri, neki mobilni telefoni, neki GPS (navigacioni) uređaji itd.

Idi na Start -> All Programs -> MCShield -> Logs -> AllScans

Otvoriće ti se izvještaj u Notepad-u čiji sadržaj treba da postaviš u poruku


Kako bi se resili toolbarova, isprati ovaj postupak

Preuzmi "Xplode"-ov AdwCleaner i sacuvaj ga na Desktop
Dvoklikom pokreni program i klikni na dugme [Search] .
Kada program zavrsi analizu otvorice notepad sa izvestajem. Zatvori taj notepad.

Klikni na dugme [Delete] i pricekaj da program zavrsi.
Program ce zatvoriti sve aktivne programe i izbaciti prozor sa tim upozorenjem. Klikni Ok kao potvrdu.
Na sledeca dva prozora koja se otvore (Informations i Restart required ) klikni Ok
Racunar ce se restartovati a potom otvoriti notepad (C:\AdwCleaner[S1].txt) sa izvestajem.
Sacuvaj taj notepad na Desktop i okaci ga uz poruku koristeci opciju "Prikaci fajl"
Napomena: Izvestaj ce takodje biti sacuvan na C:\AdwCleaner[S1].txt

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uloguj se preko Facebooka da bi skinuo fajl:

Patch instalirao.

Update sistema sam zavrsio jos prije neku noc.

To sa USB memorijskim uredjiajima cemo da preskocimo jer je racunar davno zarazen a te USB uredjaje ja sada nemam kod sebe.

Evo log:
https://www.mycity.rs/must-login.png

Nisam dobio odgovor za recovery console?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Pokreni ponovo ComboFix i postavi svez izvestaj