Pored sata izbacio VIRUS ALERT!

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ugasi TeaTimer, pa onda obrisi ono sto si nasao u reg. bazi, pa onda pokreni onaj ResetTeaTimer.bat koji si vec skinuo. Taj mali program treba da nas resi TeaTimera.

Javi ako si to uspeo da uradis.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Uradjeno i obrisano kao sto si rekao

TeaTimerReset log:
Windows Script Host access is disabled on this machine.
Post this in the forum please.

Sta dalje?

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Hmmm... onaj program za resetovanje TeaTimera opet nije hteo da radi. Kaze da Windows Scripting Host (to je jedna komponenta Windowsa) ne radi, a to je ono nase cackanje po reg. bazi trebalo da sredi.

Probaj da restartujes komp, mozda ce tek tada da prihvati tu promenu koju smo uradili u reg. bazi.
Onda probaj ponovo da resetujes TeaTimer uz pomoc onog programa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Opet isto

Windows Script Host access is disabled on this machine.
Post this in the forum please.

Bobby, imao sam i ranije problema oko pristupa administraciji i to sa instaliranjem sp3, pa sam jedva nekako uspeo sa SubInACL - i to tek posle 2 meseca ni sam ne znam kako!?

Na kompu sada sve radi kako treba, sem sto se FF i IE ruse s vremena na vreme a anti virus prijavljuje infekciju:



Ako nije nista ozbiljno, ne bih da ti vise oduzimam vreme

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Otvoriti Notepad i iskopirati sledeci tekst:

File::
C:\Documents and Settings\Vedas\MediaTubeCodec_ver1.1463.0.exe

Folder::
C:\WINDOWS\system32\drivers\itech0\

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0f10b73a-08b2-11dd-b7e8-4d6564696130}]



Snimiti na Desktop fajl iz Notepada kao "CFScript"




Prevuci snimljeni skript/tekst na ComboFix ikonicu kao na slici.
Postaviti u sledecoj poruci log koji bude bio napravljen na kraju ciscenja/skeniranja.

Ovo bi trebalo da bude zadnje maltretiranje kojem cu da te podvrgnem
Kada pogledam log koji ces mi postaviti, onda se nadam da cemo nakon toga uraditi deinstalaciju ComboFixa (naravno, ako sve u logu bude OK)

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Upsss AVG mi juce prijavio da je u nekim CF folderima nasao infekcije i pobrisao mi to, tako da sam nakom toga deinstalirao CF.....sorry

Da ga skinem ponovo?


p.s. I ja meltretiram tebe, ne ti mene

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Ne moras da skidas ponovo, mozes rucno da obrises sledece:

fajl C:\Documents and Settings\Vedas\MediaTubeCodec_ver1.1463.0.exe
ceo folder C:\WINDOWS\system32\drivers\itech0\

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Fajla nema na datom mestu, a folder ne dozvoljava da obrisem: Cannot delete imonslp.dll Access is denied

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Onda cu ipak morati da te zamolim da ponovo skines ComboFix, i da iskljucis AVG dok radis sa ComboFixom.

AVG se iskljucuje ovako:

* Klikni desnim tasterom miša na AVG ikonicu ( ) u donjem, desnom uglu ekrana.
* Kada se pokrene AVG Control Center, dvoklikni na AVG Resident Shield komponentu.
* U prozoru koji se otvori, deštikliraj opciju Turn on AVG Resident Shield i klikni OK.

Napomena: Ne zaboravi da uključiš ovu opciju po završetku čišćenja.

Kada iskljucis AVG onda uradi kako sam ti gore napisao - napravi onaj skript i prevuci ga na ikonicu ComboFixa.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

ComboFix 08-08-28.04 - Vedas 2008-08-28 23:06:14.6 - NTFSx86
Running from: C:\Documents and Settings\Vedas\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vedas\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Vedas\MediaTubeCodec_ver1.1463.0.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\itech0\\anti_end.dll
C:\WINDOWS\system32\drivers\itech0\\bar.jpg
C:\WINDOWS\system32\drivers\itech0\\browse_setting.ini
C:\WINDOWS\system32\drivers\itech0\\gdiplus.dll
C:\WINDOWS\system32\drivers\itech0\\ImageView.exe
C:\WINDOWS\system32\drivers\itech0\\imonlsp.dll
C:\WINDOWS\system32\drivers\itech0\\install_lsp.exe
C:\WINDOWS\system32\drivers\itech0\\setting.ini
C:\WINDOWS\system32\drivers\itech0\\th_imgbrowser.ocx
C:\WINDOWS\system32\drivers\itech0\\th_imgview.ocx
C:\WINDOWS\system32\rtl60.bpl

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2008-07-28 to 2008-08-28 )))))))))))))))))))))))))))))))
.

2008-08-26 21:13 . 2008-08-26 21:13 <DIR> d-------- C:\Program Files\Apple Software Update
2008-08-26 19:59 . 2008-08-26 19:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
2008-08-26 19:58 . 2006-03-29 08:50 671,744 --a------ C:\WINDOWS\system32\DolbyHph.dll
2008-08-26 19:58 . 2006-03-29 08:49 9,856 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-08-26 19:58 . 2006-05-05 19:21 4,608 --a------ C:\WINDOWS\system32\drivers\nvport.sys
2008-08-22 21:28 . 2008-08-22 21:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\Media Player Classic
2008-08-22 18:25 . 2008-08-22 18:25 2,500 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-21 16:43 . 2008-08-21 16:52 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-08-17 13:21 . 2008-08-17 13:21 <DIR> d-------- C:\Program Files\Studio V5
2008-08-17 12:07 . 2008-08-17 12:07 <DIR> d-------- C:\Program Files\Alex Feinman
2008-08-13 18:04 . 2008-05-01 16:33 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 17:46 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-11 23:32 . 2008-08-17 15:28 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\gtk-2.0
2008-08-11 23:30 . 2008-08-11 23:30 <DIR> d-------- C:\Documents and Settings\Vedas\.thumbnails
2008-08-11 21:50 . 2008-08-11 23:30 <DIR> d-------- C:\Program Files\GIMP-2.0
2008-08-11 21:50 . 2008-08-17 15:29 <DIR> d-------- C:\Documents and Settings\Vedas\.gimp-2.4
2008-08-09 15:25 . 2008-08-09 15:25 <DIR> d-------- C:\Program Files\Panerai
2008-08-07 18:01 . 2008-08-07 18:03 <DIR> d-------- C:\Program Files\ZoneRings
2008-08-07 18:01 . 1996-07-18 13:06 297,472 --a------ C:\WINDOWS\uninst.exe
2008-08-07 00:51 . 2008-08-07 00:51 81 --a------ C:\WINDOWS\system32\thview.ini
2008-08-07 00:23 . 2008-08-28 23:06 <DIR> d-------- C:\WINDOWS\system32\drivers\itech0
2008-08-06 18:07 . 2008-08-06 18:07 <DIR> d-------- C:\Program Files\MessengerPlus! 3
2008-08-06 17:55 . 2007-06-08 17:15 1,519,616 --a------ C:\WINDOWS\system32\mxpvct25.dat
2008-08-06 17:55 . 2004-03-09 16:45 132,880 --a------ C:\WINDOWS\system32\mxpvct22.dat
2008-08-06 16:59 . 2008-08-06 17:01 <DIR> d-------- C:\Documents and Settings\Vedas\Application Data\MessengerLog6
2008-08-05 20:53 . 2008-08-05 20:53 <DIR> d-------- C:\Documents and Settings\Vedas\dwhelper
2008-08-01 21:13 . 2008-08-01 21:13 <DIR> d-------- C:\Program Files\SystemRequirementsLab

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-28 21:14 --------- d-----w C:\Documents and Settings\Vedas\Application Data\AVG7
2008-08-28 20:29 --------- d-----w C:\Program Files\Orbitdownloader
2008-08-27 21:43 --------- d-----w C:\Documents and Settings\Vedas\Application Data\uTorrent
2008-08-26 19:15 --------- d-----w C:\Program Files\QuickTime
2008-08-26 18:02 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-26 17:58 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-26 17:58 --------- d-----w C:\Program Files\NVIDIA Corporation
2008-08-22 20:48 --------- d-----w C:\Program Files\TVTool
2008-08-22 19:17 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-08-22 19:10 --------- d-----w C:\Program Files\Real
2008-08-22 19:10 --------- d-----w C:\Program Files\Common Files\Real
2008-08-20 17:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-08-20 17:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-20 16:17 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-08-17 17:10 --------- d-----w C:\Program Files\TechSmith
2008-08-17 17:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\TechSmith
2008-08-17 17:08 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-08-17 12:53 2,516 --sha-w C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
2008-08-17 12:02 --------- d-----w C:\Program Files\Elaborate Bytes
2008-08-13 16:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-10 16:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Corel
2008-08-06 16:54 --------- d-----w C:\Program Files\WhatsRunning
2008-08-01 18:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-07-27 21:19 --------- d-----w C:\Program Files\WLM Ripper
2008-07-27 20:20 --------- d-----w C:\Documents and Settings\Vedas\Application Data\PCF-VLC
2008-07-27 20:17 --------- d-----w C:\Documents and Settings\Vedas\Application Data\Participatory Culture Foundation
2008-07-06 10:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GrabPro
2008-07-06 10:19 --------- d-----w C:\Documents and Settings\Vedas\Application Data\Orbit
2008-06-29 19:25 --------- d-----w C:\Documents and Settings\Vedas\Application Data\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\GeoVid
2008-06-29 19:13 --------- d-----w C:\Program Files\Common Files\GeoVid
2008-06-29 06:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-06-28 17:34 --------- d-----w C:\Program Files\Windows Desktop Search
2008-06-28 16:57 88 --sh--r C:\Documents and Settings\All Users\Application Data\741EA877E1.sys
2008-06-02 21:18 146,645,318 ----a-w C:\registrybackup.reg
2008-03-24 22:27 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-20 16:19 2,293,848 ---ha-w C:\Program Files\FLV Player2FCSetup.exe
2007-04-06 23:03 1,333,336 ---ha-w C:\Program Files\FLV PlayerRCSetup.exe
2007-12-09 16:46 88 --sha-r C:\WINDOWS\system32\741EA877E1.sys
2008-04-28 19:25 2,516 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 02:12 15360]
"CursorXP"="C:\Program Files\CursorXP\CursorXP.exe" [2005-01-19 17:44 140288]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 17:15 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 17:15 81920]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-05-16 14:01 13529088]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-06-19 22:24 579584]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-05-16 14:01 86016]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 10:50 413696]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 08:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"nwiz"="nwiz.exe" [2008-05-16 14:01 1630208 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 02:12 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-06-19 22:18 219136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"="C:\\Windows\\System32\\logonui.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3acm"= l3codecp.acm
"msacm.ivimp3en"= ivimp3en.acm
"VIDC.YV12"= yv12vfw.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli scecli scecli scecli

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GammaTray.lnk]
backup=C:\WINDOWS\pss\GammaTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
backup=C:\WINDOWS\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Vedas^Start Menu^Programs^Startup^Slide.exe.lnk]
backup=C:\WINDOWS\pss\Slide.exe.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ProfileWatcher

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_SL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 12:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 12:04 2879488 C:\WINDOWS\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"aswUpdSv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"C:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Valve\\hl.exe"=
"C:\\Program Files\\Joost\\xulrunner\\tvprunner.exe"=
"C:\\Program Files\\EcrTool_SR\\ECRSrvAPI.exe"=
"C:\\Program Files\\Valve\\hltv.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\amsn\\bin\\wish.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 nltdi;nltdi;C:\WINDOWS\system32\drivers\nltdi.sys [2007-04-23 13:03]
R2 PSI_SVC_2;Protexis Licensing V2;c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 11:15]
S1 TapurVirtualCable;Tapur Virtual Cable;C:\WINDOWS\system32\drivers\tprvckmd.sys []
S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys []
S2 ELOADER;General Purpose USB Driver (adildr.sys);C:\WINDOWS\system32\Drivers\adildr.sys [2007-02-07 16:50]
S3 2hotspot controller;2hotspot Miniport;C:\WINDOWS\system32\DRIVERS\acontrol.sys []
S3 cxbu0wdm;CardMan 3x21;C:\WINDOWS\system32\DRIVERS\cxbu0wdm.sys [2006-07-11 11:03]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service;C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-11-07 16:34]
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\1-Click Maintenance.job
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe []

2008-08-26 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-28 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Sccs - C:\Documents and Settings\Vedas\sccs.exe
HKLM-Run-Css - C:\Documents and Settings\Vedas\css.exe
HKLM-Run-ppxcs - C:\Documents and Settings\Vedas\ppxcs.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, gmer.net
Rootkit scan 2008-08-28 23:13:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\NetLimiter 2 Pro\nlsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\NetLimiter 2 Pro\NLClient.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
.
**************************************************************************
.
Completion time: 2008-08-28 23:24:25 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-28 21:24:11
ComboFix2.txt 2008-08-24 20:11:58

Pre-Run: 73,322,860,544 bytes free
Post-Run: 73,288,085,504 bytes free

244 --- E O F --- 2008-08-20 16:50:33